Privacy Policy

This Privacy Policy describes how Prosci, Inc. (“Prosci,” “us,” “we,” or “our”) collects, uses, and discloses personal information about you that we collect through from you or that you provide to us when you register for an account on the Prosci Portal (the “Portal”), and any other online services that we operate and that include a link to this Privacy Policy (collectively, the “Services”). As used in this Privacy Policy, “personal information” means information that identifies or that could be used to identify you.

This Privacy Policy does not apply to information Prosci collects, receives, or accesses in connection with the Prosci platform and related applications and services that Prosci’s business customers make available to their personnel and other users. In those contexts, we act as a service provider to the entity that subscribes to our platform, and any information that we collect, receive, or access on their behalf is governed by our agreements with them. If you use the Prosci platform, or applications and services delivered through the platform in affiliation with an organization, such as your employer, and you have questions about the handling of your personal information, please contact them directly.

When you use or access the Services, we may collect certain information directly from you, or automatically from your use of the Services.

Information We Collect Directly from You

When you use or access the Services, we may collect personal information that you directly provide us, such as the following:

• Account Information, such as your name, email address, zip code, physical address, job title, place of work, and other information you may provide.
• Payment information when you make a purchase, such as payment card numbers, expiration dates, associated security codes, and billing address.
• Professional and employment-related information and education information you submit when you apply for a job with us, such as your resume, links to social media profiles, responses to application questions, and any other information you provide in your employment inquiries or applications.
• Information about certifications and accreditations you have earned or completed, including, for example, change management certifications from Prosci or that you provide to Prosci.
• Any other information you submit when you contact us through the Services, including any information you provide in a submission through our contact form or surveys.

Information We Collect from Third Parties

In some cases, we receive personal information from third parties.  For instance, while using the Services, individuals may provide information about another individual, or an authorized user (such as an account administrator or employer) creating an account on your behalf may provide information about you.

Information We Collect Automatically from Your Use of the Services

We also may collect certain other information automatically when you use or access the Services, such as the following:

• Browser and Device Information Certain information may be automatically collected by most browsers or devices, such as information about user devices (such as IP addresses and MAC addresses), operating systems, and browsers.
• Information Stored in Cookies and Web Beacons The Services may also use available web-based technologies to collect personal information, such as cookies or web beacons. Cookies are pieces of information stored directly on users’ computers or devices. Cookies allow us to collect information such as browser type, time spent on the online services, pages visited, referring URL, and other traffic and usage data. We may also use cookies for purposes such as determining what features interest our users, revising our site features or operations, and as further described below. For more information, see the “Your Choices” section below. Please note that some cookies and web beacons may be set by third parties, who may use the Services to collect personal information about your online activities over time and across different Services, applications, and other online products or services.
• Pixel Tags and Log Files The Services may also use other tracking systems such as log files and pixel tags. For example, pixel tags, sometimes called web beacons, are similar in function to a cookie and can tell us certain information like what content has been viewed.
• Information Collected in Connection with Analytics Technology We may use various technologies to learn more about how visitors use the Services, such as Google Analytics. Google Analytics uses cookies to help us analyze how visitors use the Services. The information generated by the cookies about your use of the Services includes your IP address. If you so choose, you may be able to opt out by turning off cookies in the preferences settings in your browser. For more information on Google Analytics, including how Google Analytics collects, uses, and discloses information, refer to the following page: www.google.com/policies/privacy/partners/. We may also use other technologies to monitor your activities on the Services.
• Location Information When you use the Services, we may collect information about your location, including general location information that may be associated with your device’s IP address.

We may use the personal information that we collect or receive through the Services for the following purposes.

