Privacy Policy

♦ Policy Index

• Online Privacy Policy*
• European Economic Area Policy
• Latin America Policy

*Prosci uses AI machine learning to translate Spanish, Portuguese, French, and German. Refer to the English Policy for any clarification.

♦ Online Privacy Policy

Effective Date: October 2023

This Privacy Policy describes how Prosci, Inc. (“Prosci,” “us,” “we,” or “our”) collects, uses, and discloses personal information about you that we collect through from you or that you provide to us when you register for an account on the Prosci Portal (the “Portal”), and any other online services that we operate and that include a link to this Privacy Policy (collectively, the “Services”). As used in this Privacy Policy, “personal information” means information that identifies or that could be used to identify you.

This Privacy Policy does not apply to information Prosci collects, receives, or accesses in connection with the Prosci platform and related applications and services that Prosci’s business customers make available to their personnel and other users. In those contexts, we act as a service provider to the entity that subscribes to our platform, and any information that we collect, receive, or access on their behalf is governed by our agreements with them. If you use the Prosci platform, or applications and services delivered through the platform in affiliation with an organization, such as your employer, and you have questions about the handling of your personal information, please contact them directly.

Information We Collect

When you use or access the Services, we may collect certain information directly from you, or automatically from your use of the Services.

Information We Collect Directly from You

When you use or access the Services, we may collect personal information that you directly provide us, such as the following:

• Account Information, such as your name, email address, zip code, physical address, job title, place of work, and other information you may provide.
• Payment information when you make a purchase, such as payment card numbers, expiration dates, associated security codes, and billing address.
• Professional and employment-related information and education information you submit when you apply for a job with us, such as your resume, links to social media profiles, responses to application questions, and any other information you provide in your employment inquiries or applications.
• Information about certifications and accreditations you have earned or completed, including, for example, change management certifications from Prosci or that you provide to Prosci.
• Any other information you submit when you contact us through the Services, including any information you provide in a submission through our contact form or surveys.

Information We Collect from Third Parties

In some cases, we receive personal information from third parties. For instance, while using the Services, individuals may provide information about another individual, or an authorized user (such as an account administrator or employer) creating an account on your behalf may provide information about you.

Information We Collect Automatically from Your Use of the Services

We also may collect certain other information automatically when you use or access the Services, such as the following:

• Browser and Device Information Certain information may be automatically collected by most browsers or devices, such as information about user devices (such as IP addresses and MAC addresses), operating systems, and browsers.
• Information Stored in Cookies and Web Beacons The Services may also use available web-based technologies to collect personal information, such as cookies or web beacons. Cookies are pieces of information stored directly on users’ computers or devices. Cookies allow us to collect information such as browser type, time spent on the online services, pages visited, referring URL, and other traffic and usage data. We may also use cookies for purposes such as determining what features interest our users, revising our site features or operations, and as further described below. For more information, see the “Your Choices” section below. Please note that some cookies and web beacons may be set by third parties, who may use the Services to collect personal information about your online activities over time and across different Services, applications, and other online products or services.
• Pixel Tags and Log Files The Services may also use other tracking systems such as log files and pixel tags. For example, pixel tags, sometimes called web beacons, are similar in function to a cookie and can tell us certain information like what content has been viewed.
• Information Collected in Connection with Analytics Technology We may use various technologies to learn more about how visitors use the Services, such as Google Analytics. Google Analytics uses cookies to help us analyze how visitors use the Services. The information generated by the cookies about your use of the Services includes your IP address. If you so choose, you may be able to opt out by turning off cookies in the preferences settings in your browser. For more information on Google Analytics, including how Google Analytics collects, uses, and discloses information, refer to the following page: www.google.com/policies/privacy/partners/. We may also use other technologies to monitor your activities on the Services.
• Location Information When you use the Services, we may collect information about your location, including general location information that may be associated with your device’s IP address.

How We Use Your Information

We may use the personal information that we collect or receive through the Services for the following purposes.

• Providing, developing, maintaining, personalizing, protecting, and improving the Services.
• Processing payments for your purchases through the Services.
• Communicating with you about products, services, and events and providing news and information we think would be of interest to you (for information about how to manage these communications, please see “Your Choices” below).
• Operating, evaluating, debugging, identifying and repairing errors, effectuating similar functional enhancements, and improving our Services.
• Understanding how you and other users use our Services, performing analytics, analyzing and reporting on usage and performance of the Services and marketing materials, and determining what features and functionality may interest you and other users.
• Recruitment and hiring purposes, including evaluating and processing your employment application.
• Storing information about your preferences, recognizing you when you use the Services, and customizing your experience.
• Creating aggregate or de-identified information.
• Legal and safety purposes, such as maintaining the safety, security, and integrity of our Services, other technology assets, services, and our organization; preserving or enforcing our legal rights and property; protecting our users, our employees, and others; and complying with industry standards.
• Protecting against malicious, deceptive, fraudulent, or illegal activity, and participating in any prosecution or enforcement of laws or agreements meant to prevent or punish such activity.
• Enforcing our policies, terms of use, contracts, or other legal rights.
• Evaluating or participating in an actual or potential merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, including as part of bankruptcy, liquidation, or similar proceedings.
• To perform obligations pursuant to contractual terms you have accepted, such as our terms and conditions.
• To comply with applicable law and legal obligations.
• Such other purposes as you may authorize.

