Appriss Privacy Policy

At Appriss, we take the utmost care in protecting the privacy and integrity of your personal information.  This Appriss Privacy Policy provides you with information about how we collect, use, and disclose your personal information.

About This Privacy Policy
Summary of Key Points

Personal Data You Provide to Us

Personal Data Provided By A Customer, Governmental, or other Third Party Organization

Personal Data Obtained From Other Sources

Using Your Personal Data
Legal Bases For Collection And Processing of EU Personal Data
Sharing Your Personal Data

Appriss Companies and Service Providers

Appriss Customer Organizations and Licensors

Sharing Consistent With Your Choices

Legal Purposes

Data Retention
Locations of Processing Personal Data
Children’s Privacy
Your Data Subject Rights

If you are located outside the EU:

If you are a resident of California:

If you are located in the EU:

How to exercise your rights regarding Personal Data

Communications Preferences
Data Privacy and Security
Changes to this Privacy Policy
Contact Us

About This Privacy Policy

At Appriss, we take the utmost care in protecting the privacy and integrity of your personal information. This Appriss Privacy Policy provides you with information about how we collect, use, and disclose your personal information.

This Appriss Privacy Policy (“Privacy Policy”) describes the privacy practices of Appriss’s websites, applications (“apps”), and mobile platforms. Please read this Privacy Policy carefully to learn how we collect, use, share, and otherwise process personal information relating to individuals (“Personal Data”), and your rights and choices regarding our processing of your Personal Data.

Any references to “Appriss,” “we,” “us,” “our,” or the “Company” is a reference to Appriss Inc., a Delaware corporation with headquarters in Louisville, Kentucky, which includes the business units operating under the trade names Appriss Health and Appriss Safety, and Appriss Retail, with headquarters in Louisville, Kentucky.

This Privacy Policy applies to the following activities and circumstances:

  • Visiting our websites or using our web-based services, desktop apps, mobile apps, or mobile platforms which display or contain a link to this Privacy Policy;
  • Attending our seminars, webinars, or other presentations;
  • Visiting our offices;
  • Receiving communications from us, including emails, texts, phone calls, or faxes;
  • Requesting more information from Appriss about our products and services;
  • Participating in our web-based or app-based public forums such as our social media pages and accounts, blogs, or any other publicly shared discussion forums;
  • An organization with which you are employed or affiliated provides us with certain Personal Data about you;
  • Our affiliates, governmental organizations, or other third parties with which you interact provide us with certain Personal Data about you;
  • We obtain publicly-available Personal Data about you through legally permissible means.

The activities listed above are collectively referred to in this Privacy Policy as “Appriss Services.

Your relationship with Appriss stems from the Appriss Services you receive and your location where the Appriss Services are provided.  Your relationship will be with the specific Appriss entity providing you the Appriss Services. Where applicable, the laws of the Commonwealth of Kentucky will apply. If you receive the Appriss Services outside of North America, applicable laws will vary depending on your region. If you are located in the EU, certain data privacy laws and regulations applicable to the EU apply, including but not limited to the General Data Protection Regulation (GDPR) (EU) 2016/679.

Where applicable, please also see the Appriss Terms of Use and any additional terms of use or product license agreements that may apply to the particular Appriss Service you are using.

This Privacy Policy does not apply to the activities of third parties such as our business customers, i.e. if our customers create their own websites, apps, or mobile platforms, where customers may sell or offer their own products and services, when customers send electronic communications to individuals, or where our customers collect and analyze Personal Data from individuals. The information practices of third party services are governed by the third party privacy statements, which we encourage you to review to better understand those privacy practices.

