Privacy Policy

Rustici Software LLC and its group companies, within the Learning Technologies Group (“we” or “us”) are committed to protecting and respecting your privacy and want you to know how we handle the information we receive via our website and through our online services.

This policy sets out the basis on which any personal data we collect from you, or that you provide to us, either through our websites www.rusticisoftware.com, www.scorm.com, www.xapi.com, www.elearningatlas.com (“our sites”), our Content Controller service, our Managed Content Controller service, our SCORM Cloud service, and/or our Managed SCORM Engine service (collectively “our Services”), or as otherwise indicated to you by us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. For the avoidance of doubt, our Services are subject to their Terms of service, as referenced below. For the avoidance of doubt, our Services are subject to their Terms of service, as referenced below.

We are responsible for the operation of our sites and our Services. Our corporate details are: Rustici Software LLC, 210 Gothic Ct #100, Franklin, TN 37067, United States, Tel. +1 615-376-9867. We are part of the Learning Technologies Group (www.ltgplc.com).

Information we may collect from you

We collect and/or process the personal data of different categories of people across our sites and Services. The categories are:

  • Visitor – a person who is visiting our sites and who may fill out forms at our sites
  • User – a person who uses our Services as our customer to create or manage content
  • Learner – a person who takes a course through the SCORM Cloud Service, Managed SCORM Engine, or Content Controller service

Visitors:

If you are a visitor, we will only collect the information that you provide to us by filling in forms on our sites, providing us with your contact details, or by corresponding with us by phone, email, or otherwise. We maintain records of our correspondence for such period of time as we believe is reasonably required, except where you tell us otherwise.

We also use cookies on our sites, which may collect information as detailed further in the following section.

Users:

When you register for an account for one of our Services, we will collect relevant information to set up your account, such as your name, company name, and email address to be able to provide the Services. Users of paid plans are normally required to enter their credit card number. Further details on our payment intermediary are detailed later in this policy. If you sign up for a free SCORM Cloud account you are not required to enter a credit card unless and until you upgrade to a paid plan.

We also collect user data on the web pages and application functionality that you access or visit as part of the Services to the extent required for the proper operation and functioning of the Services. This data is collected to deliver and improve Services and includes eLearning content tracking data generated by learners, as described below. The Services may also be directly accessed through other websites. Personal information that you provide or submit to those sites may be sent to the Services in order to allow us to deliver the Services. We process such information under this Privacy Policy.

Learners:

When you take a course within one of our Services we will collect relevant information to set up your account, generally limited to your name, company name, and email address.

Where the course you take has tracking enabled (which is determined by our customer, the account owner), we will also collect data such as your quiz scores, the time you spent in training and other data related to your training performance. We will not use this information for our own purposes, but the account owner has access to this data for his or her own purposes and determines and controls how such information is used.

Where you require information on what information of yours is collected by account owners and customers of ours and for what purposes such data is used and processed, please contact the relevant account owner and customer of our Services.

Cookies

Our sites use cookies to distinguish you from other visitors to provide you with a better experience and to help us improve our sites. By continuing to browse our sites, you are agreeing to our use of cookies as stated below. We also use cookies as part of our Services to the extent reasonably necessary for us to provide these to you and Learners.

A cookie is a small data file placed on the hard drive of your computer when you visit a website. A “session cookie” expires when you end your session (i.e. close your browser). A “persistent cookie” stores information on your hard drive so when you end your session and return to the same website at a later date, the cookie information is still available. A “web beacon” is a small string of code that represents a clear graphic image, a redirect URL or JavaScript and is used in conjunction with a cookie.

Cookies used on our sites

Our sites may use session and persistent cookies. The cookies placed by our server are readable only by us, and cookies cannot access, read or modify any other data on your computer. We may use web beacons alone or in conjunction with cookies to compile information about your usage of our sites and interaction with emails from us. For example, we may place web beacons in marketing emails that notify us when you click on a link in the email that directs you to our sites, in order to improve our sites and email communications.

Our sites and the Services may contain links to other websites including share and/or “like” buttons. These other websites, services and applications may set their own cookies on users’ computers, collect data or solicit personal information. You should refer to their cookie and privacy policies to understand how your information may be collected and/or used.

Preference Cookies

We use preference cookies to collect information about your choices and preferences, and to allow us to remember preferred settings and customize our sites accordingly.

