Last Updated Date: June 2022
This policy explains:
- What this policy covers
- What information we collect about you
- How we collect information
- How we use personal information
- How we share personal information
- How to access and control your personal information
- Where we store and process personal information
- Cookies and similar technologies
- Other important privacy information
- How to contact us
1. WHAT THIS POLICY COVERS.
Pragmatic offers a wide variety of products and services, and we refer to all of our products, services, events, and the Pragmatic Websites collectively as our “Services”. Our Services include but are not limited to courses, certifications, fellowship programs, websites, newsletters, magazines and surveys.
2. WHAT INFORMATION WE COLLECT ABOUT YOU.
We rely on various legal reasons and permissions (each, a “legal basis”) to process your personal data, including your consent, when given, a balancing of legitimate interests, necessity to enter into and perform contracts and Services, and compliance with legal obligations, for a variety of purposes described below.
You have choices when it comes to the Services and features that you use and the data you share. When you are asked to provide personal data, you can decline. Many of our Services require some personal data to operate and provide the Services or features to you. If you choose not to provide data necessary to operate and provide certain Services or features, then you cannot use those Services or features. Likewise, when were are required by law to collect personal data or when we need to collect personal data to enter into or carry out a contract with you, and you do not provide the data, we will not be able to enter into the contract; or if this relates to existing Services you are using, we may have to suspend or terminate your access to those Services. We will notify you if that is the case at that time. Where providing the data is optional, and you choose not to share personal data, certain features like personalization that use the data will not work for you.
In order to use some of our Services, you are required to activate and use a Pragmatic User Account (a “Pragmatic User Account”). In some cases, you can create a Pragmatic User Account yourself, and in other cases a Pragmatic User Account may have been created for you by, or on behalf of, an organization that you are affiliated with (such as your employer).
The information we collect depends on the context of your interactions with us and the choices you make (including your privacy settings), the Services and features you use, your location, and applicable law. The information we collect can include the following:
- Identity Data: Your full name, nickname, preferred title (e.g., Mr., Ms., Dr., etc.) and date of birth (collectively, “Identity Data”).
- Contact Data: Your e-mail address, phone number, physical address, mailing address, and other similar contact information (collectively, “Contact Data”).
- Profile Data: Your Login Credentials and other biographic information associated with your Pragmatic User Account (collectively, “Profile Data”).
- Login Credentials: Passwords, password hints, security questions and answers, and similar security information used for account access and authentication (collectively, “Login Credentials”).
- Educational background and occupation data: Data related to your educational background (such as your certifications and degrees), your occupation, your employer or associated organization (such as your occupation, job title, employer’s name, and your employee number), your industry, and other similar data.
- Financial Data: Data necessary to process payments, such as credit or debit card number, expiration date, CVV/CSV/CSC or other security code, and billing address, or other payment information (collectively, “Financial Data”).
- Transaction Data: Information about transactions between you and Pragmatic, including information about payments associated with your Pragmatic User Account, and details about the Services, products, and subscriptions you have purchased from us.
- Subscription and licensing data: Information about your subscriptions, licenses, and authorizations relating to our Services.
- Interaction and usage data: Information about your use and interaction with our Services or your potential or intended use of our Services, such as:
- Technical Data: Data about the devices you use to access our Services, including the device hardware, operating environment (such as browser type and version, browser plugins installed, operating system type and version, regional and language settings, screen size and/or resolution, windows size, and page size), access dates and times, internet protocol (IP) addresses, URLs of referring/exit pages, and other similar data (collectively, “Technical Data”).
- Usage Data: Data about our Services and features that you use, including your settings relating to our Services and how our Services perform, and data about the Pragmatic Websites and pages, articles, media, and other content you access (collectively, “Usage Data”).
- Payment and account history: Data about the products, services, features, and event registrations you purchase (or that others purchase for, assign to, your account) and the activities associated with your Pragmatic User Account.
- Other input: Other text, media, and submissions you provide when you use our Services.
- Content: Content of files you submit, upload, receive, or create through our Services and other messages and communications you submit or receive through our Services.
- Feedback: Information you provide to use and the content of messages you send us, including feedback, survey data, and reviews of our Services.
3. HOW WE COLLECT INFORMATION.
We use different methods to collect information from and about you, including through:
- Direct interactions. You may give us your personal information by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal information you provide when you:
- request, order, or apply for our Services;
- create or activate a Pragmatic User Account;
- subscribe to our Services or publications;
- request marketing to be sent to you;
- enter a competition, promotion, or survey; or
- give us feedback or contact us.
