1. Data Collection
We, at GEDEX, may collect various types of data from our users, both directly and automatically. The information collected directly may include data entered by users, such as their personal details, as well as data about users’ consumption of content, such as the materials they have viewed or downloaded. Additionally, we may obtain data from third-party platforms that are connected to GEDEX.
We may also collect certain data automatically, including information about the devices used by our users and the parts of our Services that users interact with or spend time using.
1.1 Collection of User-Provided Data
At GEDEX, we collect various types of data from our users, depending on how they use our Services. To help our users better understand the data we collect, we have provided some examples below.
When a user creates an account and uses our Services, whether directly or through a third-party platform, we collect any data that is provided by the user, including account and profile data.
In order to use certain features on our site, each user is required to create an account, which entails providing us with their email address, password, and account settings. If a user wishes to create an instructor account, we will also collect their name, email address, password, and account settings.
As users use certain features on our site, they may be prompted to submit additional information, such as occupation, government ID information, verification photo, date of birth, race/ethnicity, skill interests, and phone number. Upon account creation, we assign each user a unique identifying number. Users can also choose to provide profile information, such as a photo, headline, biography, language, website link, social media profiles, country, or other data.
It is important to note that any profile data that a user provides will be publicly viewable by others
Some parts of our Services allow users to interact with others and share content publicly, such as by uploading courses and other educational content, posting reviews, asking or answering questions, sending messages to other users, or uploading photos or other work. The visibility of such shared content may depend on where it is posted and may be publicly viewable by others.
When a user accesses the GEDEX platform, we may collect certain data related to their learning activities, such as which courses, assignments, labs, workspaces, and quizzes they have started and completed, as well as any content or subscription purchases and credits, subscriptions, and completion certificates. We also collect data related to users’ exchanges with instructors, teaching assistants, and other students, as well as essays, answers to questions, and other items submitted to satisfy course and related content requirements.
In the event that a user makes a purchase through our Services, we may collect certain payment data such as the user’s name, billing address, and ZIP code as necessary to process their order. If users choose to save this information, it may be used to process future orders. To facilitate payments, users must provide certain payment and billing data directly to our payment service providers, including their name, credit card information, billing address, and ZIP code. We may also receive limited information from payment service providers to facilitate payments, such as the fact that a user has a new card and the last four digits of that card. However, for security reasons, GEDEX does not collect or store sensitive cardholder data such as full credit card numbers or card authentication data.
At GEDEX, we may obtain certain information about our users through their social media or other online accounts if they are connected to their GEDEX account. If a user logs in to GEDEX via Facebook or another third-party platform or service, we request their permission to access certain information about that other account. Depending on the platform or service, we may collect information such as the user’s name, profile picture, account ID number, login email address, location, physical location of their access devices, gender, birthday, and list of friends or contacts.
The information that we receive is made available to us through the APIs of the platforms and services. The data we receive depends on what information the user, via their privacy settings, or the platform or service decides to give us.
It is important to note that if a user accesses or uses our Services through a third-party platform or service or clicks on any third-party links, the collection, use, and sharing of their data will also be subject to the privacy policies and other agreements of that third party.
If a user contacts us for support or to report a problem or concern, regardless of whether they have created an account, we will collect and store their contact
1.2 Data Collected through Automated Means
When a user accesses our Services, including browsing content, we may collect certain data through automated means. This may include technical data about the user’s computer or device, such as their IP address, device type, operating system type and version, unique device identifiers, browser, browser language, domain, and other system data, as well as usage statistics about the user’s interactions with our Services, including content accessed, time spent on pages or on the Service, pages visited, features used, search queries, click data, date and time, referrer, and other data regarding the user’s use of our Services.
We may also collect approximate geographic data, such as the user’s country, city, and geographic coordinates, which is calculated based on their IP address.
The data mentioned above is collected through the use of server log files and tracking technologies, as described in the “Cookies and Data Collection Tools” section below. It is stored by us and associated with the user’s account.
1.3 Data From Third Parties
2. How We Obtain User Data
2.1 Cookies and Data Collection Tools
2.2 Why We Use Data Collection Tools
GEDEX uses different types of Data Collection Tools for the purposes described below:
- Strictly Necessary: These Data Collection Tools allow users to access the site, provide basic functionality (such as logging in or accessing content), secure the site, protect against fraudulent logins, and detect and prevent abuse or unauthorized use of users’ accounts. Disabling them may cause parts of the site to break or become unavailable.
- Functional: These Data Collection Tools remember data about the user’s browser and preferences, provide additional site functionality, customize content to be more relevant to users, and remember settings affecting the appearance and behavior of the Services (such as the user’s preferred language or volume level for video playback).
- Performance: These Data Collection Tools help measure and improve the Services by providing usage and performance data, visit counts, traffic sources, or where an application was downloaded from. These tools can help us test different versions of GEDEX to see which features or content users prefer and determine which email messages are opened.