• Providing, developing, maintaining, personalizing, protecting, and improving the Services.
• Processing payments for your purchases through the Services.
• Communicating with you about products, services, and events and providing news and information we think would be of interest to you (for information about how to manage these communications, please see “Your Choices” below).
• Operating, evaluating, debugging, identifying and repairing errors, effectuating similar functional enhancements, and improving our Services.
• Understanding how you and other users use our Services, performing analytics, analyzing and reporting on usage and performance of the Services and marketing materials, and determining what features and functionality may interest you and other users.
• Recruitment and hiring purposes, including evaluating and processing your employment application.
• Storing information about your preferences, recognizing you when you use the Services, and customizing your experience.
• Creating aggregate or de-identified information.
• Legal and safety purposes, such as maintaining the safety, security, and integrity of our Services, other technology assets, services, and our organization; preserving or enforcing our legal rights and property; protecting our users, our employees, and others; and complying with industry standards.
• Protecting against malicious, deceptive, fraudulent, or illegal activity, and participating in any prosecution or enforcement of laws or agreements meant to prevent or punish such activity.
• Enforcing our policies, terms of use, contracts, or other legal rights.
• Evaluating or participating in an actual or potential merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, including as part of bankruptcy, liquidation, or similar proceedings.
• To perform obligations pursuant to contractual terms you have accepted, such as our terms and conditions.
• To comply with applicable law and legal obligations.
• Such other purposes as you may authorize.

We may disclose personal information we collect about you as follows.

• To our vendors, consultants, contractors, and other service providers who access personal information to carry out work on our behalf and improve the products and services they provide to us (e.g., companies that assist us with web hosting, payment processing, fraud prevention, customer service, analytics, marketing and advertising).
• To comply with applicable law, other legal requirements, and industry standards.
• To enforce our policies, terms of use, contracts, or other legal rights.
• To investigate or prevent unlawful activities or misuse of the Services.
• To protect against malicious, fraudulent, or illegal activity, and participating in any prosecution or enforcement of laws or agreements for such activity.
• To operate, evaluate, debug, identify and repair errors, and improve our Services and offerings.
• To an actual or potential buyer, successor, or other organization in the event of an actual or potential merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, including as part of bankruptcy, liquidation, or similar proceedings.
• To our current or future parents, affiliates, subsidiaries and other companies under common control and ownership.
• To such other parties as you may authorize.
• With third parties to serve advertisements on our behalf. For more information on this type of sharing, see the “Your Choices” section below.

We may also publish summaries of aggregate and de-identified information created from our users’ data in our blog posts and white papers.

Our retention periods for personal information are based on business and legal requirements. We retain personal information as is necessary for the processing purpose(s) for which the personal information was collected and any other permissible, related purpose, and as permitted or required by the applicable laws. For example, if you register on our Services, we will store your information for as long as needed to maintain your account, provide you the Services or other functionality as you request it, enforce any applicable terms that govern your use of the Services, and maintain appropriate records to reflect our delivery of Services to you.

You may choose not to provide your personal information that we request through the Services. However, not providing the information we request may restrict your ability to use certain features of the Services.

Similarly, you may also be able to restrict the collection of your personal information through the Services through your device’s operating system or by disabling cookies, but doing so may prevent you from using the functionality of the Services. Some Internet browsers have a “do-not-track” feature that lets you tell websites that you do not want to have your online activities tracked. At this time, the Services do not respond to browser “do-not-track” signals.

For information about interest-based advertising, and to opt out of this type of advertising by third parties that participate in self-regulatory programs, please visit the Network Advertising Initiative (NAI) opt out tool (https://www.networkadvertising.org/choices/) and/or the Digital Advertising Alliance (DAA) Self-Regulatory Program for Online Behavioral Advertising (https://youradchoices.com/), or, for users in Europe, the EDAA’s opt-out page (https://youronlinechoices.eu/). Please note that any opt-out choice you exercise through these programs will apply to interest-based advertising by the third parties you select but will still allow the collection of data for other purposes, including research, analytics, and internal operations. You may continue to receive advertising, but that advertising may be less relevant to your interests.

We may work with third parties (such as Facebook and Instagram) to serve ads to you as part of a customized campaign on their platforms. If you prefer not to see customized ads from us, you can usually opt out by changing your account settings or preferences on such platforms.

You can opt-out of receiving certain promotional or marketing communications from us at any time by using the unsubscribe link in the emails communications we send. Please note that if you have an account with us and you opt out of receiving promotional and marketing related communications from us, we may continue to send you non-promotional communications, e.g., service-related emails.