Summary of Key Points

  • Where your consent is required, we will obtain your permission before (i) sending you news and promotional material about Appriss; (ii) accessing information stored on your computer or mobile device relating to your use of, and engagement with, our websites, apps, and mobile platforms; and (iii) using automated systems to analyze your content. You can withdraw your consent to online tracking and the receipt of promotional materials at any time. Appriss Cookie Notice
  • This Privacy Policy explains when and for what purposes we utilize your Personal Data pursuant to contract or for our legitimate interests, as applicable. If you are located in the EU, the UK, or the State of California you may have certain data subject rights related to our handling of your Personal Data.
  • We use your Personal Data to enable you to register with Appriss and to provide you with our websites, apps, and mobile platforms, and other products or services that you request. We also provide interactive features that engage with social media sites such as Facebook, LinkedIn, and Twitter. If you use these features, these social media sites will send us Personal Data about you.
  • We use cookies and other technologies to track the use of our websites, apps, and mobile platforms. To learn more about what cookies we use, our purposes for using those cookies, and your opportunities to allow or block certain cookies, click here: Appriss Cookie Notice
  • We may disclose your Personal Data to other companies within the Appriss corporate family and with advertising and sales partners consistent with your choices. We also may share Personal Data with third parties we engage to process information on our behalf or when such sharing is required by law, or in certain other situations.
  • We may utilize your Personal Data in the U.S. and within other countries, any of which may be outside the country in which you reside. If your data originates in the EU, we use European Commission approved Standard Contractual Clauses to help protect your Personal Data.

Types of Personal Data We Collect

Personal Data You Provide to Us

Where Appriss collects Personal Data directly from you, we are the controller of your Personal Data and are responsible for the collection, processing, and disclosure of your Personal Data as described in this Privacy Policy. The Personal Data that we collect directly from you may include the following: contact information, financial information, registration information, device and usage information, user submissions, and other visitor information, as well as any other information type that we expressly ask you to enter and submit to any of our websites, apps, or mobile platforms:

  • Contact Information: If you express an interest in obtaining additional information about our products or services, request customer support, use our “Contact Us” or similar features, register to attend our seminars, webinars, or other presentations, register to use our websites, apps, or mobile platforms, or download certain content, we generally require you to provide us with your contact information, such as:
    • your name, interest, job title, company name, address, phone number, email address, communications preferences, or username and password;
  • Financial Information: If you make purchases via our websites, apps, or mobile platforms, we may also require you to provide us with financial information and billing information, such as:
    • billing name and address, credit or debit card number, or bank account information;
  • Registration Information: If you register for any apps, mobile platforms, or any web-based or app-based online community that we host, or register to attend our seminars, webinars, or other presentations, we may ask you to provide registration information, such as:
    • a username, photo, and/or biographical information, such as your occupation, social media profiles, company name, and areas of expertise;
  • Device and Usage Information: If you use and interact with our websites, we automatically collect device and usage information, through common information-gathering tools such as:
    • log files and other information about your computer or mobile device and your usage of our websites through cookies, web beacons, or similar technologies, such as IP-addresses or other identifiers, which may qualify as Personal Data;
  • User Submissions: If you post any personal or other information for public consumption to any of our websites, apps, mobile platforms, or any web-based or app-based online community that we host, which information may include your tips, updates, alerts, comments, feedback, or any other information that you voluntarily provide (your “Submissions”), we may display your Submissions on any of our websites, apps, mobile platforms, or any web-based or app-based online community that we host.
  • Visitor Information: If you visit our offices, you may be required to register as a visitor and to provide visitor information such as:
    • your name, driving license or other form of picture identification, email address, phone number, company name, and time and date of arrival and exit.
Personal Data Provided By A Customer, Governmental, or other Third Party Organization

If your data has been submitted to us by an Appriss customer, governmental, or other third party organization (collectively, “Third Party Organization”), we operate as the processor of your Personal Data. Such Third-Party Organization(s) may include governmental or public service entities with which you interact, the public or private organization with which you are employed, or with which you are affiliated for purposes of a transaction or for one or more other lawful purposes, as well as data providers, biographical sources, broadcast content providers, social media providers and public source information such as government watch and sanction lists, which may be aggregated.

