At Empath, Inc (“Empath”, “we” or “our”), we prepare organizations for the future of work by understanding and optimizing the world’s skills, capabilities and needs. Our customers include large and small organizations, who trust us to handle their data in a responsible manner.

 

In this Privacy Policy (“Policy”), we describe how we collect, use, and disclose information that we obtain about visitors to our website, empath.co.com (the “Site”), and the services available through our Site (collectively, the “Services”).  EmPath is the controller of your personal information covered by this Policy.

The Information We Process on Behalf of Our Business Customers:

 

This Policy does not apply to the information that we process on behalf of our business customers, which is governed by the agreements we have in place with those business customers. If you have any questions or concerns about how such information is handled or would like to exercise any rights you may have with respect to your information, you should contact the relevant business customer (i.e., the Business under the CCPA or data controller under other data protection laws) who has contracted with us to use the services to process your information. Our business customers control the personal information in these cases and determine the security settings within the account, its access controls and credentials. We will, however, provide assistance to our business customers/data controllers to address any concerns you may have, in accordance with the terms of our contract with them and applicable law.

 

THE INFORMATION WE COLLECT ABOUT YOU

We collect information about you directly from you and automatically through your use of our Site or Services.

 

Information We Collect Directly From You. The information we collect from you depends on how you use our Services. When you contact us through the Site, you may choose to provide your email, name, company name and other information.  We ask that you not provide us with any sensitive personal information (e.g., information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the Service, or otherwise to us.

 

If you provide us with any sensitive personal information to us when you use the Service, you must consent to our processing and use of such sensitive personal information in accordance with this Privacy Policy. If you do not consent to our processing and use of such sensitive personal information, you must not submit such sensitive personal information through our Service.

 

Information We Collect Automatically. We automatically collect information about your use of our Site which may include your browser and operating system; the web pages you view on the Site and links you click on the Site; your IP address; the length of time you visit our Site and/or use our Services; and the referring URL or the webpage that led you to our Site. To the extent permitted by applicable law, we combine this information with other information we collect about you, including your personal information.

 

HOW WE USE YOUR INFORMATION

We use your information, including your personal information, for the following purposes:

 

To provide our Services to you,

 

To communicate with you about your use of our Services, to respond to your inquiries, and for other customer service purposes,

 

To tailor the content and information that we may send or display to you, to offer personalized help and instructions, and to otherwise personalize your experiences while using the Services,

 

To send you email marketing about our products and services,

 

To send you news and newsletters,

 

To send you email marketing about products and services of other entities that we think may be of interest to you,

 

To better understand how users access and use our Services, both on an aggregated and individualized basis. For example, we will evaluate which features of our Site are more (or least) used by users, and we will use this information,

 

To create anonymous, aggregated or de-identified data by removing information that makes the data personally identifiable to you,

 

For research and analytics purposes,

 

To administer surveys and questionnaires,

 

To comply with legal obligations, as part of our general business operations, and for other business or administration purposes, such as to protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims), to enforce the terms and conditions that govern the Services, and protect, investigate and deter against harmful, unauthorized, unethical or activity,

 

Where we believe necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person or violations of our agreements or this Policy, and/or As you reasonably direct us through your consent.

 

For individuals located in the European Economic Area (“EEA”) or United Kingdom, the legal bases of our processing of your personal information as described in this Policy will depend on the type of personal information and the specific context in which we process it.  However, the legal bases we typically rely on are set out in the table below.  We rely on our legitimate interests as our legal basis only where those interests are not overridden by the impact on you (unless we have your consent or our processing is otherwise required or permitted by law).

 

Processing purpose:

To provide our Services

 

To communicate with you about your use of our Services, to respond to your inquiries, and for other customer service purposes

 

Legal Basis:

Processing is necessary to perform the contract governing our provision of the Service or to take steps that you request prior to signing up for the Service.  If we have not entered into a contract with you, we process your personal information based on our legitimate interest in providing the Service you access and request.

