Privacy Policy

Last Updated: August 28, 2018

Our Commitment to Your Privacy

This privacy policy applies to http://www.screensteps.com (the "Site"), a website operated by Blue Mango Learning Systems, LLC (the “Company,” “us,””we” or “our”).

The Site also includes our Chrome extension and customer subdomains, e.g. company-name.screenstepslive.com.

The Site provides the "Service" as defined in the Terms of Use.

We respect and protect the privacy of our users. This Privacy Policy explains how we collect and use your information and is part of our Terms of Use when you use our Site or Service.

Your Consent

By using our Site or Service, you consent to our Privacy Policy. If you don’t agree, please don’t use our Site or Service.

What information do we collect?

Personal Data

“Personal Data’ means any information relating to an identified or identifiable natural person.  We collect Personal Data from two classes of users of the Services:  Administrators for entities that contract with us or that might be interested in contracting with us (“Customers”) and the persons that Customer desire to use the Services to provide information or training to them (“End Users”).

For Customers, we will collect Personal Data such as the names, e-mail addresses, name of the entity they represent and phone numbers and IP Address you access the Site or Service from.  We also will collect content such as knowledge-base articles, checklists and courses (“Program Information) and a history of the Program Information posted (“Program History”). We may also collect credit card information from the account owner for a Customer account. 

For End Users, we collect Personal Data such as names, user names and email addresses.  We also collect End User IP addresses, search history within the ScreenSteps knowledge base and history of access to the Program Information.

Finally if an End User or Customer submits a comment, we will collect it, and the time and place the comment was posted.

Tracking Data

We and our third-party service providers may collect certain tracking information about your use of our Site and Service. For example, we collect;

  • Log information (including your IP address, browser type, Internet service provider, referring and exit pages, operating system, dates/time of access, and related data)
  • Information collected by cookies and tracking pixels (as discussed below)
  • Web beacons (also called "Internet tags" or "clear gifs"; used to count visitors to our Site and which pages were viewed and links clicked)
  • Embedded scripts (code temporarily downloaded onto your device to collect information about your interactions with the Service and thereafter deleted or deactivated)

Cookie Policy

When you visit our Site we use cookies, or similar technologies like single-pixel gifs and web beacons, to record log data. We use both session-based and persistent cookies. Session-based cookies last only while your browser is open and are automatically deleted when you close your browser. Persistent cookies last until you or your browser delete them or until they expire. They are unique and allow us to do site analytics and customization, among other similar things. If you access our Site through your browser, you can manage your cookie settings.

Here are the cookies services we use:

FullStory.  FullStory  FullStory uses cookies which may be tied to Personal Data and IP Address. In particular, the FullStory services use first-party cookies to maintain a coherent scope for a user session across multiple pages on a single website. These cookies do not track the same user across unrelated domains and, as described above, attempts to infer identity across domains is strictly prohibited. You can opt out here and read more about their privacy practices by reading their privacy policy. Local Storage is a standard facility provided by HTML5-compliant browsers used to retain data on your computer across visits to the same website. FullStory uses local storage as a temporary holding area for user events that were observed locally but, due to the timing of a page unload, were unable to be transmitted as part of the user session. Return visits to the same website read and transmit events previously stored in local storage to complete previously recorded sessions.  These coookies enable FullStory and us to aggregate data to identify a user unless cookies are turned off. This information is used by us to provide customer service, support and find ways to improve the quality of our services. Note that turning off cookies may also disable functions on our Site and Services. If your browser is set to reject cookies or you manually delete cookies, FullStory will not be able to coalesce your anonymous user identity automatically into sessions across pages on the same website, which makes it more difficult to understand what you are doing so what we may assist you.