The Personal Data we collect about you from Third Party Organizations may include, but is not limited to, the following:

  • Contact details, such as your name and organizational email address, postal address, and phone number;
  • Other account registration such as job title and other employment information;
  • Organizational user ID;
  • Date of Birth;
  • Sex/Gender;
  • Country of Residence;
  • Government identification numbers such as social security or national insurance numbers;
  • Employment and education details, which may include details of public, religious, political or trade union roles;
    Personal and professional affiliations;
  • Information from newspapers blogs, social media and other websites;
  • Financial information relating to income or wealth, such as net worth, bankruptcy or insolvency filings;
  • Inclusion on a sanctions list or a public list of disqualified directors or other positions of responsibility;
  • Criminal background or history;
  • Medical and prescription history;
  • Reported allegations of theft, money laundering, bribery and corruption and similar criminal activities.
Personal Data Obtained From Other Sources

We may also collect Personal Data about you from certain affiliates and other third parties, including but not limited to:

  • Social networks, when you grant us permission to access your data on one or more networks;
  • Service providers that help us determine a location in order to customize certain products to your location;
  • Businesses with which we may offer co-branded services or engage in joint marketing activities;
  • Publicly-available sources and data suppliers from which we obtain data.

Using Your Personal Data

When we are the controller of your Personal Data, we collect and process your Personal Data for one or more of the following purposes:

  • Providing, activating and managing your access to and use of Appriss Services;
  • Processing and fulfilling a request, order, download, subscription or other transaction related to Appriss Services;
  • Providing technical, product and other support and to help keep all Appriss Services working, safe and secure;
  • Enhancing and improving Appriss Services and any of our other products, events, and services, and to develop new products, services and benefits;
  • Offering you customized content and other personalization to make Appriss Services more relevant to your interests and geography;
  • Responding to your requests, inquiries, comments and concerns;
  • Notifying you about changes, updates and other announcements related to Appriss Services;
  • Delivering targeted advertisements, promotional messages, notices and other information related to Appriss Services and your interests;
  • Providing you with promotional messages and other information about products, events and services of ours, our affiliates and third parties such as sponsors;
  • Inviting you to participate in user testing and surveys;
  • Identifying usage trends and developing data analysis, including for purposes of research, audit, reporting and other business operations, including determining the effectiveness of our services and evaluating our business performance, or in other ways pursuant to a customer agreement;
  • Complying with our legal obligations, resolving disputes, and enforcing our agreements.

Where we need to collect and process Personal Data by law, or under a contract we have entered into with you, and you fail to provide that required Personal Data when requested, we may not be able to perform the contract.

When we are the processor of your Personal Data, we may process your Personal Data to enable our customers to achieve any one or more of the following purposes:

  • Complying with legal and regulatory obligations to conduct due diligence and other screening activities;
  • Conducting risk management activities for which there is a substantial public interest;
  • Providing information that may impact customer’s organization, brand, or customer base;
  • Enabling informed commercial and business risk decisions.

Your Personal Data may include personal information which is a matter of official court, public, and/or criminal record, in which circumstance such Personal Data has been supplied to Appriss for publication to our customer organizations by the public entities concerned in the interests of upholding and protecting the rule of law, and promoting the safety interests of the public.

It is important to note that Appriss has no power over what is reported in official court, public, or criminal records. It is for the courts and applicable law enforcement entities to decide what Personal Data is to remain within the records that they disclose, and the balance to be struck between the public interests in disclosure and the privacy rights of individuals.

For more information on our processing activities, see our Appriss Services Processing Notice.

Legal Bases For Collection And Processing of EU Personal Data

When we collect or otherwise process any Personal Data within the scope of data privacy laws and regulations applicable to the EU, including but not limited to the General Data Protection Regulation (GDPR) (EU) 2016/679, we do so where necessary under the following legal bases:

  • To provide one or more Appriss Services, fulfill a transaction or otherwise perform a contract with you or at your request prior to entering into a contract;
  • To comply with applicable laws or other legal obligations;
  • For the performance of a task carried out in the public interest;
  • To enable our customers to comply with their legal obligations;
  • Where applicable, with your consent; and/or
  • To operate our business, protect the security of our systems, customers and users, detect or prevent fraud, or fulfill our other legitimate interests, except where our interests are overridden by your privacy rights.

Where we rely on your consent to process Personal Data, you have the right to withdraw your consent at any time, and where we rely on legitimate interests, you may have the right to object to our processing.

