Some of our services contain advertising, to exercise control about data collection and use for that advertising click here.
Personal Data You Provide to Us
Personal Data Provided By A Customer, Governmental, or other Third Party Organization
Personal Data Obtained From Other Sources
Appriss Companies and Service Providers
Appriss Customer Organizations and Licensors
Sharing Consistent With Your Choices
If you are located outside the EU:
If you are a resident of California:
If you are located in the EU:
How to exercise your rights regarding Personal Data
Any references to “Appriss,” “we,” “us,” “our,” or the “Company” is a reference to Appriss Inc., a Delaware corporation with headquarters in Louisville, Kentucky, which includes the business units operating under the trade names Appriss Health and Appriss Insights, and Appriss Retail, with headquarters in Louisville, Kentucky.
Your relationship with Appriss stems from the Appriss Services you receive and your location where the Appriss Services are provided. Your relationship will be with the specific Appriss entity providing you the Appriss Services. Where applicable, the laws of the Commonwealth of Kentucky will apply. If you receive the Appriss Services outside of North America, applicable laws will vary depending on your region. If you are located in the EU, certain data privacy laws and regulations applicable to the EU apply, including but not limited to the General Data Protection Regulation (GDPR) (EU) 2016/679.
If your data has been submitted to us by an Appriss customer, governmental, or other third party organization (collectively, “Third Party Organization”), we operate as the processor of your Personal Data. Such Third-Party Organization(s) may include governmental or public service entities with which you interact, the public or private organization with which you are employed, or with which you are affiliated for purposes of a transaction or for one or more other lawful purposes, as well as data providers, biographical sources, broadcast content providers, social media providers and public source information such as government watch and sanction lists, which may be aggregated.
The Personal Data we collect about you from Third Party Organizations may include, but is not limited to, the following:
We may also collect Personal Data about you from certain affiliates and other third parties, including but not limited to:
When we are the controller of your Personal Data, we collect and process your Personal Data for one or more of the following purposes:
Where we need to collect and process Personal Data by law, or under a contract we have entered into with you, and you fail to provide that required Personal Data when requested, we may not be able to perform the contract.
When we are the processor of your Personal Data, we may process your Personal Data to enable our customers to achieve any one or more of the following purposes:
Your Personal Data may include personal information which is a matter of official court, public, and/or criminal record, in which circumstance such Personal Data has been supplied to Appriss for publication to our customer organizations by the public entities concerned in the interests of upholding and protecting the rule of law, and promoting the safety interests of the public.
It is important to note that Appriss has no power over what is reported in official court, public, or criminal records. It is for the courts and applicable law enforcement entities to decide what Personal Data is to remain within the records that they disclose, and the balance to be struck between the public interests in disclosure and the privacy rights of individuals.
For more information on our processing activities, see our Appriss Services Processing Notice.
When we collect or otherwise process any Personal Data within the scope of data privacy laws and regulations applicable to the EU, including but not limited to the General Data Protection Regulation (GDPR) (EU) 2016/679, we do so where necessary under the following legal bases:
Where we rely on your consent to process Personal Data, you have the right to withdraw your consent at any time, and where we rely on legitimate interests, you may have the right to object to our processing.
Depending on the Appriss Services provided, we may share Personal Data with the following recipients and under the following circumstances:
If you access Appriss Services through a subscription administered by your organization, your Personal Data and certain usage data gathered through Appriss Services may be accessed by or shared with the administrators authorized by your organization for the purposes of usage analysis, subscription management and compliance, training course progress, performance and remediation, cost attribution and departmental budgeting.
We also may also disclose your Personal Data with third parties if we have a good faith belief that such disclosure is necessary to:
We may partner with companies that collect information about your interactions with our websites and mobile apps, as well as non-affiliated websites and mobile apps across the Internet and over time, to infer your interests. These companies use these inferences to display advertisements across the Internet to you on browsers and mobile devices, including devices that are associated together, that they believe are relevant to your interests. This type of advertising is called interest-based advertising (“IBA”).
You can find more information about IBA or opt out of IBA on this browser by companies that participate in the Digital Advertising Alliance’s WebChoices tool by visiting aboutads.info/choices or opt of out IBA on mobile devices by visiting: https://youradchoices.com/appchoices/. Your device may also include a feature that allows you to opt out of the use of information about your use of mobile applications for IBA purposes, such as “Limit Ad Tracking” for iOS devices. Also, within our Mobile Patrol app you can select “Ad Choices” from the settings menu to set your choice for that app. We adhere to the Digital Advertising Alliance’s Self-Regulatory Principles.
Selecting to opt-out of IBA through these methods will not stop advertising from being delivered to you online in this browser or mobile app, but that advertising may be less relevant to your interests. Information may still be collected from your browser or device for non-IBA purposes. Additionally, if you reset your cookies or device identifier you may need to reset your choices. If you use multiple browsers and devices you should set your choices
Where Appriss collects and controls your Personal Data, we may retain your Personal Data for a period of time consistent with the original purpose of collection. We determine the appropriate retention period for Personal Data on the basis of the amount, nature, and sensitivity of your Personal Data, the potential risk of harm from unauthorized use or disclosure, and whether we can achieve the purposes of the processing through other means, as well as the applicable legal requirements (such as applicable statutes of limitation).
