TidWiT’s Privacy Shield Privacy & PII Policy
The following policy statement shall cover the entire TidWiT Network, including but limited to the www.TidWiT.com site and all the platform instances and sub-instances that may be setup as sub-domains through ontidwit.com with or without any URL vanity features.
Because TidWiT wants to demonstrate its commitment to our users’ privacy and personally identifiable information (PII), it has agreed to disclose its information practices.
I. Introduction to Privacy & PII Policy
TidWiT is committed to employing reasonable and appropriate administrative, technical, and physical safeguards to protect the integrity, confidentiality, and security of all Personally Identifiable Information (PII) irrespective of its source or ownership or the medium used to store it. All individuals at TidWiT who dispense, receive, and store PII have responsibilities to safeguard it. In adopting this policy, TidWiT is guided by the following objectives:
- To enhance individual privacy for members of the TidWiT Network through the secure handling of PII;
- To ensure that all TidWiT Network members understand their obligations and individual responsibilities under this policy by providing appropriate communication that will permit the network to comply with both the letter and the spirit of all applicable privacy legislation;
- To not transmit, process, or store any complete credit card data on any TidWiT owned/controlled computers, servers, desktops, laptops, disks, flash drives, or other portable or mobile devices.
If users have questions or concerns regarding this statement, they should contact Our Legal Department by e-mailing legal at tidwit.com
II. General Guidelines of Policy: Purpose, Scope, and Definitions
TidWiT Data Trustees are responsible for oversight of Personally Identifiable Information in their respective areas of TidWiT’s operations. Activities of these officials are aligned and integrated through appropriate coordination among these cognizant officials.
1. Purpose of this Policy
- TidWiT creates, collects, maintains, uses, and transmits Personally Identifiable Information relating to individuals associated with TidWiT including, but not limited to employees, vendors, and partners. TidWiT is committed to protecting PII against inappropriate access and use in compliance with applicable laws and regulations in order to maximize trust and integrity within its network and its members.
2. Scope of this Policy
- This policy applies to all members of the TidWiT community, including all full- and part-time employees, vendors, publishers, customers, and other individuals such as contractors, consultants, other agents of the community, and affiliates that are associated with TidWiT or whose work gives them custodial responsibilities for PII.
3. Policy Definitions3A. TidWiT Data Trustees
- Data Trustees are senior TidWiT officials (typically at the level of Vice President or higher) who have planning and policy-making responsibilities for TidWiT data. The Data Trustees, as a group, are responsible for overseeing the establishment of data management policies and procedures and for the assignment of data management accountability. The following are the Data Trustees who will administer this policy in their respective areas of TidWiT operations. They will resolve the responsibility for the data, if any data elements overlap more than one area: Chief Technology Officer; Chief Security Officer; Chief Database Administrator; Chief Legal Officer. Delegation of access is conducted with limited written and signed permission.
3B. Minimum Necessary
- Minimum Necessary is the standard that defines that the least information and fewest people should be involved to satisfactorily perform a particular function related to the TidWiT Network.
3C. Personally Identifiable Information (PII):
- Information which can be used to distinguish or trace an individual’s identity, such as their name and e-mail when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date of birth, etc. TidWiT does NOT collect Biometric, Social Security numbers, or Credit Card data.
III. Specific Guidelines of Policy
1. Information Collection and Use1A. Information Collection
- TidWiT is the sole owner of the data collected on the TidWiT Network, including but limited to the www.TidWiT.com site and all the platform instances and sub-instances that may be setup as sub-domains through ontidwit.com with or without any URL vanity features. TidWiT collects information from our users at several different points on our Web site.
- In order to use the TidWiT Network or any instance or sub-instance thereof, a user must first complete the registration form. On the form, a user has to enter some “required” information. Other information is entered optionally. Entering some fields depends on the profile of the user. For example, a user can optionally enter their address but they are required to enter the country as Privacy Laws may differ between one country and another. All members are required to confirm that they are above the age of 18 as per TidWiT’s site agreement, as anyone aged 18 and under is not allowed to use the site. All members are required to enter an e-mail. The registration process cannot be completed without e-mail verification. In terms of Bio information, members are encouraged but not obligated to enter this information as it may help them in their content search efforts, providing higher levels of relevancy.
- There are two ways to make payments for services TidWiT. One way is via offline PO’s. The other way is paying directly by Credit Card via TidWiT, which would require information to be entered by the user on our order form. The information typically includes the cardholder name, expiration date, address, and card code. TidWiT does NOT process OR retain this data. Instead TidWiT simply relies on tokens as provided by third party processors such as PayPal and Authorize.net, both of whom are in full PCI compliance, to accept a payment. TidWiT will not be held responsible for breaches that may occur by such third party processors, as TidWiT neither controls, processes, has access to, nor stores their user data.