 

Processing Purpose:

To tailor the content and information that we may send or display to you, to offer personalized help and instructions, and to otherwise personalize your experiences while using the Services,

 

To send you email marketing about our products and services

 

To send you news and newsletters

 

To send you email marketing about products and services of other entities that we think may be of interest to you

 

To better understand how users access and use our Services

 

To create anonymous, aggregated or de-identified data by removing information that makes the data personally identifiable to you

 

For research and analytics purposes

 

To administer surveys and questionnaires

 

Where we believe necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person or violations of our agreements or this Policy

 

Legal Basis:

These activities constitute our legitimate interests.

 

iii. Processing Purpose:

To comply with law

 

iii. Legal Basis:

Processing is necessary to comply with our legal obligations.

 

Processing Purpose:

With your consent

 

Legal Basis:

Processing is based on your consent. Where we rely on your consent you have the right to withdraw it any time in the manner indicated when you consent or in the Service.

 

WE MAY USE YOUR PERSONAL INFORMATION FOR REASONS NOT DESCRIBED IN THIS POLICY WHERE PERMITTED BY LAW AND THE REASON IS COMPATIBLE WITH THE PURPOSE FOR WHICH WE COLLECTED IT.  IF WE NEED TO USE YOUR PERSONAL INFORMATION FOR AN UNRELATED PURPOSE, WE WILL NOTIFY YOU AND EXPLAIN THE APPLICABLE LEGAL BASIS.

 

HOW WE SHARE YOUR INFORMATION

 

We may share your information, including personal information, as follows:

Service Providers. We disclose the information we collect from you to service providers, consulting engineers, contractors or agents who perform functions on our behalf.

 

Professional advisors.  We may disclosure your personal information to professional advisors such as lawyers, bankers, auditors and insurers where necessary in the course of the professional services that they render to us.

 

Businesses/Third Parties. We may disclose information we collect or maintain to our Business customers for purposes of providing the Services.

 

Affiliates. We may disclose the information we collect to our affiliated companies.

 

We also disclose information in the following circumstances:

Business Transfers. If we or our affiliates are or may be acquired by, merged with, or invested in by another company, or if any of our assets are or may be transferred to another company, whether as part of a bankruptcy or insolvency proceeding or otherwise, we may transfer the information we have collected from you to the other company. As part of the business transfer process, we may share certain of your personal information with lenders, auditors, and third party advisors, including attorneys and consultants.

 

In Response to Legal Process. We disclose your information to comply with the law, a judicial proceeding, court order, or other legal process, such as in response to a court order or a subpoena.

 

To Protect Us and Others. We disclose your information when we believe it is appropriate to do so to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our agreement with you or this Policy, or as evidence in litigation in which we are involved.

 

Aggregate and De-Identified Information. We share aggregate, anonymized, or de-identified information about users with third parties in accordance with applicable law.

 

SECURITY AND RETENTION OF MY PERSONAL INFORMATION

We have implemented reasonable precautions designed to protect the information we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Please be aware that despite our best efforts, no data security measures can guarantee security.

 

You should take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private. We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity.

 

We store and retain your personal information for as long as you use the Site and/or as necessary to fulfill the purposes for which it was collected, provide our Site and Services on our behalf and on behalf of our business customers, resolve disputes, establish legal defenses, pursue legitimate business purposes, enforce our agreements and comply with applicable laws. Our business customers and other third parties may have different practices, and you should refer to their privacy policies.

 

ACCESS TO MY PERSONAL INFORMATION

You may modify personal information that you have submitted by logging into your account and updating your profile information.

 

International Transfers under the GDPR and Other Data Protection Requirements

 

We are headquartered in the United States of America and may have service providers in the United States and other jurisdictions. As such, we and our service providers may transfer your personal information to, or access it in, jurisdictions that may not provide levels of data protection equivalent to your home jurisdiction. We will take steps to so that your personal information receives an adequate level of protection in the jurisdictions in which we process it in accordance with applicable laws, including through appropriate written data processing terms and/or data transfer agreements.

 

In accordance with the GDPR and other data privacy laws, if you are in the United Kingdom (UK), the European Economic Area (“EEA”) or other applicable jurisdiction, and we process your personal information in a jurisdiction that the European Commission or other applicable regulator has deemed to not provide an adequate level of data protection (a “third country”), we will implement measures to adequately protect your personal information, such as putting in place standard contractual clauses approved by the European Commission or another measure that has been approved by the EU Commission or other applicable regulator as adducing adequate safeguards for the protection of personal information when transferred to a third country. You may have a right to obtain details of the mechanism under which your personal information is transferred outside of the UK, EEA or other applicable jurisdiction; you may request such details by contacting us as set forth in the “Contact Us” section below.