- Third parties or publicly available sources. We will receive personal information about you from various third parties (ex: your employer when said employer registers you for Servics) and public sources, including as described below:
- Technical Data and Usage Data from analytics providers, such as Google.
- Contact Data, Financial Data, and Transaction Data from providers of technical, payment, and delivery services.
- Various types of information about you from your organization or employer if you access or use our Services through an account established by your employer or third-party organization.
4. HOW WE USE PERSONAL INFORMATION.
4.1. Overview of how we use personal information.
How we use the information we collected depends, in part, on the Services and features you use, how you use them and any preferences you have communicated to us. We use data to:
- Provide our Services, including securing, troubleshooting, and providing support and customer service related to our Services. We also share data when it is required to provide the Services or carry out the transactions you request.
- Improve and develop our Services.
- Research and analysis.
- Personalize our Services and make recommendations.
- Processing payments made through the website for Services.
- Advertise and market to you, which includes sending promotional communications, targeted advertising, and presenting relevant offers to you.
- Operate our business, including analyzing our performance, meeting our contractual and legal obligations, and performing research.
When we process personal data about you, we only do so with your consent and/or as necessary to provide the Services to you, operate our business, meet our contractual and legal obligations, protecting the security of our systems, users, customers, and third parties, or to fulfill other legitimate interests of Pragmatic as described in this Section 4 and in Section 5 below. When we transfer personal data from the European Economic Area, we do so based on a variety of legal mechanisms, as described in Section 4.3 below.
4.2. More details on the purposes of processing.
Below are additional details about the purposes for which we process information:
- Provide and Improve our Services. We use and process information to operate our Services. We also use information to contact you, such as contacting you by phone or email to inform you when an accreditation is expiring and to discuss certifications or course work with you. We also communicate with you about updates to our Services, your accreditations or courses and your registrations. We also use information to continually improve our Services, including adding new features, options, and capabilities.
- Some of our Services include recommendations and other personalized features, which may use automated processes to tailor your experiences using our Services based on the information we have about you, including inferences we make about you and your use of our Services, activities, and location.
- Customer Support. We use information to provide customer care and support services.
- Protecting Rights, Property, and Safety. We use information to protect the safety of our Services, our customers, and third parties. We also use information to detect and prevent fraud, enforce agreements, resolve disputes, and protect our rights and property. For example, we may use automated processes to detect and prevent activities that violate our rights or the rights of others, such as unauthorized access to Pragmatic User Accounts.
- Relevant Offers. We use information about you to provide you with relevant and valuable information regarding our Services. We analyze information from a variety of sources to predict the information that will be most interesting, useful, and relevant to you and to deliver that information to you in a variety of ways.
- Promotional Communications. We also use information to deliver promotional communications. You can sign up for e-mail subscriptions and choose whether you wish to receive promotional communications from us by e-mail, physical mail, and telephone. For more information about managing your communication preferences and contact information, see Section 6 below.
- Processing Transactions. We use information to carry out your transactions with us. For example, when customers purchase subscriptions to our Services, we process their financial information, and when customers purchase physical goods, we use their contact information to deliver the purchased items.
- Business Operations. We use information to analyze our operations and perform business intelligence, which enables us to make informed decisions.
- Legal Compliance. We process information to comply with the law. For example, we use the location of our customers to comply with applicable sales tax laws. We also process information to help our customers exercise their data protection and privacy rights.
- Research and Development. We use information to enhance our current Services and to develop new products and services. For example, we use information, often in an aggregate or de-identified form, to better understand our customers’ needs, which helps inform that development. We also use information, with appropriate technical and organizational measures to safeguard the rights and freedoms of individuals, to conduct research, including for public interest and scientific purposes.
4.3. Legal bases for processing (for European Economic Area users). If you are an individual in the European Economic Area (EEA), we collect and process information about you only where we have a legal basis for doing so under applicable laws. The legal bases depend on the Services and features you use and how you use them. Accordingly, we collect and use your information only when:
- We need it to provide the Services to you or your organization, including to operate the Services, provide customer support and personalized features, and to protect the safety and security of the Services;
- It satisfies a legitimate interest (which is not overridden by your data protection interests), such as to market and promote the Services, to protect our legal rights and interests, to fulfill our contractual obligations to your organization, and for research and development;
- You give us your consent to do so for a specific purpose; or
- We need to process your information to comply with a legal obligation.