You can opt out of your personal information being disclosed to third parties as described in this policy in the section titled “Disclosure of Your Information” or used for a purpose that is materially different from the purposes for which your information was originally collected by us upon us notifying you of the different use. However, as we have already explained, not providing your information, or allowing your information to be used for other purposes by us may restrict your ability to use certain features of the Services.

You have the right to access your personal information that we have collected about you and to ask us to correct, amend, or delete that information where it is inaccurate or has been processed in violation of applicable laws, except in those situations where the burden or expense of providing you such access would be disproportionate to the risks of your privacy rights and concerns in your inquiry, or where the rights of others would be violated.

To exercise your rights as described in this Privacy Policy, particularly in this section titled “Your Choices”, you may contact us by submitting this form, by emailing privacyandsecurity@prosci.com, calling us at +1-970-203-9332 or toll-free at 1-800-700-2831, or writing to us at the address provided at the end of this Privacy Policy.

The Services may include links to websites provided by third parties. We are not responsible for the privacy policies or practices of those third parties. We encourage you to review the applicable privacy policies of such third parties if you elect to follow the links provided.

We maintain safeguards that are reasonably designed to protect the information collected through the Services. Please note, however, that we cannot and do not guarantee the security of your information, as no method of data storage or transmission is 100% secure.

Prosci is headquartered in the United States, and we process and store the information we collect from you, regardless of your location, in the U.S. If you are based outside the U.S., we transfer your personal information to, and process your personal information on, servers located in the U.S., a jurisdiction that may not provide equivalent levels of data protection as your home jurisdiction. By reference to the section headed "Disclosure of Your Information" above, your personal information may also be transferred to, stored, and processed in the U.S. or other jurisdictions where the third parties are located or from which the third parties provide us services. Such transfers and processing of your personal information are necessary to provide our Services. By submitting your personal information to us, you understand and consent to the transfer of such information as described above.

Prosci complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and as applicable, the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce. Prosci has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) for the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the latter shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Prosci is responsible for the processing of personal information it receives under the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and subsequently transfers to a third party acting as an agent on its behalf. Prosci complies with the EU-U.S. DPF Principles for all onward transfers of personal information from the EU, the United Kingdom (and Gibraltar), including liability for the onward transfer of personal information.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Prosci commits to resolve EU-U.S. DPF Principles-related complaints about our collection and use of your personal information. EU and UK individuals with inquiries or complaints regarding our handling of personal data received or access to your personal data collected, in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF should first contact Prosci at privacyandsecurity@prosci.com or:

Prosci, Inc.
Attn: Legal Department
2950 E. Harmony Road, Suite 150
Fort Collins, CO 80528
United States

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Prosci commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you.

As further explained in the EU-U.S. DPF a binding arbitration option will also be made available to you in order to address residual complaints not resolved by any other means. For more information on the circumstances which binding arbitration can be invoked, please visit https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.

The Federal Trade Commission has jurisdiction over Prosci’s compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.

This section applies only to residents of the State of California and generally describes how we collect, use, and disclose the personal information of California residents and their households (“California Personal Information”).

This section applies only to the extent we direct the purposes and means of California Personal Information processing and otherwise qualify as a business subject to the CCPA. It does not apply to personal information excluded or excepted from requirements of the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act (“CCPA”).

California Personal Information We Collect

We may collect, and may have collected in the preceding 12 months, the following categories of California Personal Information, as described in more detail above in the “Information We Collect” section:

• Identifiers, including online identifiers.
• Commercial information.
• Internet and other electronic activity information.
• Inferences drawn from your activity.
• Geolocation data.
• Professional or employment-related information which may also include protected classification characteristics under California or federal law.
• Other categories of personal information described in California law.

Sources of California Personal Information We Collect

We collect California Personal Information from the sources described in the “Information We Collect” section of this Privacy Policy.

Purposes for Which We Use California Personal Information

We may collect and use the categories of California Personal Information described in the “California Personal Information We Collect” section above for one or more of the business and commercial purposes described in the “How We Use Your Information” section above.