 

YOUR CHOICES

You have the right to object to and change your preferences or opt out of certain uses and disclosures of your personal information. Where we have relied upon your consent for our processing of your personal information, you may withdraw that consent at any time and prevent further processing by contacting us as described below subject to certain exceptions as described to your and/or allowed by law.

 

At any time, you may unsubscribe from our mailing list, by sending us an opt-out request to: support@empath.com or clicking the “unsubscribe” link in the email. Note that you will continue to receive transaction-related emails regarding products or Services you have requested. We may also send you certain non-promotional communications regarding us and our Services, and you will not be able to opt out of those communications (e.g., communications regarding the Services or updates to our terms or this Policy). We maintain telephone “do-not-call” and “do-not-mail” lists as mandated by law. We process requests to be placed on do-not-mail, do-not-phone and do-not-contact lists as required by law.

 

Where we are required by law to collect your personal information, or where we need your personal information in order to provide the Services to you, if you do not provide this information when requested (or you later ask to delete it), we may not be able to provide you with our services.  We will tell you what information you must provide to receive the Services by designating it as required at the time of collection or through other appropriate means.

 

As noted below, you may stop or restrict the placement of cookies on your computer or remove them from your browser by adjusting your web browser preferences. On many mobile devices, application users may limit ad tracking of certain mobile ads via their device settings.

 

EUROPEAN DATA RIGHTS

For individuals only in the European Economic Area (“EEA”) and United Kingdom, European data protection laws give you certain rights regarding your personal information.  If you are located within Europe, you may ask us to take the following actions in relation to your personal information that we hold:

 

Access.  Provide you with information about our processing of your personal information and give you access to your personal information.

 

Correct.  Update or correct inaccuracies in your personal information.

 

Delete.  Delete your personal information.

 

Transfer.  Transfer a machine-readable copy of your personal information to you or a third party of your choice.

 

Restrict.  Restrict the processing of your personal information.

 

Object.  Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.

 

You may submit these requests by email to support@empath.net.  We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request.  If we decline your request, we will tell you why subject to legal restrictions.  If you would like to submit a complaint our use of your personal information or our response to your requests regarding your personal information, you may contact us or submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator here.

 

USE OF COOKIES AND OTHER TRACKING MECHANISMS

We, our third-party service providers and our business partners may use cookies, log files, web beacons and other tracking mechanisms to track information about your use of our Services. We may combine this information with other personal information we collect from you (and our third party service providers may do so on our behalf).  Our service providers and business partners may use this type of data collection over time and across third-party websites and mobile applications.

 

COOKIES

Cookies are alphanumeric identifiers that we transfer to your computer’s hard drive through your web browser for record-keeping purposes. Some cookies allow us to make it easier for you to navigate our Site and Services, while others are used to enable a faster login process or to allow us to track your activities at our Site and Service. There are two types of cookies: session and persistent cookies.

 

DISABLING COOKIES

Most web browsers automatically accept cookies, but if you prefer, you can edit your browser options to block them in the future. The Help portion of the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. Visitors to our Site who disable cookies will be able to browse certain areas of the Site, but some features may not function. Please keep in mind that without cookies you may not have access to certain features of our products and services on this site, including access to your account or profile and certain personalized content.

 

Clear GIFs, pixel tags and other technologies. Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your computer’s hard drive, clear GIFs are embedded invisibly on web pages. We may use clear GIFs (a.k.a. web beacons, web bugs or pixel tags), in connection with our Services to, among other things, track the activities of Site visitors, help us manage content, and compile statistics about Site usage. We and our third party service providers may also use clear GIFs in HTML e-mails to you, to help us track e-mail response rates, identify when our e-mails are viewed, and track whether our e-mails are forwarded.

 

Third Party Analytics. We may use automated devices and applications to evaluate usage of our Site and our Services. We also may use other analytic means to evaluate our Services. We use these tools to help us improve our Services, performance and user experiences. These entities may use cookies and other tracking technologies to perform their services.