5. HOW WE SHARE PERSONAL INFORMATION.
We share information we collect about you in the ways discussed below, including in connection with possible business transfers.
5.2. Sharing with third parties. We share information with third parties that help us operate, provide, improve, integrate, customize, support, and market our Services. If you access our Services through an employer established account, we also share information as directed by your employer or other organization.
5.2.1. Service Providers. We use various third-party service providers to provide website and application development, hosting, maintenance, backup, storage, virtual infrastructure, billing and payment processing, technical support and services, database management, contact management, analysis, and other services for us, which may require us to store information about you on their systems or may require them to access or use information about you. Before providing our service providers with access to information about you to perform services on our behalf, we require such service providers to enter into binding contracts with us that require them to comply with policies and procedures designed to protect your information.
5.2.2. With your consent. We share information about you with third parties when you give us consent to do so. We will not knowingly disclose your personal information to a third party if we know or have reason to believe that the third party will use your personal information for direct marketing purposes, unless you opt-in or otherwise expressly consent for such sharing.
5.2.3. Pursuant to your organization’s directions. If you access our Services through an employer established account, we also share information as directed by your employer or other organization..
5.2.4. Compliance with Applicable Laws, Enforcement Requests, and Protecting Rights and People. We may share information about you with a third party if we have a good faith belief that sharing that information is reasonably necessary: (i) to comply with any applicable law, regulation, legal process, subpoena, or governmental request; (ii) to enforce our agreements, policies, and terms of service; (iii) to protect the integrity and security of our Services; (iv) to protect Pragmatic, our customers and users, children, or the public from harm or illegal activities; or (v) to respond to an emergency which we believe requires us to disclose information to assist in preventing the death or serious bodily injury of any person.
6. HOW TO ACCESS AND CONTROL YOUR PERSONAL INFORMATION.
6.2. Your communication preferences. You can choose whether you wish to receive marketing or promotional communications from Pragmatic by e-mail, physical mail, and telephone. If you receive promotional e-mail messages from us and would like to opt-out, you can do so by following the directions contained in those messages or by completing this form.
6.3. Employer/Organizational Accounts. If your employer or other organization provides you with access to our Services and/or you access our Services, your use of our Services is subject to your organization’s policies, if any. In that case, your choices may be limited, and you should direct your privacy inquiries, including any requests to exercise your data protection rights, to your organization’s administrator. When we provide Services through an employer or organization established account, your organization is the “data controller” and we are the “data processor”. We are not responsible for the privacy or security practices of our customers, including any organization you are affiliated with, which may differ from those set forth in this privacy statement. In addition, you may lose access to your Pragmatic User Account and to the Services, content, and materials associated with that account, if your affiliation with that organization ends.
6.4. European Economic Area Users. If you are an individual in the European Economic Area (EEA), you have the following rights under data protection laws in relation to your personal data, which you may exercise by contacting us using any of the methods described in Section 10 below:
- Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. You may request access to your data by completing this form.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal data (commonly known as the “right to be forgotten”). This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. You may request to be forgotten by completing this form.
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: If you want us to establish the data’s accuracy. Where our use of the data is unlawful but you do not want us to erase it. Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims. You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you. You may request a copy of your data by completing this form.
- Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
6.4.1. What we may need from you. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
6.4.2. Response time. We try to respond to all legitimate requests within thirty (30) days. Occasionally it could take us longer than thirty (30) days if your request is particularly complex or you have made multiple requests. In that situation, we will notify you and keep you updated.
6.4.3. No fee usually required. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
7. WHERE WE STORE AND PROCESS PERSONAL INFORMATION.
We collect information globally and primarily store and process that information in the United States. We may transfer, process, and store your information outside of your country of residence to wherever we, or our third-party service providers, operate for the purpose of providing our Services. Whenever we transfer your personal information, we take appropriate measures to protect it.
We transfer personal data from the European Economic Area and Switzerland to other countries, such as the United States, some of which have not yet been determined by the European Commission to have an adequate level of data protection. When we engage in such transfers, we use a variety of legal mechanisms, including contracts, to help ensure your rights and protections travel with your data. To learn more about the European Commission’s decisions on the adequacy of the protection of personal data in the countries where Pragmatic processes personal data, we suggest that you review this article on the European Commission website.
8. COOKIES AND SIMILAR TECHNOLOGIES.
8.2.1. Essential Processes and Security: To enable essential functions of the Pragmatic Services, such as to facilitate logging you in to the Pragmatic Services, facilitating payments, protecting your security, and helping us fight spam, abuse, and violations of the agreements governing your use of the Services.
