Privacy Policy

Privacy Policy Information
Updated July 1, 2020

Personal Privacy Data Handling Information
At Echelon Front (“EF”) our Data Privacy and Records Management Policy is a commitment to protecting the privacy data of employees, clients, business partners and web and social media site visitors. The Policy guides our privacy data handling practices as described here in this Frequently Asked Questions (FAQ) format. EF makes every reasonable effort to protect the privacy of data collected when individuals visit our sites.

EF policy and practices are also guided by state laws, like the California Consumer Privacy Act (CCPA) and also by foreign law like the General Data Protection Regulation (GDPR) of the European Union (EU).

EF does not buy or sell consumer privacy data as defined in the CCPA and therefore while abiding by the law, we are not subject to all provisions of the CCPA. For example, for CCPA compliance we are not required to have a separate landing page describing how EF buys and sells consumer privacy data. Therefore, there are limited needs for opt-out, opt-in and other CCPA specific disclosures.

Children’s Privacy
In order to register for the site, you will be required to read and agree to the Terms and Conditions of Use and to certify that you are at least 18 years old. Terms and Conditions. You are not permitted or authorized to use this site if you are under the age of 18. Our websites do not publish content for or collect data that is directed at children.

As an EF web site visitor, what information does EF collect?
When you visit the EF web site, we collect and store information about your visit. We also engage other companies to do some of this on our behalf.

Credit card data is stored through Stripe, our credit card processor, and its privacy policy can be found here: https://stripe.com/privacy.

The database of users, including coursework and any information on chatrooms or user-to-user interfaces are stored through Docebo, and its privacy policy can be found here: https://www.docebo.com/docebo-privacy-policy/.

We also store certain registered user information in our own secure web host server through SiteGround, and its privacy policy can be found here: https://www.siteground.com/privacy.html.

Examples of the kind of information we, or third parties we engage, track include which pages you view on our site, the site you visited just before coming to ours, keywords you used in your search, your company name and the name of your Internet Service Provider. We use this information to develop ideas for improving our site, our products and services and for improving marketing of our products and services. We do not make any attempts to link this information with you as an individual.

There are also various forms on our web site that ask for personal information about you, such as your name, phone number, and e-mail address. If you tell us any personal information, we use it only to contact you in response to your request or to provide you with information that we think you may be interested in receiving. We may use that data, either on our own initiative or through a third-party marketing company, to provide you with other opportunities that may interest you. If you inform us that you do not want to receive any information that you have not specifically requested, we will honor your request. We will not sell or otherwise disclose your information to any other company.

EF endeavors to takes any necessary and appropriate technical and organizational measures designed to prevent unauthorized access, use, alteration, or disclosure of privacy data collected via EF sites. We try to be both selective and proactive in checking the security background for certain external social media sites and other sites that we come in contact with but do not control. You should review these privacy policies yourself if you have any concerns about how your data is being used by these third parties. We have no relationship with these companies other than use as a vendor for our site.

As an EF site visitor does the “GDPR,” “CCPA,” and other similar data privacy and records management requirements apply to my data?

Companies within the EU and California, or who are externally located controllers and processors of the personal privacy data of EU and California residents in the context of collecting privacy data while soliciting and providing goods or services, must comply with the GDPR and CCPA. As an EF site visitor, we do collect your business contact information. However, we may also collect or process privacy data for the purpose of providing additional services. We are very aware that combining multiple privacy data elements, even if not considered personal data when taken alone, may result in the sum of the elements being considered personal privacy data when combined into a listing, and we endeavor to protect it as required.

EF may move your data within or to locations outside of the European Economic Area (EAA) or California. These data transfers are legal under the GDPR and CCPA as long as we adhere to the requirements for legal processing. To the extent we do so, we would encrypt all data in transit and in storage. We will exercise data privacy stewardship on all of our sites.