Sharing Your Personal Data

Appriss Companies and Service Providers

Depending on the Appriss Services provided, we may share Personal Data with the following recipients and under the following circumstances:

  • Our contracted service providers, which provide services such as IT and system administration and hosting, credit card processing, research and analytics, marketing, customer support and data enrichment.
  • Employees and departments of Appriss for the delivery of Appriss Services, to the extent necessary to fulfill a request you have submitted via our websites, or for customer support, marketing, technical operations and account management purposes.
Appriss Customer Organizations and Licensors

If you access Appriss Services through a subscription administered by your organization, your Personal Data and certain usage data gathered through Appriss Services may be accessed by or shared with the administrators authorized by your organization for the purposes of usage analysis, subscription management and compliance, training course progress, performance and remediation, cost attribution and departmental budgeting.

Sharing Consistent With Your Choices
  • We may share your Personal Data with our affiliates and with sponsors, joint venture entities and other third parties, including entities for which we are acting as an agent, licensee, application host or publisher, that wish to send you information about their products and services that may be of interest to you, as determined by your choices in managing your communications preferences and other settings;
  • Any Personal Data or other information you choose to submit in web-based or app-based communities, forums, blogs, or chat rooms in connection with any Appriss websites, apps, mobile platforms, or Appriss social media accounts may be read, collected, and/or used by others who visit these public forums, depending on your account settings.  Please be careful when disclosing Personal Data in these public areas.
Legal Purposes

We also may also disclose your Personal Data with third parties if we have a good faith belief that such disclosure is necessary to:

  • meet any applicable law, regulation, legal process or other legal obligation;
  • detect, investigate and help prevent security, fraud or technical issues;
  • protect the rights, property or safety of Appriss, our users, employees or others; and/or
  • as part of a corporate transaction, such as a transfer of assets to or an acquisition by or merger with another company.

Data Retention

Where Appriss collects and controls your Personal Data, we may retain your Personal Data for a period of time consistent with the original purpose of collection.  We determine the appropriate retention period for Personal Data on the basis of the amount, nature, and sensitivity of your Personal Data, the potential risk of harm from unauthorized use or disclosure, and whether we can achieve the purposes of the processing through other means, as well as the applicable legal requirements (such as applicable statutes of limitation).

Where Appriss processes your Personal Data on behalf of a Third Party Organization, the applicable retention period is usually determined by contract with such organization. We will usually retain your Personal Data as long as it is needed to fulfill the purpose of the contract, and, where applicable, will delete your Personal Data upon expiration of the contract, if not earlier. However, we may retain your Personal Data for a variant period of time consistent with the original purpose of collection, up to and including indefinite retention where appropriate and permissible.

Upon the expiration of any retention periods, your Personal Data will be deleted in a manner conforming to any applicable state or federal laws regarding the disposal of such Personal Data. If there is any information that we are unable, for technical reasons, to delete entirely from our systems, including such information stored in any offsite or otherwise archival databases to which access is limited, we will put in place appropriate measures to prevent any further use of such Personal Data.

Locations of Processing Personal Data

Your Personal Data may be stored and processed in your region or another country where Appriss, its affiliates, and their service providers maintain servers and facilities, including but not limited to the U.S., Poland, and the UK.

Therefore, your Personal Data may be processed outside the European Union (“EU”), and in countries which are not subject to an adequacy decision by the European Commission and which may not provide for the same level of data protection as in the EU. In this event, we will ensure that such recipient offers an adequate level of protection,– for instance, by entering into “Standard Contractual Clauses” — for the transfer of data as approved by the European Commission (Art. 46 GDPR), or we will ask you for your prior consent to such international data transfers.

Children’s Privacy

Our websites, apps, and mobile platforms are not directed at children. Appriss does not knowingly collect or process Personal Data from children under the age of 13, and Appriss does not target its websites, apps, or mobile platforms to children under the age of 13. Where a child is between the ages of 13 and 16 years, Appriss will only undertake the collection or processing of his or her Personal Data if and to the extent that consent is given or authorized by the holder of parental responsibility over the child.