8.2.2. Preferences: To remember information about your browser and your preferences.
8.2.3. Performance, Analytics, and Research: To help us understand and measure how you use our Services and to improve our Services.
9. OTHER IMPORTANT PRIVACY INFORMATION.
- feedback from customers, regulators, and others,
- changes to our Services,
- changes in technology,
- changes in our business, or
- changes in our data processing activities or policies.
9.2. Payment Information and Processing. We may, from time to time, use one or more third party payment processors to process payments made in connection with the Pragmatic Services, and we may share or transmit your Financial Data to our payment processors. You acknowledge and agree that the processing of payments is subject to the terms and privacy policies of our payment processors and that we are not responsible for enforcing them.
9.3. Children Under Age 13. We are committed to protecting the privacy of children under the age of thirteen (13) years (each a “Child” and collectively, “Children”). Access to and use of the Pragmatic Services by Children is prohibited. The Pragmatic Services are not designed for or marketed to Children, and we do not knowingly collect personal information from Children. If we learn we have collected or received personal information from a Child, we will delete that information. If you believe we might have any information from or about a Child, please contact us.
9.5. Do Not Track Policy. California law requires that operators of websites and online services disclose how they respond to a Do Not Track signal. Some browsers have incorporated “Do Not Track” features. Most of these features, when turned on, send a signal or preference to the website or online service that a user visits, indicating that the user does not wish to be tracked. Because there is not yet a common understanding of how to interpret Do Not Track signals, we do not currently respond to Do Not Track signal. You do have the option to opt-out in accordance with the provisions of 6.2 above.
9.8. Our retention of personal information. We retain personal data for as long as necessary to provide our Services and fulfill the transactions you have requested, or for other legitimate purposes, such as complying with our legal obligations, resolving disputes, and enforcing our agreements. Because these needs can vary for different types of information, the context of your use of our Services or our other interactions with you, the actual retention periods can vary significantly. After the applicable retention period, we will either delete or anonymize your personal information or, if that is not reasonably feasible (for example, because the information has been stored in a backup archive), then we will securely store your personal information and isolate it from any further use. If we anonymize your personal data (so that it can no longer be associated with you), we may use that information indefinitely without further notice to you.
- Account information. We retain the information associated with your Pragmatic User Account until your Pragmatic User Account is closed. After your Pragmatic User Account is closed, we will retain some of your personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
- Employer/Organization Established User Accounts. If you access or use our Services through an account established by an employer or organization, we will retain your personal information as long as required by the administrator of your employer/organizational account.
- Marketing information. If you have chosen to receive marketing communications from us, we retain your Contact Data and your marketing preferences unless you specifically ask us to delete such information.
9.8.1. Personal information in backups. After personal data is deleted or anonymized in our production (primary) systems, copies of the personal data may remain in our backups for a limited period of time until it is overwritten, replaced with subsequent backups, or otherwise deleted pursuant to our backup retention schedule. Personal data that was previously deleted or anonymized based on your request or the expiration of the applicable retention periods, but which remains in our backups, will be put beyond use, and we will:
- not use the personal data to inform any decision in respect of any individual or in a manner that affects the individual in any way;
- not give any other organization access to the personal data (or, in the case of a service provider hosting a backup on our behalf, we will ensure that the service provider is prohibited from accessing the personal data);
- protect the personal data with appropriate technical and organizational security measures; and
- permanently delete the personal data in accordance with our backup retention schedule.
If we ever access or restore data from our backups, we will take appropriate technical and organizational measures to ensure that personal data that was previously deleted or anonymized pursuant to your request is not processed again after the restoration and is promptly deleted or anonymized again.
9.9. Security. We have implemented appropriate security measures so safeguard your personal data from accidental loss or deletion and from unauthorized access, use, alteration, and disclosure. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to access that information. We require all such persons to process your personal data only pursuant to our instructions, and all such persons are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach, and we will notify you and any applicable governmental authority of a breach when we legally required to do so. The safety and security of your information also depends on you. You are responsible for safeguarding your Login Credentials associated with your Pragmatic User Account and notifying us immediately if you suspect your Login Credentials for your Pragmatic User Account have been compromised. We urge you to be careful about giving out information in public areas of the Pragmatic Services. The information you share in public areas may be accessed by any of our users. You are strongly cautioned to never share sensitive information with other users through the Pragmatic Services.
10. HOW TO CONTACT US.