How will my personal information be used and shared by EF for internal management of the sites?
The personal information we collect in our various sites, if needed, allows us to:
• Respond to your inquiries;
• Provide the information, products and services you have ordered;
• Verify your identity and details of your payment method or credit card amount;
• Administer our sites and provide user services;
• Meet legal, regulatory and compliance requirements;
• Gather management information to form statistical and trend analysis;
• Communicate with you;
• Investigate any complaints about our sites;
• Personalize your experience of the sites;
• Contact you about our products and services which we think might be of interest to you, using the contact information you provide us;
• When warranted, we share your personal information with our EF affiliate companies and brands for the above purposes, we endeavor to ensure they adhere uniformly to these data handling practices.
• Employ the services of third-party service providers to help us in certain areas, such as site hosting, user database and coursework operations, and credit card processing. However, at all times we use third parties, we will do our best to ensure that your privacy data is likewise kept secure by those sub-processors.
• If you provide a credit or debit card, our third-party processor may also check the validity of the sort code, account number and card number you submit in order to prevent fraud as well as to process any transaction you attempt via the website.
• If false or inaccurate information is provided and fraud is identified, we will follow legal processes if details will be passed to fraud prevention agencies. Law enforcement agencies may access and use this information. We and other organizations may also access and use this information to prevent fraud and money laundering.

What constitutes personal privacy data?
Personal privacy data is information related to a natural person (called a ‘data subject’ by the GDPR, a “consumer” in the CCPA and as otherwise differentiated by other laws) that can be used to directly or indirectly identify the person when not encrypted and used individually or in combinations to create a profile.

Personal privacy data is a very broad range of personal information and can be any information item that might be used to create a profile, to include basic business contact information of name, business address, and business phone and business title or business job. Further personal privacy information would also be: an identifiable photo; identifiable voice recordings; fingerprints; biometric data; psychological profile, a personal email address, home phone number, home address; numbered identifiers – bank account, credit information and credit card, passport, country identification, driver’s license, pension and social security numbers; family member information; medical information; political opinions; sex, sexual preferences; computer IP address; data on children; travel profiles; trade union membership; criminal records. Some countries differentiate some of these listed items as Sensitive Personal Identification Information (SPII).

What is the difference between a data processor and a data controller?
• A controller is the entity that determines the purposes, conditions and means of the processing of personal data. A controller can be a processor. A web site owner is a controller.
• A data processor is an entity which processes personal data, with instructions and IT security framework, on behalf of the controller.
• EF is a data controller, but generally not a processor. Our third-party vendors described above would be processors. If you provide your personal data directly to EF (such as a registered user, or as a site visitor or browser), EF acts as the data controller for that personal data.

For EF, keeping site visitor and all data secure is a high priority. We strongly value and base our business on the trust that our site visitors, employees and customers have placed upon us. We will continue to earn and reinforce that trusted relationship by cooperating with requests related to our GDPR and CCPA, as well as other relevant data privacy obligations.

EF management strongly believes that information technology security/ compliance is a key business service. Information security objectives and strategy must be continually aligned with EF’s business strategy and objectives.

When does EF delete client data?
EF deletes client data, including backups based on our records management schedule, and/or in compliance with applicable law. Our third-party vendors, as described above, likewise have a records management schedule, and will preserve and/or delete your data consistent with that schedule and/or in compliance with applicable law, as their privacy policies provide. Again, those third-party companies are not under our control, and are business partners by contract.
In some cases, data that is deleted can be shortly after you leave one of our sites. In other cases, we may store your data indefinitely, but with no obligation on our part other than to keep it protected as we have described above.

We will require you to confirm you agree to our Terms and Conditions of Use in order to become a registered user of our site. Your agreement to our Terms and Conditions of Use will apply to all further use you make of our site.

What are EF site cookie practices?
We use cookies to collect information allowing for analytics, user experience and session tracking. Users can control the use of cookies at the individual browser level. If you reject cookies, you may still use our site, but your ability to use some features or areas of our site may be limited.

Use of Cookies – Practices and Procedures
EF uses cookies for a variety of purposes such as remembering your preferences, measuring your activity on EF websites, mobile sites and mobile applications (“sites”) or optimizing your user experience. All traffic (transferal of files) between the site and your browser is encrypted and delivered over the HTTPS security protocol.