1Aiii. Contacting Publishers, Other Users, and Message Boards
- Users on the TidWiT network may want to contact the publishers or other users. In such a case, the contact has to be made through the TidWiT Network. No user e-mails will appear on the TidWiT system to any user, unless the users themselves decide to exchange their respective e-mails in the body of their messages. Any messages being exchanged on open discussion boards through the TidWiT Network in which a user may divulge PII to others will not be the responsibility of TidWiT even though the message may be stored on the TidWiT network. In short, posting personal information online that is publicly accessible will be solely the user’s responsibility.
1Aiv. Rating Content
- Users on TidWiT can rate and comment on the content that they have accessed. Their rating will appear on the TidWiT network for others to reference. While it is important for users to be as objective as possible in their ratings so that everyone in the TidWiT network community may benefit, users need to realize that through the process of rating and commenting on discussion boards, they may be divulging some PII to others.
- TidWiT stores information that we collect through cookies, log files, and/or third parties to create a profile of our users. A profile is stored information that we keep on individual users that details their viewing preferences. Consequently, collected information may or may not be tied to the users personally identifiable information to provide offers and improve the content relevancy of the network for the user. This profile is used to tailor a user’s visit to our network, and to direct pertinent content to them. We only share a user’s specific profile and PII with the specific instances that they visit. We only share user profiles in statistically aggregated and unidentifiable forms to any other third party.
- A cookie is a piece of data stored on the user’s computer tied to information about the user. We use ID cookies. For the session ID cookie, once users close the browser, the cookie simply terminates. By setting a cookie on our site, users would not have to log in a password more than once, thereby saving time while on our site. If users reject the cookie, they may still use our site. Persistent cookies enable us to track and target the interests of our users to enhance the experience on our network. Cookies may be tied to a user’s personal identity information; however, we only share a user’s specific profile and PII with the specific instances that they visit. We only share user profiles in statistically aggregated and unidentifiable forms to any other third party.
1Biii. Log Files
- Like most standard Web servers, TidWiT uses log files. This includes internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, platform type, date/time stamp, and number of clicks to analyze trends, administer the site, track user’s movement in the aggregate, and gather broad demographic information for aggregate use. Typically, our log files do NOT tie back to personal identity information. If and when they do, we will only share a user’s specific profile and PII with the specific instances that they visit. We only share user profiles in statistically aggregated and unidentifiable forms to any other third party.
2. Communications from the Site2A. Registration
- We send all new members a welcoming email to verify password and username. This is part of the registration process and cannot be opted-out. TidWiT users may also receive announcements, which they may opt out of by unsubscribing to the e-mail at unsubscribe at tidwit.com
2B. Service Announcements
- On occasions, it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, unless they can deactivate their account. However, these communications are not promotional in nature.
2C. Customer Service
- We communicate with users on a regular basis to provide requested services and in regards to issues relating to their account we reply via email or phone, in accordance with the users wishes.
2D. Specific Instance Communications
- TidWiT allows instances that it hosts to communicate with its users in both an automated as well as manual manner. Examples of this would be to advise a user of new content that was just published, or a periodic newsletter that shares with user most accessed content relevant to their interest, or to ask a user to finish a learning path or course they had started, or a reminder to leave a comment for consumed content. Such communications will occur through the TidWiT platform without any divulgence of e-mail.
3. Sharing User Information3A. Legal Disclaimer
- Though we make every effort to preserve user privacy, we may need to disclose personal information when required by law wherein we have a good-faith belief that such action is necessary to comply with a current judicial proceeding, a court order or legal process served on our Web site.
3B. Aggregate Information (non-personally identifiable)
- We share aggregated demographic information with our partners and advertisers. While these parties may be privy to the data at large in order to establish trends and projections, they will not be able to relate this data to a single user or account.
3C. Instances We Share Users’ Personal Information
- We share personal information of our users in the following cases:
3Ci. Third Party Intermediaries
- The TidWiT Network may use third party credit card processing companies to bill users for services rendered. TidWiT does NOT process OR retain this data. For detailed description of limitation of liability, please access section numeral III.1.a.ii above.
3Cii. Business Transitions
- In the event TidWiT goes through a business transition, such as a merger, being acquired by another company, or selling a portion of its assets, users’ personal information will, in most instances, be part of the assets transferred. Users will be notified via email or prominent notice on our Web site for 30 days prior to a change of ownership or control of their personal information. If as a result of the business transition, the users’ personally identifiable information will be used in a manner different from that stated at the time of collection they will be given choice consistent with our notification of changes section.
3Ciii. Legal Proceedings
- In the event TidWiT is so required by the law, TidWiT will share its user information This may be for an investigation, a lawsuit, or any other legal proceeding.
3Civ. Informing Our Users
- Users of our network are always notified if and when their information is being collected by any outside parties- unless the law prohibits it. We do this so our users can make an informed choice as to whether or not they should proceed with services that require an outside party.