Disclosure of Your Information

We may disclose personal information we collect about you as follows.

• To our vendors, consultants, contractors, and other service providers who access personal information to carry out work on our behalf and improve the products and services they provide to us (e.g., companies that assist us with web hosting, payment processing, fraud prevention, customer service, analytics, marketing and advertising).
• To comply with applicable law, other legal requirements, and industry standards.
• To enforce our policies, terms of use, contracts, or other legal rights.
• To investigate or prevent unlawful activities or misuse of the Services.
• To protect against malicious, fraudulent, or illegal activity, and participating in any prosecution or enforcement of laws or agreements for such activity.
• To operate, evaluate, debug, identify and repair errors, and improve our Services and offerings.
• To an actual or potential buyer, successor, or other organization in the event of an actual or potential merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, including as part of bankruptcy, liquidation, or similar proceedings.
• To our current or future parents, affiliates, subsidiaries and other companies under common control and ownership.
• To such other parties as you may authorize.
• With third parties to serve advertisements on our behalf. For more information on this type of sharing, see the “Your Choices” section below.

We may also publish summaries of aggregate and de-identified information created from our users’ data in our blog posts and white papers.

Data Retention

Our retention periods for personal information are based on business and legal requirements. We retain personal information as is necessary for the processing purpose(s) for which the personal information was collected and any other permissible, related purpose, and as permitted or required by the applicable laws. For example, if you register on our Services, we will store your information for as long as needed to maintain your account, provide you the Services or other functionality as you request it, enforce any applicable terms that govern your use of the Services, and maintain appropriate records to reflect our delivery of Services to you.

Your Choices

You may choose not to provide your personal information that we request through the Services. However, not providing the information we request may restrict your ability to use certain features of the Services.

Similarly, you may also be able to restrict the collection of your personal information through the Services through your device’s operating system or by disabling cookies, but doing so may prevent you from using the functionality of the Services. Some Internet browsers have a “do-not-track” feature that lets you tell websites that you do not want to have your online activities tracked. At this time, the Services do not respond to browser “do-not-track” signals.

For information about interest-based advertising, and to opt out of this type of advertising by third parties that participate in self-regulatory programs, please visit the Network Advertising Initiative (NAI) opt out tool (https://www.networkadvertising.org/choices/) and/or the Digital Advertising Alliance (DAA) Self-Regulatory Program for Online Behavioral Advertising (https://youradchoices.com/), or, for users in Europe, the EDAA’s opt-out page (https://youronlinechoices.eu/). Please note that any opt-out choice you exercise through these programs will apply to interest-based advertising by the third parties you select but will still allow the collection of data for other purposes, including research, analytics, and internal operations. You may continue to receive advertising, but that advertising may be less relevant to your interests.

We may work with third parties (such as Facebook and Instagram) to serve ads to you as part of a customized campaign on their platforms. If you prefer not to see customized ads from us, you can usually opt out by changing your account settings or preferences on such platforms.

You can opt-out of receiving certain promotional or marketing communications from us at any time by using the unsubscribe link in the emails communications we send. Please note that if you have an account with us and you opt out of receiving promotional and marketing related communications from us, we may continue to send you non-promotional communications, e.g., service-related emails.

You can opt out of your personal information being disclosed to third parties as described in this policy in the section titled “Disclosure of Your Information” or used for a purpose that is materially different from the purposes for which your information was originally collected by us upon us notifying you of the different use. However, as we have already explained, not providing your information, or allowing your information to be used for other purposes by us may restrict your ability to use certain features of the Services.

You have the right to access your personal information that we have collected about you and to ask us to correct, amend, or delete that information where it is inaccurate or has been processed in violation of applicable laws, except in those situations where the burden or expense of providing you such access would be disproportionate to the risks of your privacy rights and concerns in your inquiry, or where the rights of others would be violated.

To exercise your rights as described in this Privacy Policy, particularly in this section titled “Your Choices”, you may contact us by submitting this form, by emailing privacyandsecurity@prosci.com, calling us at +1-970-203-9332 or toll-free at 1-800-700-2831, or writing to us at the address provided at the end of this Privacy Policy.

Third-party Links

The Services may include links to websites provided by third parties. We are not responsible for the privacy policies or practices of those third parties. We encourage you to review the applicable privacy policies of such third parties if you elect to follow the links provided.

How We Protect Your Information

We maintain safeguards that are reasonably designed to protect the information collected through the Services. Please note, however, that we cannot and do not guarantee the security of your information, as no method of data storage or transmission is 100% secure.

Data Transfers

Prosci is headquartered in the United States, and we process and store the information we collect from you, regardless of your location, in the U.S. If you are based outside the U.S., we transfer your personal information to, and process your personal information on, servers located in the U.S., a jurisdiction that may not provide equivalent levels of data protection as your home jurisdiction. By reference to the section headed "Disclosure of Your Information" above, your personal information may also be transferred to, stored, and processed in the U.S. or other jurisdictions where the third parties are located or from which the third parties provide us services. Such transfers and processing of your personal information are necessary to provide our Services. By submitting your personal information to us, you understand and consent to the transfer of such information as described above.