Your Data Subject Rights

You may have certain rights regarding your Personal Data, subject to local data protection laws.

If you are located outside the EU:

Consult the data protection laws applicable to your particular locality for more information on your possible rights regarding your Personal Data.

If you are a resident of California:

Under the California Consumer Privacy Act of 2018 (CCPA), and subject to certain qualifications, you may have the right to request free of charge:

  • specific or categorical access to your Personal Data; and/or
  • deletion of your Personal Data.

Appriss does not sell any Personal Data we may collect directly from residents of California to any third party.

If you are located in the EU:

You have the right under European and certain other privacy and data protection laws, as may be applicable and subject to certain exceptions and limitations, to request free of charge:

  • access to your Personal Data;
  • rectification or erasure of your Personal Data;
  • restriction of our processing of your Personal Data, or to object to our processing; and/or
  • portability of your Personal Data.
How to exercise your rights regarding Personal Data

To exercise your rights, please contact us in accordance with the “Contact Us” section below. We are enhancing our existing online request portal to handle these requests and will also accept emails sent to DPO@appriss.com.

If you are located in the State of California, we will comply with the CCPA requirement that we complete your request within 45 days, or 90 days if an extension is required. We will contact you if we need additional information from you in order to process your request.

If you are located in the EU, we will comply with the GDPR requirement to provide information without undue delay and, in any event, normally within one month of receipt of the request. We will contact you if we need additional information from you in order to process your request. It may take us longer than one month, taking into account the complexity of your request, and the overall number of requests we receive.

If your Personal Data has been provided to us by a Third Party Organization and you wish to exercise any rights you may have under applicable data protection laws, please inquire with the applicable organization directly. If you are an employee of a Third Party Organization, we recommend you contact your organization’s system administrator for assistance in correcting or updating your information.

In addition, if you have registered for an account with us, you may generally update your user settings, profile, or organization’s settings by logging into the applicable website with your username and password and editing your settings or profile. To update your billing information, discontinue your account, or if you are in the EU, to request return or deletion of your Personal Data and other information associated with your account, please contact us.

Communications Preferences

You can manage your receipt of marketing and non-transactional communications from us by clicking on the “unsubscribe” link located on the bottom of our emails, by replying or texting ‘STOP’ if you receive SMS communications, or by turning off push notifications on our apps on your device. Additionally, you may unsubscribe by contacting us using the information in the “Contact Us” section below.

Please note that opting-out of marketing communications does not opt you out of receiving important business communications related to your current relationship with us, such as information about your subscriptions, service announcements, or security information.

Data Privacy and Security

Appriss implements a variety of data privacy and security measures, including organizational, technical, and physical measures, which are designed to protect the integrity, confidentiality, and availability of Personal Data. While we follow generally accepted standards to protect Personal Data, no method of storage or transmission can be totally secure. You are solely responsible for protecting your password, limiting access to your computer and mobile devices, and signing out of websites, apps, and mobile platforms after your sessions. If you have any questions about the security of our websites, apps, or mobile platforms, please contact us at DPO@appriss.com.

Changes to this Privacy Policy

We will update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, and other factors. If we do, we will post the revised version here with an updated revision date. We encourage you to periodically review this Privacy Policy to stay informed about our collection, processing and sharing of your Personal Data.

Contact Us

To exercise your rights regarding your Personal Data, or if you have questions regarding this Privacy Policy or our privacy practices, please contact Appriss’s Data Protection Officer at DPO@appriss.com, or write to us at either of the following mailing addresses:

If in the U.S., to:
Appriss Inc.
Attn: Data Protection Officer
9901 Linn Station Rd., Suite 500
Louisville, Kentucky 40223, USA
Phone: 1-866-277-7477

If in the EU, to:

Appriss Retail
Attn: Data Protection Officer
120 Leman Street
London E1 8EU, UK
Phone: +44 (0)20 7430

We are absolutely committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, and you are located in the EU, you have the right to lodge a complaint with the competent supervisory authority.

Last update: April 2020