Analytical Cookies

We also use analytics cookies to collect information about your use of our site, and to enable us to improve the way our site works. For example, analytics cookies show us which are the most frequently visited pages on our site, help us record any difficulties you have with our site, and show us whether our advertising is effective or not. This allows us to see the overall patterns of usage on our site, rather than the usage of a single person. We use the information to analyse the site traffic, but we do not use information to identify individuals.

Marketing Cookies

We use Remarketing with Google Analytics to advertise online. Third party vendors, including Google, may show our ads on sites across the internet.

We, and third party vendors, including Google, use first-party cookies (such as the Google Analytics cookie) and third-party cookies (such as the DoubleClick cookie) together to inform, optimize, and serve ads based on someone’s past visits to our website. Remarketing cookies used by us expire after 30 days. To opt out of Remarketing or to control your ad preferences, please click here.

Controlling Cookies

Most web browsers have a “help” menu where you can review how to prevent your browser from accepting new cookies, how to have your browser alert you when you receive a new cookie or how to fully disable cookies on your browser. You can learn more about cookies at sites like www.aboutcookies.org. If you use your browser settings to block all cookies, you may not be able to access all or parts of our site.

Below are a list of cookies we use on our sites:

Provider Name Type Expiration Purpose Description Third-party opt-out
Google Analytics _ga, _gat, _gid, AMP_TOKEN, _gac_, 1P_JAR, CONSENT, NID, other possible cookies named here Session and Persistent End of Session – 20 years Analytical Used for the purpose of analytical tracking of behavior on the website. Not use to collect, store or process personal data. Google opt-out
HotJar All possible cookies named here Session and Persistent End of Session – 1 year Analytical Used for the purpose of analytical tracking of behavior on the website. Not use to collect, store or process personal data. HotJar opt-out
LinkedIn Bcookie, bscookie, BizoData, BizoID, BizoUserMatchHistory, other possible cookies named here Session and Persistent End of Session – 3 years Analytical & Marketing Used for the purpose of integrating social media features on the website and for tailored advertising.
Twitter Guest_id, Personalization_id, other possible cookies named here Session and Persistent End of Session – 2 years Analytical & Marketing Used for the purpose of integrating social media features on the website and for tailored advertising.
Pardot dtCookie, lpv271292, pardot, Visitor_id271292, other possible cookies named here Session and Persistent End of Session – 10 years Analytical & Marketing Used for the purpose of marketing automation including forms, landing pages, analytics tracking, social media integration and tailored advertising.
DoubleClick IDE, test_cookie, other cookies named here Session and Persistent End of Session – 1 year Marketing Tailored advertising Google opt-out

Cookies used in our Services

We also collect user data on the application functionality that you access as part of the Services to the extent required for the proper operation and functioning of the Services. This data is collected to deliver and improve Services and includes eLearning content tracking data generated by learners, as described above. Our Services are governed by our Terms of service, as specified below.

Below are a list of cookies we use for SCORM Cloud:

Provider Name Type Expiration Purpose Description Third-party opt-out
Google Analytics _ga, _gat, _gid, AMP_TOKEN, _gac_, 1P_JAR, CONSENT, NID, other possible cookies named here Session and Persistent End of Session – 20 years Analytical Used for the purpose of analytical tracking of behavior on the website. Not use to collect, store or process personal data. Google opt-out
Pardot dtCookie, lpv271292, pardot, Visitor_id271292, other possible cookies named here Session and Persistent End of Session – 10 years Analytical & Marketing Used to identify users that sign up for the SCORM Cloud after visiting our sites.
SCORM Cloud JSESSIONID, SC_SESSION, ContentAuth Session and Persistent Never Session Management Used to track a user’s application specific usage, allow access to course content, and keep the user logged into the application.
The ContentAuth cookie is the only cookie stored for learners that only access content via API launches or Dispatch launches.

Security Measures

We understand that the security of any data we collect as part of you visiting our site and/or using our Services is of great importance to you. We therefore make sure it is well protected.

Although we own the code, databases and all rights to our software applications, you retain all rights to your data. We maintain reasonable and appropriate security measures to protect your information from loss, destruction, misuse, unauthorized access and/or disclosure. These measures help ensure that your data is safe, secure, and only available to you and to those you provided authorized access. However, no data transmission over the internet or information storage technology can be 100% secure. Although we will do our utmost best to protect your personal data, we cannot guarantee the complete security of your data transmitted to our site or otherwise gathered by us; any transmission and supply of personal data to us is therefore at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.

Third Parties

We only make use of third parties where this is necessary for us to make our site available and offer our Services. We only work with third parties that warrant the implementation of appropriate security measures and practices to protect your data.