EU-U.S. Data Privacy Framework & UK Extension to the EU-U.S. Data Privacy Framework

Prosci complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and as applicable, the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce. Prosci has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) for the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the latter shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Prosci is responsible for the processing of personal information it receives under the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and subsequently transfers to a third party acting as an agent on its behalf. Prosci complies with the EU-U.S. DPF Principles for all onward transfers of personal information from the EU, the United Kingdom (and Gibraltar), including liability for the onward transfer of personal information.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Prosci commits to resolve EU-U.S. DPF Principles-related complaints about our collection and use of your personal information. EU and UK individuals with inquiries or complaints regarding our handling of personal data received or access to your personal data collected, in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF should first contact Prosci at privacyandsecurity@prosci.com or:

Prosci, Inc.
Attn: Legal Department
2950 E. Harmony Road, Suite 150
Fort Collins, CO 80528
United States

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Prosci commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you.

As further explained in the EU-U.S. DPF a binding arbitration option will also be made available to you in order to address residual complaints not resolved by any other means. For more information on the circumstances which binding arbitration can be invoked, please visit https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.

The Federal Trade Commission has jurisdiction over Prosci’s compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.

Additional Information for Residents of California

This section applies only to residents of the State of California and generally describes how we collect, use, and disclose the personal information of California residents and their households (“California Personal Information”).

This section applies only to the extent we direct the purposes and means of California Personal Information processing and otherwise qualify as a business subject to the CCPA. It does not apply to personal information excluded or excepted from requirements of the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act (“CCPA”).

California Personal Information We Collect

We may collect, and may have collected in the preceding 12 months, the following categories of California Personal Information, as described in more detail above in the “Information We Collect” section:

• Identifiers, including online identifiers.
• Commercial information.
• Internet and other electronic activity information.
• Inferences drawn from your activity.
• Geolocation data.
• Professional or employment-related information which may also include protected classification characteristics under California or federal law.
• Other categories of personal information described in California law.

Sources of California Personal Information We Collect

We collect California Personal Information from the sources described in the “Information We Collect” section of this Privacy Policy.

Purposes for Which We Use California Personal Information

We may collect and use the categories of California Personal Information described in the “California Personal Information We Collect” section above for one or more of the business and commercial purposes described in the “How We Use Your Information” section above.

Disclosures of California Personal Information for a Business Purpose

In the preceding 12 months, we may have disclosed the categories of California Personal Information listed below to the categories of third parties identified below for a business purpose:

• Identifiers, including online identifiers—with our service providers.
• Commercial information—with our service providers.
• Internet and other electronic activity information—with our service providers.
• Inferences drawn from your activity—with our service providers.
• Geolocation data—with our service providers.
• Other categories of personal information described in California law—with our service providers.

Sales of California Personal Information

In the preceding 12 months, we have not “sold” or “shared” (as those terms are defined under the CCPA) California Personal Information. We do not sell California Personal Information, and we do not have actual knowledge that we sell California Personal Information of consumers under 16 years of age.

California Personal Information Rights and Choices

The CCPA provides California residents with specific rights regarding their California Personal Information. This section describes those rights and explains how to exercise those rights to the extent we direct the purposes and means of the processing of your California Personal Information processing and otherwise qualify as a “business” under the CCPA.

Access to Specific Information and Data Portability Rights

California residents have the right to request that we disclose certain information to you about our collection, use, disclosure, and sale of your California Personal Information over the past 12 months. If we receive and confirm a verifiable consumer request from you pursuant to the “Exercising Access, Data Portability, and Deletion Rights” section below, we will disclose to you, depending on the scope of the request:

• The categories of California Personal Information we collected about you.
• The categories of sources for the California Personal Information we collected about you.
• Our business or commercial purpose for collecting California Personal Information about you.
• The categories of third parties with which we share your California Personal Information.
• The specific pieces of California Personal Information we collected about you.
• If we disclosed your California Personal Information for a business purpose, a list of the categories of third parties to whom we disclosed California Personal Information for a business purpose identifying the categories of California Personal Information disclosed to those parties in the preceding 12 months.

Deletion Request Rights

California residents have the right to request that we delete California Personal Information, subject to certain exceptions. Once we receive and confirm your verifiable consumer request pursuant to the “Exercising Access, Data Portability, and Deletion Rights” section below, we will delete your California Personal Information from our records, unless an exception applies.

Exercising Access, Data Portability, and Deletion Rights

To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:

• Submitting this form,
• Calling our toll-free phone number (1-800-700-2831), or
• Emailing privacyandsecurity@prosci.com

You may designate an authorized agent to submit requests on your behalf through a signed written permission that authorizes the agent to act on your behalf. We may mandate additional requirements when submitted through an authorized agent, such as requiring you to verify your identity directly with us or to directly confirm the authorized agent’s permission to act on your behalf.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. Your request must provide information sufficient to permit us to reasonably verify you are the person about whom we collected California Personal Information, or an authorized agent of that person. In order to verify your request, we may require you to provide additional information, including account profile information such as your Services email address and other information elements necessary to verify your identity. Your request also must include sufficient detail for us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with California Personal Information if we cannot verify your identity or authority to make the request and confirm the California Personal Information relates to you.