 

Do-Not-Track Signals. Our Site does not currently respond to do-not-track signals. You may, however, disable certain tracking as discussed above (e.g., by disabling cookies).  To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

 

CHILDREN

Our Services are not designed for children. If we discover that a child has provided us with personal information, we will delete such information from our systems as soon as reasonably practicable.

 

Additional Information for California Residents under the California Consumer Privacy Act (CCPA)

 

As a Service Provider under the CCPA, we process or maintain personal information on behalf of our Business customers that provide the personal information to us in compliance with written contracts that we enter into with our Business customers directly. We are contractually prohibited from disclosing the personal information we receive from our Business customers for any purposes other than to provide the Services to our Business customers, to retain or employ another Service Provider where that Service Provider meets the requirements of a Service Provider under the CCPA, for our internal use to build and improve the quality of our Services as permitted under the CCPA, to detect security incidents or protect against fraudulent or illegal activity and for the purposes enumerated under CCPA Civil Code section 1798.145(a)(1) through (a)(4) or as otherwise required by the CCPA.

 

This section does not address or apply to our handling of publicly available information lawfully made available by state or federal government records or other personal information that is exempt under the CCPA.

 

CCPA Rights. In general, when we operate as a Service Provider, we will handle requests to know or requests to delete on behalf of our Business customer as they require under our agreement, which allows us to comply with the CCPA by acting on their behalf according to their instructions or by responding to a consumer that the request cannot be acting upon because the request has been sent to a Service Provider.

 

In general, under the CCPA, Businesses must notify and provide California residents with the following rights with respect to their personal information:

Do-not-sell (opt-out): to opt-out of the sale of their personal information. As a Service Provider, we do not “sell” personal information about California consumers, including those we have actual knowledge are younger than 16.

 

Right of deletion: to request deletion of their personal information collected about them and to have such personal information deleted (without charge), subject to certain exceptions.

 

Right to know: with respect to the personal information collected in the prior 12 months, disclose the following (up to twice per year and subject to certain exemptions):

categories of personal information collected;

 

categories of sources of personal information;

 

categories of personal information disclosed or shared with a third party for a business purpose;

 

categories of third parties to whom their personal information was sold and for each the specific categories of personal information sold;

 

the business or commercial purposes for collecting or selling personal information; and a copy of the specific pieces of personal information collected about them.

 

Right to non-discrimination: the right not to be subject to discriminatory treatment for exercising their rights under the CCPA.

 

Submitting CCPA Requests. California residents may submit CCPA requests by contacting our Business customers directly or by emailing us at: support@empath.net. When you submit a request to know or a request to delete, we, if and as requested by our Business customers, will take steps to verify your request by matching the information provided by you with the information we and/or our Business customers have in our or their records. In some cases, additional information may be requested in order to verify your request or where necessary to process your request. If we and/or our Business customers are unable to adequately verify a request, we and/or our Business customers will notify the requestor.  Authorized agents may initiate a request on behalf of another individual by contacting our Business customers directly or emailing us at support@empath.net. Authorized agents will be required to provide proof of their authorization, and our Business customers and/or we may also require that the relevant consumer directly verify their identity and the authority of the authorized agent.

 

For more information about our privacy practices, please see the Contact Us section below.

 

 

CHANGES TO THIS POLICY

This Policy is current as of the Effective Date set forth above. We may change this Policy from time to time, so please be sure to check back periodically. We reserve the right to modify this Policy at any time. If we make material changes to this Policy, we will notify you by updating the date of this Policy and posting any changes to this Policy on our Site. We may, and if required by law will, also provide notification of changes in another way that we believe is reasonably likely to reach you, such as via e-mail (if you have an account where we have your contact information) or another manner through the Services.

 

CONTACT US

If you have questions about the privacy aspects of our Services or would like to make a complaint, please contact us at support@empath.net.  You may also write to us via postal mail at:

 

Empath, Inc.

Attn: Legal — Privacy

1300 I Street NW

Suite 400E

Washington, DC 20005

 

If you are located in the European Union, Empath’s data representative is VeraSafe Ireland Ltd. and can be contacted at support@empath.net or at:

 

VeraSafe Ireland Ltd.

Unit 3D North Point House

North Point Business Park

New Mallow Road

Cork T23AT2P

Ireland