Disclosures of California Personal Information for a Business Purpose

In the preceding 12 months, we may have disclosed the categories of California Personal Information listed below to the categories of third parties identified below for a business purpose:

• Identifiers, including online identifiers—with our service providers.
• Commercial information—with our service providers.
• Internet and other electronic activity information—with our service providers.
• Inferences drawn from your activity—with our service providers.
• Geolocation data—with our service providers.
• Other categories of personal information described in California law—with our service providers.

Sales of California Personal Information

In the preceding 12 months, we have not “sold” or “shared” (as those terms are defined under the CCPA) California Personal Information. We do not sell California Personal Information, and we do not have actual knowledge that we sell California Personal Information of consumers under 16 years of age.

California Personal Information Rights and Choices

The CCPA provides California residents with specific rights regarding their California Personal Information. This section describes those rights and explains how to exercise those rights to the extent we direct the purposes and means of the processing of your California Personal Information processing and otherwise qualify as a “business” under the CCPA.

Access to Specific Information and Data Portability Rights

California residents have the right to request that we disclose certain information to you about our collection, use, disclosure, and sale of your California Personal Information over the past 12 months. If we receive and confirm a verifiable consumer request from you pursuant to the “Exercising Access, Data Portability, and Deletion Rights” section below, we will disclose to you, depending on the scope of the request:

• The categories of California Personal Information we collected about you.
• The categories of sources for the California Personal Information we collected about you.
• Our business or commercial purpose for collecting California Personal Information about you.
• The categories of third parties with which we share your California Personal Information.
• The specific pieces of California Personal Information we collected about you.
• If we disclosed your California Personal Information for a business purpose, a list of the categories of third parties to whom we disclosed California Personal Information for a business purpose identifying the categories of California Personal Information disclosed to those parties in the preceding 12 months.

Deletion Request Rights

California residents have the right to request that we delete California Personal Information, subject to certain exceptions. Once we receive and confirm your verifiable consumer request pursuant to the “Exercising Access, Data Portability, and Deletion Rights” section below, we will delete your California Personal Information from our records, unless an exception applies.

Exercising Access, Data Portability, and Deletion Rights

To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:

• Submitting this form,
• Calling our toll-free phone number (1-800-700-2831), or
• Emailing privacyandsecurity@prosci.com

You may designate an authorized agent to submit requests on your behalf through a signed written permission that authorizes the agent to act on your behalf. We may mandate additional requirements when submitted through an authorized agent, such as requiring you to verify your identity directly with us or to directly confirm the authorized agent’s permission to act on your behalf.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. Your request must provide information sufficient to permit us to reasonably verify you are the person about whom we collected California Personal Information, or an authorized agent of that person. In order to verify your request, we may require you to provide additional information, including account profile information such as your Services email address and other information elements necessary to verify your identity. Your request also must include sufficient detail for us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with California Personal Information if we cannot verify your identity or authority to make the request and confirm the California Personal Information relates to you.

Making a verifiable consumer request does not require you to create an account with us. However, if you have a password-protected account with us we consider requests made through that account sufficiently verified when the request relates to California Personal Information associated with that specific account.

Any disclosures we provide will only cover the 12-month period preceding our receipt of the verifiable request. If we cannot fulfill, or are permitted to decline, your request then we will alert you or your authorized agent. For data portability requests, we will select a format to provide your California Personal Information that is readily usable.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision, and we reserve the right to either refuse to act on your request or charge you a reasonable fee to complete your request if it is excessive, repetitive, or manifestly unfounded.

Non-Discrimination

Subject to certain exceptions, you have the rights to not receive discriminatory treatment for exercising your access, data portability, opt-out, and deletion rights described above.

We may update this Privacy Policy to reflect changes in our privacy practices at any time and without prior notice to you. When we do so, we will update the Effective Date of the Privacy Policy, above. We encourage you to periodically review this Privacy Policy for the latest information on our privacy practices.

If you have any questions about this Privacy Policy or our privacy practices or desire to exercise any of your rights as explained in this Policy, you may call us at +1-970-203-9332 or toll-free at 1-800-700-2831. You can also email us at privacyandsecurity@prosci.com, or write to us at:

Prosci, Inc.
Attn: Legal Department
2950 E. Harmony Road, Suite 150
Fort Collins, CO 80528
United States