Making a verifiable consumer request does not require you to create an account with us. However, if you have a password-protected account with us we consider requests made through that account sufficiently verified when the request relates to California Personal Information associated with that specific account.

Any disclosures we provide will only cover the 12-month period preceding our receipt of the verifiable request. If we cannot fulfill, or are permitted to decline, your request then we will alert you or your authorized agent. For data portability requests, we will select a format to provide your California Personal Information that is readily usable.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision, and we reserve the right to either refuse to act on your request or charge you a reasonable fee to complete your request if it is excessive, repetitive, or manifestly unfounded.

Non-Discrimination

Subject to certain exceptions, you have the rights to not receive discriminatory treatment for exercising your access, data portability, opt-out, and deletion rights described above.

Changes to this Privacy Policy

We may update this Privacy Policy to reflect changes in our privacy practices at any time and without prior notice to you. When we do so, we will update the Effective Date of the Privacy Policy, above. We encourage you to periodically review this Privacy Policy for the latest information on our privacy practices.

Contacting Us

If you have any questions about this Privacy Policy or our privacy practices or desire to exercise any of your rights as explained in this Policy, you may call us at +1-970-203-9332 or toll-free at 1-800-700-2831. You can also email us at privacyandsecurity@prosci.com, or write to us at:

Prosci, Inc.
Attn: Legal Department
2950 E. Harmony Road, Suite 150
Fort Collins, CO 80528
United States

♦ Europe Economic Area Policy

Effective Date: October 2023

1. Who we are
2. Personal data and the law
3. Personal data we collect from you
4. How we collect your personal data
5. How we use your personal data
6. Who we share your personal data with
7. Where your personal data is stored
8. How long we keep your personal data
9. Accuracy of your personal data
10. Your rights
11. Protecting your personal data
12. Links to other websites and social media platforms
13. IP addresses
14. Cookies - what are they and how we use them
15. Useful links

The Policy

1. Who we are

This Policy applies for Prosci’s European group of companies, registered and/or operating in the United Kingdom, Belgium, Denmark, France, Germany, Ireland, Italy, Luxembourg, Morocco, Netherlands, Norway, Portugal, South Africa, Spain, Sweden, Switzerland and the UK. Details of our registered companies and locations can be found on our website.

We collect, process, store, disclose and protect personal information (information by which an individual can be identified) to perform our business activities and to primarily provide change management consultancy, training and coaching services, together with the recruitment and selection of staff, suppliers and products required to deliver those services to you (the "Services"). Automated decision making or profiling is not carried out by us.

By providing your personal information to us, you agree that this Privacy Policy will apply to how we handle your personal information, and you consent to us collecting, processing, storing and disclosing your personal information as detailed in this Privacy Policy (please see section 2 of this Privacy Policy for our lawful grounds to do so which includes consent to us using and disclosing your personal information for the purpose for which it was collected, unless you withdraw your consent).

If you do not agree with any part of this Privacy Policy you must not provide your personal information, or the personal information of third parties to us. Please note if you do not provide us with your personal information, or if you withdraw the original consent you provided under this Privacy Policy, this may affect our ability to provide Services to you, or negatively impact the Services we provide to you.

2. Personal data and the law

Personal information is defined as any information which is related to an identified or identifiable natural person. There may be instances where your local data protection laws impose more restrictive information handling practices than the practices set out in this Privacy Policy.

This Privacy Policy outlines our information handling practices and managing your privacy in compliance with the Data Protection Act 2018, UK General Data Protection Regulations (UK GDPR), the International Data Transfer Agreement for the international transfer of personal data, issued under section 119A Data Protection Act 2018, and operative from 21 March 2022 (the ‘’IDTA’’), EU GDPR ((EU) 2016/679 of the European Parliament and of the Council of 27 April 2016) as applicable and in force across the European Union,  Law No 09-08 as implemented in Decree n° 2-09-165 of May 21, 2009 applicable in Morocco and The Protection of Personal Information Act 4 of 2013 (POPIA) as applied in South Africa, including any amendment, update, modification or re-enactment of such laws. The legal requirements directly applicable to the Services shall be deemed in effect by all parties involved in the Services and form part of this Privacy Policy (unless otherwise agreed in writing).  

When handling your data, we rely on one or more lawful grounds to process your personal information. We will only process your personal information on one of more of the following lawful grounds: 

Specific consent - you have given your consent to such processing by voluntarily providing us with your personal information. You can withdraw your consent at any time but that may preclude you from using our Services thereafter. 

Performance of a contract - the processing is necessary to provide our Services to you.

Legal obligation - the processing is necessary for compliance with our legal obligations.

Legitimate interest - where it is reasonably necessary to achieve our or third parties' legitimate interests.

3. Personal data we collect from you

We typically collect, process and store the following types of personal information you provide to us:

• Full name

• Email

• Postal address (if applicable)

• Phone number

• Job title

In addition to the above, we also collect, process and store the following types of personal information depending on your relationship with us:

• For in-person training - dietary requirements, special requests, health/mobility issues (if any) and/or customer service interaction notes

• For virtual training - any special requests, health issues (if any) and/or customer service interaction notes

• For job applications - CV's and applications

• For successful job applications - third party pre-employment due diligence checks, employment verification information including criminal record checks, third party references, professional or educational certifications/licenses etc.