We use third party vendors and hosting partners to provide the necessary hardware, software, networking, storage and other technology and services required to operate and maintain our site and the Services. As part of this we may be required to transfer (some of) your personal information to these vendors and partners.

We use Amazon Web Services (“AWS”) as our hosting provider in hosting our Services. All SCORM Cloud data is processed in the AWS US-east-1 region in the United States. All Managed Content Controller and Managed SCORM Engine data is stored in a region of the customer’s choosing. Customers may for instance choose to have their Managed environment stored in European data centers. We have executed and implemented the AWS standard data processing addendum, which also includes the requirements stated in Art. 28 of the EU General Data Protection Regulation (“GDPR”).We use WP Engine as our hosting provider for our sites.

The personal information that we collect from you as part of our marketing efforts, including via our sites, is input directly into our Salesforce database, which is hosted and supported in the United States, and our Pardot database, which is hosted and supported in the United States.

Other third party vendors we use as part of our Services are currently Zendesk (our customer support portal; www.Zendesk.com), SendGrid (www.sendgrid.com), Basecamp (www.basecamp.com), SageIntacct (www.sageintacct.com), Logz (www.logz.io), as well as the online payment related vendors specified below.

Except as described in this policy, we will not share, give, sell, rent or loan any personal information to any third party, unless:

  • It is necessary to share information in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of Terms of Service of the specific Service, or as otherwise required by law
  • We are required to do so by relevant laws or regulations; and/or
  • We are acquired by or merged with another company. In this event, we will notify you before information about you is transferred and becomes subject to a different privacy policy

Our sites may, from time to time, contain links to and from the websites of our group companies, partner networks, clients, and/or affiliates. If you follow a link to any of these websites, please note that these websites are subject to their own privacy policies and that we do not accept any responsibility or liability for these sites and policies. Please check those policies before you submit any personal data to these websites.

Uses made of the information

We use your information for the following general purposes:

  • Sites and Services provisioning
  • Billing, user identification and authentication
  • To provide you with information about services via email or telephone that you request from us or which we feel may interest you
  • To carry out our obligations arising from any contracts entered into between you and us or to enable us to deal with any query you have raised
  • To allow you to participate in interactive features of our Services, when you choose to do so
  • To notify you about changes to our Services
  • To administer our sites and/or the Services (as applicable) and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes and as part of our efforts to keep our site and Services safe and secure.

How long do we store your data for?

We will keep a copy of your personal data for as long as you remain registered with our sites/the applicable Services or are the contact person or learner of any customer we are dealing with and thereafter for such period as may be required for our legitimate purposes and in compliance with any legal, audit and compliance requirements, provided that in certain cases as outlined below under “Your right” we may delete such data on your request, and further provided that in regard to Services, our specific Terms of service with you or the relevant customer organization may include relevant specific provisions.

Online payments and billing

If you make a purchase for any of our Services, you normally will be required to provide your payment details. These details will be made available in part to both the payment gateway and merchant bank involved. We ourselves will not receive and/or store your credit card details. More details can be found below.

We use Authorize.net as our payment gateway. Authorize.net’s privacy policy can be found here: https://www.authorize.net/company/privacy/. Authorize.net sends your data onto our merchant bank, to verify the transaction. We use Pinnacle Bank (https://www.pnfp.com/) as our merchant bank for the collection of payments from you. Once Pinnacle Bank has received authorization that the transaction is complete, it sends this information back to Authorize.Net, which informs you and us that your transaction is complete.

Your personal data will only be used by Authorize.net and Pinnacle Bank for the purposes of processing your payment, and will be securely encrypted. Authorize.net and Pinnacle Bank are both based in the United States, so your transaction may involve your personal data being transferred outside of the EEA directly to them, if you are based in Europe.

We also use Cheddar (www.getcheddar.com) to collate information from our Services in order to calculate and communicate monthly billing to our customers. Cheddar’s Privacy Policy can be found here: https://www.getcheddar.com/privacy. When you make a monthly billing payment, Cheddar will send information to Authorize.net at the backend to process your payment. Authorize.net will then interface with Pinnacle Bank as described above.

Legal basis of our processing of your personal data

We make sure that we only collect and process your data when we have a lawful basis to do so.

Where we operate our sites and perform our marketing efforts, as well as where you open a Services account with us, we determine and control the way in which we process your personal data. We normally market on the basis of your consent, and process your personal data as part of your account registration and our ongoing customer interactions with you based on our legitimate interests of promoting, growing and developing our business and in order to perform our obligations under the contract between us.