Google Analytics collects information about the use of the Services on our website. Google Analytics collects information such as how often users visit this site, what pages they visit when they do so, and what other sites they used prior to coming to this site. We use the information we get from Google Analytics only to improve this site, but in anonymous form. Google Analytics collects only the IP address assigned to you on the date you visit this site and assigns a user ID code, rather than your name or other identifying information. We do not combine the information collected through the use of Google Analytics with personally identifiable information. Google uses this information to analyze your use of the website, to generate reports about website activities for website operators and to provide further services related to website and internet use. Google may also share such information with third parties to the extent it is legally required to do so and/or to the extent third parties process data on behalf of Google. Although Google Analytics plants a permanent cookie on your web browser to identify you as a unique user the next time you visit this site, the cookie cannot be used by anyone but Google. Google’s ability to use and share information collected by Google Analytics about your visits to this site is restricted by the Google Analytics Terms of Use and the Google Privacy Policy and Data Processing Amendment. You can prevent Google Analytics from recognizing you on return visits to this site by disabling cookies on your browser.  You may block Google Analytics on some browsers with the help of a browser add-on if you do not want us to use this website analysis. This add-on can be downloaded at: 'http://tools.google.com/dlpage/gaoptout?hl=en. For more information on Google Analytics and Google’s privacy practices, please review their privacy policy at https://www.google.com/policies/privacy/

HubSpot Analytics.  HubSpot Analytics uses cookies and beacons to track how long Customers and potential Customers are on our Site, what marketing pages they visit, what marketing offers they respond to, and a visitor’s identity in order for us to improve our customer education material, set up accounts, and provide the Services.  For a description of all HubSpot cookies you can read about them on their site and check out their privacy policy.

Intercom. Intercom uses “Cookies” to allow you to chat with our agents across multiple pages when using our website to answer your questions and provide customer service.  You may deactivate Intercom with the help of a browser add-on if you do not want this live chat functionality. This add-on can be downloaded at: http://www.ghostery.com.

Keen.io -  Keen.io uses cookies to keep track of how many users are visiting the Site and using our Services and what knowledge base and course content they are viewing.  This technology anonymously tracks usage by browser (including browser type and version) and IP address of the user and ties it to a token code. This analytics tracking technology does not set a cookie or other data on the user’s computer unless a Customer or End User creates an account and logs in  Collected data is stored indefinitely unless you turn off cookies on your browser For more information, check out their privacy policy

How do we use your data?

Analytics: Company utilizes Tracking Information to access anonymous data to help us understand how our Services are used. We use Tracking Information to customize content for you and improve our Services. Google Analytics and Keen.io provide reports to Company with website trends without identifying individual visitors.

Providing the Services. We use your Personal Data to provide the Services, provide customer service/support and communicate with you regarding the Services and new features.  If you are a Customer, it enables us to track your use for customer service purposes.  We use the Programming Information created by Customers to provide the Services to End Users connected to the Customers.  If you are an End User, we use your Personal Data and history of access to identify you, enable you to establish feedback using comments and track your use of the Services for customers.

Validating Access to Content.   For Customers, we use the Personal Data of customers tied to Programming Information and Program History to validate your right to use our Services. We use the Program History and history of access by End Users tied to their Personal Data to validate the identities of End Users and track their use to report to Customers as a part of our Services.  These are essential components of our Services.

Direct Marketing.  We use Customer Personal Data to communicate with you regarding the provision of the Services, but also to let you know about additional features and services we provide that may be of interest to you. If you do not wish to receive marketing communications, you may opt out at any time by [Need instructions]

How Do We Share Your Data

We will not sell, rent, or share Personal Data with third parties outside of our company without your consent, except in the following ways:

Customers.  Our service involves providing a platform to present knowledgebase and course content from Customers to End Users.  This involves presenting the content and ensuring that certain End Users have accessed and reviewed the content for the benefit of both the Customer and End User.  As such, we share End User contact information and applicable  End User search history and End User Program Information access history with Customers to confirm End User attendance and review of the content.

Comments.  If you post a comment, it will be shared with other End Users accessing the Programming Information and the Customer that posted the Programming Information. Once posted, comments cannot be edited, but may be deleted by contacting the Customer that is providing the Programming Information.

Charging for Services. When you enter your credit card information, we transmit your information to Chargebee for processing, but Company does not store any credit card data associated with any purchases processed on the Site. Company utilizes ChargeBee’s APIs to process payments and utilizes Authorize.net as a payment gateway for those payments. You should review Authorize.net’s Privacy Policy and ChargeBee, Inc. Privacy Policy for more detail about how your information is collected, stored and maintained by these third party payment processors

Law Enforcement and Internal Operations

Personal Data may be provided where we are required to do so by law, or if we believe in good faith that it is reasonably necessary (i) to respond to claims asserted against Company or to comply with the legal process (for example, discovery requests, subpoenas or warrants); (ii) to enforce or administer our policies and agreements with users; (iii) for fraud prevention, risk assessment, investigation, customer support, product development and de-bugging purposes; or (iv) to protect the rights, property or safety of Company, its users or members of the general public. We will use commercially reasonable efforts to notify users about law enforcement or court ordered requests for data unless otherwise prohibited by law. However, nothing in this Privacy Policy is intended to limit any legal defenses or objections that you may have to any third party request to compel disclosure of your information.