• For employees - date of birth, gender, any personal details, or health information that you choose to share with us, learning and development records (including certifications), identification documents, right to work verification documents, any additional information to support your employment with us, provision of benefits and third-party emergency contact details.

When you provide personal information on behalf of a third party e.g., providing emergency or referee contact details you agree that you have obtained the consent of the other person (the third party) for us to collect, use and disclose their personal information in accordance with this Privacy Policy, and that you have made the third party aware of your actions and of this Privacy Policy. 

4. How we collect your personal data

You may choose to share your personal data with us by various means which may include but not be limited to making an online enquiry or by purchasing our Services through our website(s), or by attending one of our courses or workshops, visiting our website(s) through cookies, by sending us an email, by completing a survey, through a third party website for job applications, from third parties as your nominated referee, or by providing your details by letter or telephone, or by completing an internal form to support your employment or contractual status with us. This may include subscribing to any of our Services, requesting newsletters, obtaining downloads, registering for events and online webinars, contacting us through social media channels, accounting and administration (business to business) or applying for an opportunity. You may choose not to provide your personal information that we request through the Services. However, not providing the information we request may restrict your ability to use certain features of the Services. 

5. How we use your personal data

We use the personal data provided by you to provide our Services, fulfil your requests, improve our Services, engage in research and analysis relating to the Services we provide, personalise your experience, track usage of the Services, provide feedback to third parties that are listed on the Services, display relevant advertising, market our Services, provide customer support, contact you, for recruitment, back up our systems, allow for disaster recovery and to enhance the security of the Services.

We will store your contact data so we can provide you with information in regard to our products and Services that you may be legitimately interested in. We may also contact you to ask you to complete surveys that we use for research purposes (responding at your discretion), You have the option to unsubscribe from these communications at any time. 

6. Who we share your personal data with

We share your personal data with your consent, as necessary to complete any transaction or provide any product or Service you have requested or authorized and where we have a legal basis to do so (see clause 2). This includes sharing your personal data with our sub-processors, our subsidiaries, and when we are legally bound to do so by law.  

We may disclose some or all of your personal information to:

• Any member of our organisation or group, including employees of our global subsidiaries outlined in the above Policy Statement,

• Other third-party contractors and suppliers including but not restricted to benefit providers, travel providers, IT service providers and data hosting providers, parties supporting remote working on customer sites, our banks and external business advisors, such as lawyers, accountants and auditors.

Please be assured that our sub-processors have contractual agreements in place incorporating data protection provisions as required by law. Our list of sub-processors is available to by clicking here: https://www.prosci.com/legal/subprocessors. In the event of sale, merger, de-merger, acquisition or other reorganisation of the businesses, your personal data will be shared and processed in accordance with our legitimate interests and those of relevant third parties. In all cases data sharing will only take place when appropriate contracts, including confidentiality and/or data transfer obligations (where required) are completed with the planned recipient(s) of your data.

We will disclose your personal information if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms and conditions of use, or to protect the rights, property, or safety of our companies, our customers, or others. This includes exchanging information with other companies and organisations for the purpose of fraud protection and credit risk reduction, or to comply with UK Government or EU regulations. 

7. Where your personal data is stored

The personal data that we collect from you is stored in professional datacentres within the Economic European Area, United Kingdom and/or the United States of America (USA).

Your personal data may be transferred and stored in the USA, and managed by sub-processors who support us in carrying out our Services to you. Employee and contractor personal data may be shared with third parties and transferred to their storage and sub-processing destinations to support customer delivery arrangements including business travel, etc. Our list of sub-processors is available to view (please see clause 6).  

8. How long we keep your personal data

If you contact us, we may keep a record of that correspondence. We may retain details of your visits to our website(s) including, but not limited to, traffic data, location data, weblogs and other communication data and a record of the resources you access.

We may keep a record of your website preferences and interests, other information relevant to customer surveys, offers made by us and details of the transactions you complete through the website and the fulfilment of your orders.

Data is retained for a maximum of 7 years with the following exceptions:

• Training records are retained in perpetuity as verification of having completed your training.

• Job applications and CV's not pursued are deleted once a position has been filled

• Staff records, identification document and right to work verification documents are maintained for the duration of your employment plus a further 7 years once your employment has ceased. 

9. Accuracy of your personal data

We make every effort to maintain the accuracy and completeness of your personal information. However, you can assist us by contacting us if there are any changes to your personal information, or if you become aware that we have inaccurate personal information relating to you by using the contact details in our Policy Statement above. We will not be liable for any losses arising from inaccurate, inauthentic, deficient, or incomplete personal information that you, or a person acting on your behalf, provides to us.

If you believe that any information we are holding about you is incorrect or incomplete and require it to be amended, please contact us using the contact details in our Policy Statement above.

10. Your rights

In any event, you have the following rights:

• Your right of access - you may request copies of your personal information.

• Your right to rectification -you may request that we rectify personal information you think is inaccurate or incomplete.