Where Appriss processes your Personal Data on behalf of a Third Party Organization, the applicable retention period is usually determined by contract with such organization. We will usually retain your Personal Data as long as it is needed to fulfill the purpose of the contract, and, where applicable, will delete your Personal Data upon expiration of the contract, if not earlier. However, we may retain your Personal Data for a variant period of time consistent with the original purpose of collection, up to and including indefinite retention where appropriate and permissible.
Upon the expiration of any retention periods, your Personal Data will be deleted in a manner conforming to any applicable state or federal laws regarding the disposal of such Personal Data. If there is any information that we are unable, for technical reasons, to delete entirely from our systems, including such information stored in any offsite or otherwise archival databases to which access is limited, we will put in place appropriate measures to prevent any further use of such Personal Data.
Your Personal Data may be stored and processed in your region or another country where Appriss, its affiliates, and their service providers maintain servers and facilities, including but not limited to the U.S., Poland, and the UK.
Therefore, your Personal Data may be processed outside the European Union (“EU”), and in countries which are not subject to an adequacy decision by the European Commission and which may not provide for the same level of data protection as in the EU. In this event, we will ensure that such recipient offers an adequate level of protection,– for instance, by entering into “Standard Contractual Clauses” — for the transfer of data as approved by the European Commission (Art. 46 GDPR), or we will ask you for your prior consent to such international data transfers.
Our websites, apps, and mobile platforms are not directed at children. Appriss does not knowingly collect or process Personal Data from children under the age of 13, and Appriss does not target its websites, apps, or mobile platforms to children under the age of 13. Where a child is between the ages of 13 and 16 years, Appriss will only undertake the collection or processing of his or her Personal Data if and to the extent that consent is given or authorized by the holder of parental responsibility over the child.
You may have certain rights regarding your Personal Data, subject to local data protection laws.
If you are located outside the EU:
Consult the data protection laws applicable to your particular locality for more information on your possible rights regarding your Personal Data.
If you are a resident of California:
Under the California Consumer Privacy Act of 2018 (CCPA), and subject to certain qualifications, you may have the right to request free of charge:
Appriss does not sell any Personal Data we may collect directly from residents of California to any third party.
You have the right under European and certain other privacy and data protection laws, as may be applicable and subject to certain exceptions and limitations, to request free of charge:
To exercise your rights, please contact us in accordance with the “Contact Us” section below. We are enhancing our existing online request portal to handle these requests and will also accept emails sent to DPO@appriss.com.
If you are located in the State of California, we will comply with the CCPA requirement that we complete your request within 45 days, or 90 days if an extension is required. We will contact you if we need additional information from you in order to process your request.
If you are located in the EU, we will comply with the GDPR requirement to provide information without undue delay and, in any event, normally within one month of receipt of the request. We will contact you if we need additional information from you in order to process your request. It may take us longer than one month, taking into account the complexity of your request, and the overall number of requests we receive.
If your Personal Data has been provided to us by a Third Party Organization and you wish to exercise any rights you may have under applicable data protection laws, please inquire with the applicable organization directly. If you are an employee of a Third Party Organization, we recommend you contact your organization’s system administrator for assistance in correcting or updating your information.
In addition, if you have registered for an account with us, you may generally update your user settings, profile, or organization’s settings by logging into the applicable website with your username and password and editing your settings or profile. To update your billing information, discontinue your account, or if you are in the EU, to request return or deletion of your Personal Data and other information associated with your account, please contact us.
You can manage your receipt of marketing and non-transactional communications from us by clicking on the “unsubscribe” link located on the bottom of our emails, by replying or texting ‘STOP’ if you receive SMS communications, or by turning off push notifications on our apps on your device. Additionally, you may unsubscribe by contacting us using the information in the “Contact Us” section below.
Please note that opting-out of marketing communications does not opt you out of receiving important business communications related to your current relationship with us, such as information about your subscriptions, service announcements, or security information.
Appriss implements a variety of data privacy and security measures, including organizational, technical, and physical measures, which are designed to protect the integrity, confidentiality, and availability of Personal Data. While we follow generally accepted standards to protect Personal Data, no method of storage or transmission can be totally secure. You are solely responsible for protecting your password, limiting access to your computer and mobile devices, and signing out of websites, apps, and mobile platforms after your sessions. If you have any questions about the security of our websites, apps, or mobile platforms, please contact us at DPO@appriss.com.
If in the U.S., to:
Attn: Data Protection Officer
9901 Linn Station Rd., Suite 500
Louisville, Kentucky 40223, USA
If in the EU, to:
Attn: Data Protection Officer
120 Leman Street
London E1 8EU, UK
Phone: +44 (0)20 7430
We are absolutely committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, and you are located in the EU, you have the right to lodge a complaint with the competent supervisory authority.
Last update: June 2020