Cookie Settings
The types of cookies EF and others may place on your device are described below.
• EF will read or set only the types of cookies that are strictly necessary for quality browsing or specifically allowed by your browser preference settings.
• Any specific questions regarding these cookie settings may be sent to: privacy@echelonfront.com

How do you use Web Beacons?
Some of our web pages may contain electronic images known as web beacons (sometimes known as clear gifs) that allow us to count users who have visited these pages. Web beacons collect only limited information which includes a cookie number, time and date of a page view, and a description of the page on which the web beacon resides.

How do you use Social Media Widgets?
EF web sites can include certain social media features, such as the Facebook button. These features may collect your IP address, may collect which page you are visiting on our sites, and may set a cookie to enable such feature to function properly. Social media features are either hosted by a third party or hosted directly on our sites. Your interactions with these features are governed by the privacy policy of the company providing it.

How do you use Blog Information?
Should you choose to add a comment to any posts that we have published on our sites for example in a blog, the name and email address you enter with your comment will be saved to the site’s database, along with your computer’s IP address and the time and date that you submitted the comment. Only your registered name will be shown on a site that is public-facing. Your posted comment(s) and its associated personal data will remain on this site until we see fit to either: (1) remove the comment, or (2) remove the blog post.

NOTE: You should avoid entering personally identifiable information to the actual comment field of any blog post comments that you submit on this site.

How do you use Contact Forms and Email Links?
Should you choose to contact us using a contact form on our sites or an email link, the data you supply will be stored in our customer relationship management database or may be passed on to be processed by a third-party data processor(s). We do retain information from data requests in our customer relationship management system. Collated and transferred data is encrypted before being sent across the internet. We do not sell personal information.

Registration and Profile Information
We try to gather only the most necessary information for the involved inquiry or purpose. When you enter or register to use our site, our services, to receive information, to participate in our events, and create or update your forum profiles, we may collect various kinds of information about you. For example, we may collect: your name; postal address; phone number; email address and other contact information; your log-in ID and password; your title; company; and other event specific profile information you provide; demographic information; and information linked with your profile such as comments you may post. We need this information to be able to respond to you, secure the site and provide services as applicable.

Information We Automatically Collect
• When you visit our site or use EF site services, as do many companies, some information is collected and recorded automatically such as your computer’s operating system, Internet Protocol (IP) address, access times, browser type and language, and the website you visited before our corporate sites, so we are aware of transfers and linking for security due diligence (blocking and enhancing) of our site and to protect you the user. This is logged automatically and stored in log files. We also collect information about your usage and activity on our corporate sites. We may tie your IP address to information we automatically collect on our corporate sites. We may also tie information we automatically collect with personal information, such as your login ID and information you give us for a registration. We use our own products, and products of third parties acting on our behalf, to analyze, optimize, securely protect and improve our site.
• EF will also collect information on your usage to ensure the security of the data we collect on behalf of our clients. You cannot opt-out of this collection and processing as it is necessary to ensure the security of the service we provide for our sites and for our clients.

California Consumer Privacy Act (CCPA)

What is considered “personal information” under the CCPA?
“Personal information” is defined in the California law. CCPA categories are expanded beyond those in the EU General Data Protection Regulation (GDPR). In the law, personal information is any “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with any particular consumer.” “Consumer” is a defined term in the CCPA similar to “data subject” as used in the GDPR, however it is not an exact matching definition.

As a California citizen does EF sell my data?
By Company Policy EF-C-18, EF does Not Sell or Buy Personal Information and has no intent to start. This “sale of consumer privacy data” element of the CCPA (and its regulations) is a major section that has limited impact on EF due to our Policy position. Therefore, for example, EF is not required to have a separate landing page for California consumers that addresses the sales of their personal data.

Does EF honor the “rights” of consumers in the CCPA?
By our Privacy Policy, EF does honor the rights of California consumers as specified in the CCPA and the rights of citizens of other U.S. states where they may be more stringent or different than the European Union General Data Protection Regulation (GDPR).

Additional Information
EF commits to respond to inquiries about our collection or use of your personal information. Contact us at privacy@echelonfront.com if you have any inquiries or concerns regarding how we use and store your data.