3D. Accountability for Onward Transfer3Di. Transferring to a Third-Party Controller
- When transferring personal information to a third party acting as a controller, TidWiT will comply with the Notice and Choice Principles. Furthermore, TidWiT is committed to entering into a contract with said third-party controller, which provides that such data will only be processed for limited and specified purposes consistent with the consent provided by TidWiT’s member; and that the recipient of such data will provide the same level of protection as the Principles as TidWiT and will notify TidWiT if it makes a determination that it can no longer meet this obligation. The contract shall provide that when such a determination is made the third-party controller will cease processing or takes other reasonable and appropriate steps to remediate.
3Dii. Transferring to a Third-Party Agent
- To transfer personal data to a third party acting as an agent, TidWiT is committed to: (i) transferring such data only for limited and specified purposes; (ii) ascertaining that the agent is obligated to provide at least the same level of privacy protection as is required by the Principles; (iii) taking reasonable and appropriate steps to ensure that the agent effectively processes the personal information transferred in a manner consistent with TidWiT’s obligations under the Principles; (iv) requiring the agent to notify the organization if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Principles; (v) upon notice, including under (iv), taking reasonable and appropriate steps to stop and remediate unauthorized processing; and (vi) providing a summary or a representative copy of the relevant privacy provisions of its contract with that agent to the Department upon request.
5. Referrals to TidWiT
- If a user elects to use our referral service for informing a friend about our site, we ask them for the friend’s name and email address. TidWiT will automatically send the friend a one-time email inviting them to visit the site. TidWiT stores this information for the sole purpose of sending this one-time email and tracking the success of our referral program. The friend may contact the TidWiT Network at unsubscribe at tidwit.com to request the removal of this information from our database, upon which point they will be promptly removed from the contact list.
- The TidWiT Network takes every precaution to protect our customers’ and users’ information. When users submit sensitive information via the TidWiT Network, their information is protected both online and off-line.
6A. On-Line Security
- When our registration/order form asks users to enter sensitive information (such as username, email, and password), that information is encrypted and is protected with 256-bit encrypted SSLs. While on a secure page, such as our order form, the lock icon on the bottom of Web browsers such as Google Chrome, Microsoft Edge, Mozilla Firefox, or Apple Safari becomes locked, as opposed to un-locked, or open, when users are just ‘surfing’.
6B. Off-Line Security
- While we use SSL encryption to protect sensitive information online, we also do everything in our power to protect user-information off-line. All of our users’ information, not just the sensitive information mentioned above, is stored on TidWiT servers with highly restricted access. All our data centers are SSAE-16 (SOC1) Certified & Audited with parallel redundancies. This ensures that your servers will always have reliable power with backup generators, enhanced physical and virtual security, along with climate control. By meeting the strictest compliance and security standards, we safeguard our customers’ data. As per section II.3.A above, only Data Trustees who need specific information to perform a specific job are granted access to personally identifiable information at our Data Centers. Furthermore, ALL employees are kept up-to-date on our security and privacy practices. Every six months, as well as any time new policies are added, our employees are notified and/or reminded about the importance we place on privacy, and what they can do to ensure our users’ information is protected. If users have any questions about the TidWiT Network security, users can send an email to legal at tidwit.com.
7. Correcting/Updating/Deleting/Deactivating Personal Information
- TidWiT fully recognizes the right of its Network users to access their personal data. Furthermore, if a user’s personally identifiable information changes (such as email), or if a user no longer desires our service, we provide a way to correct, update or delete/deactivate users’ personally identifiable information. Updating or editing a member’s user information can be done in the My Account area of the Web Site. Deleting the member’s history can be done by contacting or emailing our customer support at customerservice at tidwit.com.
8. Notification of Changes
- If, we are going to use users’ personally identifiable information in a manner different from that stated at the time of collection we will notify users via, at which point users will be provided different choices to opt-out of such service.
9. Independent Recourse Mechanism
- In compliance with the Privacy Shield Principles, TidWiT commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact TidWiT at:
- 11911 Freedom Drive, Suite 805
- Reston VA 20190, USA
- Tel. +1.703.761.7600
- Email: legal at tidwit.com
- Web site URL www.tidwit.com
- Notwithstanding, TidWiT recognizes the possibility, under certain conditions, for the user of its services to invoke binding arbitration. Therefore, TidWiT has further committed to refer unresolved Privacy Shield complaints to the American Arbitration Association’s International Center for Dispute Resolution, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit www.adr.org for more information or to file a complaint. The services of the American Arbitration Association’s International Center for Dispute Resolution will be provided at no cost to you.
10. Governing Law & Investigative and Enforcement Powers
- This Agreement shall be construed and enforced in accordance with the laws of the State of Virginia in the United States of America and is subject to the investigatory and enforcement powers of the United States Federal Trade Commission (FTC).
11. Contacting TidWiT
- If users have any questions or suggestions regarding our Privacy or PII policy, please contact us at:
- 11911 Freedom Drive, Suite 805
- Reston VA 20190, USA
- Tel. +1.703.761.7600
- Email: legal at tidwit.com
- Web site URL www.tidwit.com