Business Transfer

Company may sell, transfer or otherwise share some or all of its assets, including your Personal Data, in connection with a merger, acquisition, reorganization or sale of assets or in the event of bankruptcy.  Under such circumstances, Company will use commercially reasonable efforts to notify its users if their personal information is to be disclosed or transferred and/or becomes subject to a different privacy policy.

Third Parties

We sometimes contract with other companies and individuals to perform functions or services on our behalf. Our categories of service providers includes software maintenance, data hosting, sending email messages, project management and customer service. We necessarily have to share your Personal Data with such third parties as may be required to perform their functions.  We take steps to ensure that these parties take protecting your privacy as seriously as we do, including entering into Data Processing Addendum, EU Model Clauses and/or ensuring they have EU-U.S. and Swiss-US Privacy Shield certification since all of our service providers are in the United States.

Third Party Service Providers

Third Parties that collect and share Personal Data with us regarding End Users or Customers

Chargebee.  Chargebee processes payments and sends us a token to validate access to the service, which can be tied to the Personal Data of the person that submitted the payment. Processing takes place in the United States.  Chargebee is self-certified under the US-EU Privacy Shield and is subject to a Data Processing Addendum.  For more information, go their privacy policy.

FullStory FullStory is a customer support tracking service that enables us to track Customer and User activity on our Site and Services. Fullstory collects cookies that we tie to Personal Data for the purpose of 1) providing customer service 2)providing customer support and troubleshooting and 3) to identify ways to improve our Services to you.  Through FullStory, we implement masking to ensure that we do not collect or view the data you enter except for the titles of Customer Programming that customers create. Processing takes place in the United States.  FullStory is self-certified under the US-EU Data Privacy Shield and is subject to a Data Processing Addendum with us.  You can opt out here and read more about their privacy practices by reading their privacy policy.

Hubspot.  Hubspot provides a customer relationship management tool that enables us to collect Customer Personal Data and Program information and Program History to onboard and manage customers so that we may provide the Services.  Hubspot is self-certified under the US-EU Data Privacy Shield and is subject to a Data Processing Addendum with us with EU Standard Contractual Clauses so that processing may take place in the United States.  Please refer to Hubspot’s Privacy Statement for more information.

Intercom  Company uses the live messaging service provided by Intercom R&D Unlimited Company (“Intercom”), 55 2nd St, San Francisco, CA 94105, USA to provide you live chat on the website. Intercom uses cookies and collect [NEED INFO]  to allow you to chat with our agents across multiple pages when using our website. For this purpose, the information generated by the “Cookie” is transferred to an Intercom server in the USA and stored there.

For more information on your rights and on how Intercom is processing data please see Intercom’s Privacy Policy which is available at www.intercom.com/privacy.  Intercom is is self-certified under the US-EU Privacy Shield and is subject to a Data Processing Addendum.

Keen.io Company uses Keen.io APIs to collect usage data for the Product.  We use the Personal Data collected to help our Customers measure the effectiveness of their ScreenSteps account, determine the reach of Programming Information to their End Users for tracking and reporting purposes  and to improve their knowledge base and courses. Histories are not matched to End User personal data unless the End User logs in.  We also use the data to make improvements to the Product. Keen.io is self-certified under the US-EU Data Privacy Shield and is subject to a Data Processing Addendum with us. For more information, check out their privacy policy.

How is My Data Protected?

We have implemented reasonable administrative, technical and physical security measures to protect your personal information against unauthorized access, destruction or alteration. For example:

  • SSL encryption (https) everywhere where we deal with personal data.
  • Password protection on your account.
  • Data is kept on secure, encrypted servers, located in the US.
  • Restricting staff access to Personal Data protected by password logs.
  • Regular staff privacy and security training
  • Payment services are tokenized

However, because no security system can be 100% effective, we cannot completely guarantee the security of any information we store, process or transmit.