• Your right to erasure - you may request that we erase your personal information except where we are under a legal obligation to keep your data, in which case you may request a restriction of processing of your personal data. 

• Your right to object to processing - you may object to processing if we are able to process your information because the process forms part of our public tasks, or is in our legitimate interest

• Your right to data portability - this only applies to information you have given us. You may request that we transfer the information you gave us from one organisation to another or to give it to you. This right only applies if we are processing information based on your consent or under, or in talks about entering into a contract, and the processing is automated.

You can contact us at any time by using the contact details provided in the above Policy Statement regarding your rights. You can also tell us at any time to not send you marketing communications by email, by using the contact information in the Policy Statement, or by clicking on the unsubscribe link within the marketing emails you may receive from us. 

11. Protecting your personal data

We are committed to ensuring that your information is secure. We have reasonable technology and organisational security measures in place to protect your personal information from unauthorised access, use, alteration and disclosure.  We are pleased to be Cyber Essentials Plus certified (a UK Government backed scheme that helps to protect an organisation against a whole range of the most common cyber-attacks). Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site. Any transmission is at your own risk.

Once your personal information is received, it is managed in line with recognised industry security practices to safeguard it as best we can, but we cannot guarantee that the security measures we have in place will never be defeated or fail, or that such measures will always be sufficient or effective.

Please note:

• Your personal information will only be seen by those who have a legitimate reason for seeing it,

• Your personal data may be processed by staff operating outside the UK or the EEA who work for us, or for one of our sub-processors,

• Third parties who are authorised to access, store and manage our data sets (which include your personal information records) are bound by confidentiality agreements,

• Our website is assessed as PCI compliant.

We do not collect, access, store or process any payment information on our websites. The processing of payment transactions is carried out in a third-party secure Payment Gateway named Stripe. Discover more about Stripe on our sub processors list, or by reviewing their privacy policy. 

12. Links to other websites and social media platforms

Our websites and other communications you receive from us may contain links to other websites of interest. If you use these links, please be aware that we do not have any control over that other website and therefore we cannot be held responsible for the protection and privacy of any information which you provide whilst visiting such sites. Such sites are not governed by this Privacy Policy. Please exercise caution and look at the privacy statement applicable to the website in question. 

Your interactions with us on any of our social media platforms are governed by the privacy policies of the third-party platforms including but not limited to LinkedIn, YouTube, Vimeo, X and Vidyard. Please refer to their privacy policies before exploring their pages.  

13. IP addresses

When you access our website, use any of our mobile applications, or open electronic correspondence or communications from us, our servers may record data regarding your device and the network you are using to connect with us, including your IP address. We may use IP addresses for system administration, investigation of security issues, and compiling data regarding use of our website, including the completion of web-forms and downloads, and/or mobile applications.

14. Cookies - what they are and how we use them

Cookies on our websites (are used for a variety of different purposes, classified into the following categories:

• Strictly necessary cookies: these are required for the operation of the website. They include, for example, cookies that enable approved users to log into secure areas of the website.

• Analytical/performance cookies: we use Google Analytics to gain insight into how our website is used, analysing information on the most visited pages on our website, the geographical locations of our visitors, time spent on the website and the number of times a link has been clicked, amongst many other useful anonymous statistics. _gat,_gid, and_ga are enabled.

• Functionality cookies: these improve the functional performance of our website and make it easier for you to use. For example, such cookies are used to remember that you have previously visited the website and asked to remain logged in to it if you have a user account. Cookies are also used by www.cmcpartnership.com to protect the security of the site, for example by blocking multiple form submissions. In order to give the best possible browsing experience, we use session cookies to temporarily store data. Session cookies are used to keep track of your activity as you move from page to page through the website. Our session cookies do not collect any personal/traceable data about you and are automatically deleted when you close your browser.

• Targeting Cookies: these record your visits to our websites, identifying the webpages you have visited and the links you have followed.

Removing and managing cookies

To ensure that you are in control of your privacy at all times, all web browsers give you the option to disable cookies. Most browsers are initially set up to accept HTTP cookies. For more information about HTTP cookies and how to disable them the following links may be helpful, or you can use the “Help” option in your browser which should tell you how to stop accepting new cookies.

• Cookie settings in Internet Explorer

• Cookie settings in Firefox

• Cookie settings in Chrome

• Cookie settings in Safari web and iOS

15. Useful links

If you would like to find out more about privacy, cookies and their use on the internet, you may find the following links useful:

• Microsoft cookies guide

• All About Cookies

• UK Information Commissioner’s Office

- Prosci UK Limited is registered as a data controller with the ICO (Registration number ZB725789).

• EU GDPR Official Information

♦ Latin America Policy

Effective Date: January 2023

You are in a safe and responsible space with the rights of all people who interact with us through https://www.prosci.com/es/.

Through this policy, Prosci Iberia & Latam reaffirms its commitment to compliance with applicable law and the protection of the personal data of users who interact with this website.

This website complies with each and every one of the regulations that protect the personal information of its users and buyers, specifically:

• EU Regulation 2016/679, of the European Parliament and of the Council of 27 April 2016. (GDPR)
• The Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights.

By accepting this Privacy Policy, you give your informed, express, free and unequivocal consent for the data you provide, to be processed by Professional Science S de R.L. de C.V., as data controller, and on which the security, technical and organizational measures provided for in the regulations in force are applied.