- Advertising: These Data Collection Tools are used to deliver relevant ads (on the site and/or other sites) based on information we know about users, such as Usage and System Data (as detailed in Section 1), and data that the ad service providers have about users based on their tracking data. The ads can be based on the user’s recent activity or activity over time and across other sites and services. To deliver tailored advertising, we may provide these service providers with a hashed, anonymized version of the user’s email address (in a non-human-readable form) and content that the user shares publicly on the Services.
- Social Media: These Data Collection Tools enable social media functionality, such as sharing content with friends and networks. These cookies may track the user or device across other sites and build a profile of user interests for targeted advertising purposes.
3. How We Use Users Data
The user data that we collect is used to provide our services, communicate with users, troubleshoot issues, prevent fraud and abuse, and improve our services. We analyze how people use our services and serve personalized advertising when permitted by the user. The data collected is retained for as long as it is needed to serve the purposes for which it was collected.
Specifically, we use user data to:
- Provide and administer the services, including facilitating participation in educational content, issuing completion certificates, displaying customized content, and facilitating communication with other users.
- Process payments to instructors and other third parties.
- Process user requests and orders for educational content, products, specific services, information, or features.
- Communicate with users about their accounts, such as responding to user questions and concerns, sending users administrative messages and information, and sending users information about their progress in courses and related content.
- Send users messages about rewards programs, new services, new features, promotions, newsletters, and other available instructor-created content.
- Manage user accounts and preferences and personalize the user experience.
- Facilitate the technical functioning of the services, including troubleshooting and resolving issues, securing the services, and preventing fraud and abuse.
- Verify the identity of instructors.
- Solicit feedback from users.
- Market products, services, surveys, and promotions
- Market subscription plans to prospective customers.
- Learn more about users by linking user data with additional data through third-party data providers and/or analyzing the data with the help of analytics service providers.
- Identify unique users across devices.
- Tailor advertisements across devices
- Improve our services and develop new products, services, and features.
- Analyze trends and traffic, track purchases, and track usage data.
- Advertise the services on third-party websites and applications.
- Ensure the safety or integrity of our users, employees, third parties, the public, or our services.
- We share certain data about users with instructors and teaching assistants for educational purposes, except for email addresses. This data may include information about the user’s location, language, device, and activity on GEDEX.
- Depending on user settings, other students and instructors may be able to view shared content and profile information. If a user asks a question, their information including name may be publicly viewable. Users should not post confidential or proprietary information on public forums such as chat rooms, message boards, and news groups.
- With Service Providers, Contractors, and Agents:We share user data with third-party companies who perform services on our behalf, like payment processing, fraud and abuse prevention, data analysis, marketing and advertising services (including retargeted advertising), email and hosting services, and customer services and support. These service providers may access user personal data and are required to use it solely as we direct, to provide our requested service. This includes all categories of data.
- With GEDEX Affiliated Entities:We may share user data with other companies related to GEDEX, such as parent or subsidiary companies, to support us in providing the Services. This includes all categories of data.
- With Business Partners:We have agreements with other websites and platforms to distribute our Services and drive traffic to GEDEX. Depending on user location, we may share user data with these trusted partners. This includes Account Data, Learning Data, Communications and Support, and System Data.
- With Credit-Granting Organizations for Continuing Education:If users complete a course to meet a continuing professional education requirement, we may share the information with the credit-granting organization upon request. (Account Data; Learning Data)
- With Analytics and Data Enrichment Services:We share certain contact information or de-identified data with third-party analytics and data enrichment services such as Google Analytics and ZoomInfo. De-identified data means data where we’ve removed personally identifiable information and replaced it with a token ID. This allows these providers to offer analytics services or match user data with publicly-available database information (including contact and social information from other sources) to communicate with users in a more effective and customized manner. (Account Data; System Data; Usage Data; Cookie Data)
- To Administer Promotions and Surveys:We may share user data as needed to administer, market, or sponsor promotions and surveys that users choose to participate in, as required by applicable law or in accordance with the rules of the promotion or survey. This includes sharing Account Data and Sweepstakes, Promotions, and Surveys information.
- For Advertising:If we adopt an advertising-supported revenue model in the future, we may share certain System Data and Usage Data with third-party advertisers and networks to provide general demographic and preference information among our users. We may also permit advertisers to collect System Data through Data Collection Tools (as described in Section 2.1) to personalize users’ experiences through behavioral advertising and web analytics. Advertisers may also share the data they collect about users with us. To opt-out of participating ad networks’ behavioral advertising or learn more, see Section 6.1 (User Choices About the Use of User Data) below. Please note that if users choose to opt out, they may still receive generic ads. This includes sharing System Data.