Payments Encryption: Company utilizes only PCI-DSS compliant third party payment processors to ensure the security of your personal information.

Your Choices?

Right to Review and Rectify Your Personal Data.

Customers can see a history of what articles and courses they have viewed or complete on their account as well as your Account Information.

You can update most of your Account Information by logging on to your account. However, if additional assistance is required to change or delete inaccuracies within other Personal Data or would like to know what other information about you was collected, please contact us at privacy@screensteps.com.

Right to Remove or Withdraw Consent.

You have the right to withdraw consent where such consent is required to share or use data and you may request that we delete your Personal Data.

If you would like to delete comments posted, please contact your employer or entity that has provided the Programming Information.

If you receive newsletter or marketing communications from us and no longer wish to receive them, please follow the removal instructions in the email or change your account settings. You can delete your Account Information by logging into your account and canceling your account.  However, since your Account Information and Account History is required for us to provide the Services to you, deleting it will also terminate your access to the services. Deleting your Personal Data does not mean that all of it will be removed. We take steps to delete Personal Data that is no longer necessary in relation to provide the Services by deleting it within 120 days of your terminating your account or if the account remains unused for more than one year. Account data will be deleted within 90 days. Account images will be deleted within 120 days. We may be required by law, to retain it to exercise or defend legal claims, or contractual obligations with our customers to retain some information in connection with our obligation to provide the Services.  We may de-identify and anonymize some data for purposes of retaining it.

Data Portability

If you would like us to transmit your Personal Data to another company providing similar services, we will work with them to do so upon request and verification of such request with both the requestor and the company receiving the Personal Data.

Right to Redress

If you are a subject of the European Union or European Economic Area and Switzerland and you believe we have violated any data protection laws that apply to you, you have a right to file a complaint.  Please contact the Information Commissioner’s Office in the United Kingdom.

Processing End User Data for Customers

Our Services may involve the processing of Personal Data on behalf of our customers.  When we do so, we are acting as processors for the controllers of such data.  As such, we take steps to ensure that Personal Data subject to GDPR is processed in accordance with controller instructions and GDPR such as entering into a Data Processing Addendum incorporating EU Standard Contractual Clauses governing the processing, transmission and use of such End User Personal Data.  If you wish to exercise your data subject rights to review, rectify, delete or port your End User Personal Data please contact the controller to make such request.  If you make the request to us, we will work with the controller to process and evaluate such request to confirm whether deletion is required by GDPR.

Transnational Transfer of Data

If you are providing your Personal Data to us directly to use our Site or Services, we will transmit your data, including your Personal Data, to the United States in order to fulfill our contractual obligations to you. 

Your California Privacy Rights

California residents who have an established business relationship with ScreenSteps may make a written request to Company about whether Company has disclosed any Personal Information to any third parties for the third parties' direct marketing purposes during the prior calendar year.  To make such a request, please send an email  at privacy@screensteps.com or write us:

ScreenSteps Privacy

PO Box 801

McLean, VA 22101

866-275-7865

Third Party Websites

We may link to other websites. When you click on one of these links, you are ‘clicking’ to another website. Company does not control the data collection or privacy practices of such third party sites. We encourage you to read the privacy policies of any third party sites, as their collection, use and storage practices and policies may differ from ours. 

Minors Under 16 Years of Age

Company does not knowingly collect or store any personal information from or about children under the age of 16.

If you believe a child under the age of 16 has under any circumstances provided us with personal information and data, a parent or legal guardian can email us at privacy@screensteps.com to request that their children’s information be deleted from our records.

Do Not Track

Do Not Track” or DNT is a feature enabled on some browsers that sends a signal to request that a web application disable its tracking or cross-site user tracking. At present, our Site does not respond to or alter its practices when a DNT signal is received.

Changes to our Privacy Policy

Company reserves the right to amend this Privacy Policy at any time. If Company makes material changes to its Privacy Policy, we will notify you by (1) changing the Effective Date on our Privacy Policy and provide additional notification either (1) via email or other means as we may deem commercially reasonable.

Questions?

If you ever have any questions about our online Privacy Policy, please contact us. We respect your rights and privacy, and will be happy to answer any questions or concerns you might have. You may direct any such questions to our Data Protection Officer at privacy@screensteps.com.


Last Updated: May 23, 2018