Who is the data controller?

• Responsible: PROFESSIONAL SCIENCE S de R.L. de C.V and PROSCI IBERICA SL
• TAX ID: B88080296
• Iberia Address: Avenida de Brasil, 6 1°, 28020 Madrid, Spain
• Address Latam: Insurgentes Sur 586-402, Col. Del Valle, Mexico City, Mexico.
• Mercantile Registry Data: REGISTRO MERCANTIL DE ALICANTE (Mercantile Registry of Alicante)
• City: Madrid Volume: 37570 Folio: 9 Book: 8
• Page: M-669.659 Date: April 11, 2018
• Email: contacto.iberia@prosci.com contacto.latam@prosci.com
• Activity: Consulting and training

The personal data that are collected and processed on this website are provided directly by users, specifically, data are collected and processed from:

• Contact form
• Training, events and workshops contracting form.
• Mailing list subscription forms
• Registration and access forms for registered users.

As a user, you declare that all the information you provide to access the Service, before and during its use, is true, complete and accurate.

Maximum confidentiality in all our services

In the provision of our services, we assume the greatest commitment to the right of our customers and students to their own privacy. We will only collect the information strictly necessary for the performance of the tasks for which our trainings, workshops and events have been required, always with the corresponding authorization of the student or client.

Legitimacy for the treatment of your data

To contact or request information about the training platform, consent to this privacy policy is required. The legal basis for the processing of data of persons who purchase training or services offered on this website by Prosci Iberia & Latam is the execution of the contract.

Category of personal data required

• To contact: Identity data is required: (Name and Surname, e-mail)
• To contract trainings/workshops and events: In this case, Name and Surname, address, DNI, email, and payment data are required.
• To subscribe: Username and e-mail address.
• To register: If you are already a student of any of our trainings or have enrolled in our Prosci® International Certification Program, you can register and access our platform with the username and passwords that will be assigned to you and that you will be able to modify.

For what purpose are your personal data processed?

Sending personal data on this website is mandatory to contact, comment, subscribe to the blog and request any of the services offered by Prosci Iberia & Latam.

• Consulting and/or training services, mentoring, coaching.
• Organization of workshops and public webinars directly or sent by a company: Through the forms on this website data is collected, in each form we will inform the specific purposes of the treatment, the data required are adequate and relevant to the purpose that is communicated.

• To provide contracted services, support students who contract training, events or workshops , manage store orders.
• To manage registrations for the Prosci® International Certification Program and send information requested by interested parties.
• To manage our list of subscribers.
• To assess the opinion and satisfaction of customers who hire trainings.
• To promote Prosci Iberia & Latam's services: For example, if the User leaves his/her personal information in any of the contact forms, Prosci Iberia & Latam can use that data to send him/her information about its services in case it is required.
• To manage the subscription list, send newsletters, promotions and special offers.
• To moderate and respond to comments made by users on the blog.

In each of the cases, you will be informed specifically about the purpose of each treatment and you will have full rights over your personal data and their use and you can exercise them at any time.

Where appropriate, we will ask for your specific consent to the processing of your information for the purposes informed.

In no case we will transfer your data to third parties without previously informing you and requesting your consent.

Personal data will also be processed in order to:

• Comply with legal obligations: for example, to respond to a legal process or a requirement of a competent supervisory authority, such as the Spanish Data Protection Agency.
• Protect the rights and safety of our Users and third parties, as well as our own.
• To provide information to representatives and advisors, including lawyers and tax advisors to help us comply with legal, tax or security requirements.
• To support and improve the services offered by this website.
• We also collect other non-identifying data obtained through some cookies that are downloaded to the user's computer when browsing this website that I detail in the cookies policy.
• To manage social networks including messaging systems such as WhatsApp. Prosci Iberia & Latam has a presence in social networks. The treatment of the data carried out by the people who become followers in the social networks of the official pages of Prosci Iberia & Latam will be governed by this section, as well as by those conditions of use, privacy policies and access regulations that belong to the social network that applies in each case and previously accepted by the user. Prosci Iberia & Latam will process your data in order to properly manage its presence in the social network, informing of activities, products or services, as well as for any other purpose that the regulations of social networks allow. In no case will we use the profiles of followers in social networks to send advertising individually.

Prosci Iberia & Latam does not sell, rent or transfer personal data of its users or training students to third parties without their consent.

What are your rights when you provide your data?

To help you ensure the protection and privacy of your personal data, the GDPR gives you several rights by which you can make a specific request and be assured that the personal data you provide on this website are not misused for purposes that are not legitimate for the purpose for which you have provided them to us.

Specifically, you have the following rights:

• Access to information about your Personal Data: You have the right to know whether and how your Personal Data are used on this website.
• Check that your Personal Information is correct: You have the right to check that correct and updated information about you is used.
• Delete Your Personal Data: You can request the deletion of data that is not necessary for a specific purpose, for example, a contract or a legal requirement. You may also withdraw any consent you may have previously given.
• Limit the way we use your Personal Data: You can ask us to limit the processing of your data to specific purposes, for example, to provide a service.
• Withdraw your consent: Where data is required based on your consent, you have the right to change your mind and withdraw your consent at any time.
• How to delete your account: You can delete your account by requesting deletion of your account at the appropriate email address. If you choose to delete your account, all of your data, including backup copies, will be deleted within 90 days.
• File a complaint with the local data protection supervisory authorities: If you are dissatisfied with the way your data is handled on this website or how your rights have been responded to, you have the right to file a complaint with the local data protection supervisory authorities.