- : In certain circumstances, we may disclose user data to third parties (all data categories) if we have a good faith belief that the disclosure is necessary. This may include disclosing user data:
- As part of a legal inquiry, order, or proceeding;
- As part of a valid subpoena, warrant, or other legally-valid request;
- To enforce our legal agreements;
- To detect, prevent, or address fraud, abuse, misuse, potential violations of law, or security or technical issues;
- To protect against imminent harm to GEDEX, our users, employees, members of the public, or our Services;
- As required or permitted by law.During a Change in Control: In the event of a merger, acquisition, dissolution, or sale of all or some of our assets, we may transfer all user data to the acquiring organization during such transition. (All data categories)
- After Aggregation/De-identification:We may use or disclose de-identified or aggregated data for any purpose.
We implement appropriate security measures based on the type and sensitivity of the data we store. However, as with any online system, there is always a risk of unauthorized access. Therefore, it is important for users to safeguard their password and notify us of any suspected unauthorized access to their account.
GEDEX takes adequate security measures to prevent unauthorized access, modification, disclosure, or destruction of user personal data that we collect and store. These measures vary depending on the type and sensitivity of the data. However, it is important to note that no system can be completely secured, and we cannot guarantee that third parties will not have unauthorized access to the communications between users and GEDEX, the Services, or any information provided to us in connection with the data we collect through the Services. Users have a vital role in our security system, and it is their responsibility to safeguard their password. They should not share it with any third party, and if they suspect their password or account has been compromised, they should change it immediately and contact our Support Team with any concerns.
6. User Rights
6.1 User Choices About the Use of User Data
- To stop receiving promotional communication from us, users can opt-out via the unsubscribe mechanism in the email or change the email preference in their account settings. However, regardless of email preference, we’ll send important transactional and relationship messages about the Services
- Users in the European Economic Area can opt-out of certain data collection tools by clicking the “Cookie settings” link at the bottom of any page. For any questions about user data, its use, or user rights, contact us at email@example.com.
6.2 User Access, Update, and Delete Personal Data:
- Users can update their personal data at any time by logging into their account and updating their account settings.
- To terminate their account, students can visit their profile settings page, and instructors can follow the steps provided on the website. If users have any issues terminating their account, they can contact the support team. However, some or all of their data may still be visible to others even after their account is terminated, and GEDEX retains user data for as long as necessary to fulfill legal obligations and enforce agreements.
- To request access, correction, or deletion of personal data, users can use the online form provided or email firstname.lastname@example.org. Requests may take up to 30 days to process, and user identity may need to be verified before implementing the request. Certain data may be retained by GEDEX for mandatory record-keeping or transaction purposes, where there is a lawful basis to do so.
6.3 GEDEX Policy Concerning Children
We acknowledge the importance of children’s privacy and encourage parents to participate in their online activities. Individuals under the age of 18, but of the appropriate age to consent to use online services in their country of residence, may not create an account but may have a parent or guardian create an account for them and help them access suitable content. The Services are not available for individuals under the age required to consent to use online services. If we discover that we have collected personal data from a child under the applicable age, we will take reasonable measures to delete it. Parents or legal guardians are responsible for supervising their underage child’s access and activities on the GEDEX platform. Parents who believe that GEDEX has obtained personal information from a child under the applicable age can request that it be deleted by contacting email@example.com.
GEDEX has jurisdiction-specific rules for users in certain regions. If users live in California, they have certain rights under the California Consumer Privacy Act (CCPA) related to accessing and deleting user data, and learning who GEDEX shares user data with. Users in Australia have the right to make a formal complaint with the appropriate government agency. It’s important to note that GEDEX transfers data to the US and other areas outside of the European Economic Area.
7. Jurisdiction-Specific Rules
7.1 For users in California, the CCPA grants certain rights, including:
- “Right to Know”— users can request to know the categories and specific pieces of personal information that GEDEX has collected about them, and access a copy of their personal information.
- “Right to Correction”— users have the right to have inaccurate personal information corrected.
- “Right to Deletion”— users can request that GEDEX deletes the personal information they have collected about them.
- “Right to Non-Discrimination”— if users choose to exercise any of their CCPA rights, GEDEX will treat them like all other users, and there will be no penalty for exercising these rights.
In addition to the information provided in the “What Data We Get” and “How We Get Data About Users” sections, users can find out more about the personal information collected by GEDEX and how it is collected in those sections. Users can also learn about the business and commercial purposes for which their personal information is collected, and the categories of service providers who have access to it, in the “What We Use User Data For” and “Who We Share User Data With” sections. As a California resident, users can request details about what personal information GEDEX shares with third parties for direct marketing purposes by emailing firstname.lastname@example.org with the phrase “California Shine the Light” and including their mailing address, state of residence, and email address. GEDEX does not currently recognize or respond to Do Not Track signals since there is no widely accepted standard for this signal.
7.2 Users in Nevada
GEDEX does not sell personal information or personal data belonging to its users. However, if Nevada residents wish to request that their covered personal information not be sold, they can do so by emailing email@example.com.
To provide the Services to its users, GEDEX transfers user data to the United States and processes it there. Users who use the Services outside of the United States give their consent to the transfer, storage, and processing of their data in and to the United States or other countries.