In other situations we normally act on behalf of a customer of ours and perform any related data processing on the basis of our legitimate interests of promoting, growing and developing our business and in order to perform our obligations under a contract between us and such customer. In such situations, the relevant customer and account owner is the controller of your data and determines its use.

Your rights

We acknowledge and respect your rights as an individual. If you wish to exercise any of your lawful rights or have questions in this regard, please reach out to us via the contact details provided below.

You have the right to ask us not to process your personal data for marketing purposes. You may also choose not to receive publications or certain other communications from us by explicitly indicating so in the appropriate section of the Registration Form or by opting-out by phone, email or via direct marketing emails sent to you.

We will inform you (before collecting your data) if we intend to use your data for marketing purposes or if we intend to, or may disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by (un)checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at the contact details included in this privacy policy, or by unsubscribing per the method outlined in any emails sent or during any phone calls with you.

You may also have the right to ask us to provide you with data held on you, amend any inaccurate personal data held on you, and/or to delete such data. However you should be aware that if you request your details to be deleted, this will mean we will have no record of any opting out that you may have requested and that you therefore may receive unsolicited communications in the future. Where we are processing your information on behalf of our customer, you are generally required to exercise any such rights directly with our customer, being the organization or individual that determines the processing.

Under California Civil Code sections 1798.83 – 1798.84, California residents who have an established business relationship with us are entitled to ask us for a notice describing what categories of personal customer information we share with third parties for those third parties’ direct marketing purposes and to opt-out of sharing your personal information with third parties for direct marketing purposes. That notice will identify the categories of information shared and will include a list of the third parties with which it was shared, along with their names and addresses. If you choose to opt-out or would like a copy of this notice, please submit a written request to us at the address stated above. Please allow 30 business days for a response.

Children’s personal information

In accordance with the Children’s Online Privacy Protection Act (“COPPA”) and the GDPR, our Services are not intended to be used by children and we do not knowingly request, solicit, access or receive personal information (as defined in COPPA and the GDPR, as applicable) from anyone under the age of 13 and 16 respectively. Where we are aware that any personal information submitted through our sites or our Services belongs to a child, we will delete this personal information from our records.

Whilst this is not our intention, our Services could be used to collect personal information from children under the age of 16. Where you make use of our Services to collect such personal information, you become an “operator” under COPPA and it becomes your obligation as our customer to comply with the relevant requirements of the COPPA and/or the GDPR, as applicable (and any other applicable laws and regulations).

While it is your responsibility, not ours, to ensure compliance with COPPA and the GDPR where you act as our customer and are the account owner and determine the data collection and processing, in the event we have actual notice that you have collected personal information in violation of COPPA and/or the GDPR, we will require you to comply with COPPA and/or the GDPR, and we may delete any violating personal information you are processing without notice.

EU Privacy Shield

Rustici Software is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). We comply with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries.

We have certified that all of our aforementioned processing adheres to the Privacy Shield Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, and recourse, enforcement and liability (“the Principles”). If there is any conflict between the policies in this privacy policy and the Principles, the Principles shall take precedence. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/.

In compliance with the Principles, we have committed to resolve complaints about your privacy and our collection or use of your personal information. European Union individuals with inquiries or complaints regarding this privacy policy should first contact us at privacyshield@scorm.com. We have further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive a timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint. Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.

Art. 27 GDPR – EU representative

We have appointed Leo Learning Limited (“LEO”), one of our group companies, to act as our designated representative within the EEA for the purposes of Art. 27 of the GDPR.

The corporate details of LEO are: Leo Learning Limited, 52 Old Steine, Brighton, East Sussex, BN1 1NH, United Kingdom. Its corporate website is www.leolearning.com.

To ensure our compliance, LEO is mandated to be addressed in addition to, or instead of us, by supervisory authorities and data subjects with any issues related to our processing of personal data. This designation is without prejudice to legal actions which could be initiated against us.

Terms of service

When you access and use the SCORM Cloud service as a user, you are subject to the SCORM Cloud Terms of Service. By licensing our Content Controller or Managed SCORM Engine services, you are subject to the Terms of Service as included in your license Agreement with us.

Disclaimer

We disclaim all liability related to your collection and use of personal information through our Services.

Changes to our privacy policy

This policy may be updated by us from time to time, so please check this policy periodically to ensure you are aware of our latest policies.

Contact

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to privacy@ltgplc.com. Complaints should be sent to the same email address or to our corporate offices, per the address details stated above.