Do you need a form to exercise your rights?

There is a form for the exercise of your rights, you can request it by email or if you prefer, you can use those prepared by the Spanish Data Protection Agency or third parties.

If you are represented by someone, you must attach a copy of your ID, or sign it with your electronic signature. The forms can be submitted in person, sent by letter or by mail to the address of the person responsible at the beginning of this text.

Where can you write to request the Exercise of Rights?

To exercise these rights you can contact: privacyandsecurity@prosci.com

How long will your data be kept?

Personal data will be kept for as long as you remain linked as a user, a student of our training courses.

Once you disengage, the personal data processed for each purpose will be kept for the legally stipulated periods, including the period in which a judge or court may require them in accordance with the statute of limitations for legal action.

The data processed will be kept until the expiration of the aforementioned legal terms, if there is a legal obligation to maintain them, or if there is no such legal term, until the interested party requests their deletion or revokes the consent granted.

All information and communications related to the provision of services linked to this website will be kept for the duration of the business relationship, to address possible claims.

To which recipients will your data be communicated?

Service providers and consultants
Delegations of PROFESSIONAL SCIENCE S de R.L. de C.V and PROSCI IBERICA SL

Mexico Office
Insurgentes Sur 586-402, Col. Del Valle, Mexico City, Mexico.
Telephone: +52 55 1107 6758

Chile Office
Marchant Pereira 150-901, Providencia, Santiago, Chile.
Phone: +56 9 9505 3435

Law enforcement, regulators and other parties for legal reasons

Third parties as required by law or if PROFESSIONAL SCIENCE S de R.L. de C. V or PROSCI IBERICA SL reasonably believes that such action is necessary to (a) comply with the law and reasonable law enforcement requests; (b) enforce our Terms of Service or to protect the security or integrity of our Services or Websites; and/or (c) exercise or protect the rights, property or personal safety of PROFESSIONAL SCIENCE S de R.L. de C.V or PROSCI IBERICA SL, its customers or others.

Personal information that is collected may be transferred to and stored in countries outside the European Union, and processed outside the EU, including in the United States; these international transfers of personal information are necessary to provide services to customers and users.

Types of data transferred: contact, name and surname, e-mail, telephone.

Collaborating teachers: some trainings are developed by professionals collaborating with PROSCI IBERIA & LATAM. Your data will be processed by these collaborators in order to develop the training, evaluate the students and follow up the evolution of each student.
All these partners have signed confidentiality agreements with PROSCI IBERIA & LATAM as data controller and these partners may only process your information in accordance with the instructions of the data controller.

Service providers, such as providers of computer systems and services for digital marketing automation and analytics such as: HubSpot, Dropbox.

The same have signed a contract for the provision of services or data processing that obliges them to maintain the same level of privacy and security that we apply to our treatments.

Advertising and Remarketing

We use the information we have to improve our advertising and measurement systems in order to show you relevant ads of our services.
We use Facebook Ads, and LinkedIn Ads, the advertising platforms of Facebook and LinkedIn respectively, which allows us to create campaigns and ads. When generating an ad, you can segment your audience by:

• Location
• Demographics (age, gender, etc.)
• Interests (activities, hobbies, etc.)
• What they buy online and through other channels.

The data obtained through Ads platforms are subject to this privacy policy from the moment the user leaves their data in the form on this website to join the newsletter subscriptions. In no case will information from Facebook or LinkedIn be used for a different purpose.

Security notification and breach statement

PROSCI IBERIA & LATAM takes reasonable and appropriate measures to protect personal information against loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the processing and the nature of the personal information collected on this website, however, if PROSCI IBERIA & LATAM determines that your data has been misappropriated, exposed by a security breach or improperly acquired by a third party, PROSCI IBERIA & LATAM will promptly inform you of such security breach, misappropriation or misacquisition.

Accuracy and truthfulness of data

As a user, you are solely responsible for the accuracy and correctness of the data you submit to PROSCI IBERIA & LATAM, exonerating PROSCI IBERIA & LATAM from any liability in this regard.

Users guarantee and respond, in any case, the accuracy, validity and authenticity of the personal data provided, and undertake to keep them updated. The user agrees to provide complete and correct information in the contact or subscription form.

Applicable law and jurisdiction

The relationship between PROSCI IBERIA & LATAM and the USER shall be governed by Spanish law and any dispute shall be submitted to the appropriate courts and tribunals.

Changes in the privacy policy

PROSCI IBERIA & LATAM reserves the right to modify this policy to adapt it to new legislation or case law, as well as industry practices. In such cases, PROSCI IBERIA & LATAM will announce on this page the changes made reasonably in advance of their implementation.

Contacting Us

In case any user has any doubt about these legal conditions or any comment about prosci.es please contact us at: privacyandsecurity@prosci.com