Effective: 25 May 2018
Magnifi Group, Inc. EU-US & Swiss Privacy Shield Policy
Magnifi respects individual privacy and values the confidence of its customers, employees, business partners and others. Not only does Magnifi strive to collect, use and disclose personal information in a manner consistent with the laws of the countries in which it does business, it also has a tradition of upholding the highest ethical standards in its business practices. These EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield Policies (the “Policies”) set forth the privacy principles that Magnifi follows with respect to transfers of personal information from the EU and Switzerland to the United States, respectively.
Compliance with Privacy Shield Principles
EU-U.S. Privacy Shield Framework
The United States Department of Commerce and the European Commission have agreed on a set of data protection principles and frequently asked questions (the “EU-U.S. Privacy Shield Framework”) to enable U.S. companies to satisfy the requirement under European Union law that adequate protection be given to personal information transferred from the EU to the United States.
Magnifi Group, Inc. (“Magnifi” or “we”) recognizes that the European Community has established a data protection regime which applies to the European Economic Area (“EEA”) and restricts companies in the EEA in transferring personal data about individuals in the EEA to the United States, unless there is “adequate protection” for such personal data when it is received in the United States. To create such “adequate protection,” Magnifi adheres to the EU-U.S. Privacy Shield Framework published by US Department of Commerce (“EU-U.S. Privacy Shield Principles”) with respect to personal data about individuals in the EEA that we receive from our clients and other business partners. Magnifi’s EU-U.S. Privacy Shield Certification also extends to data that we receive directly through Magnifi’s publicly accessible websites via secure form submission (any of our websites such as www.learn-wise.com). More information on the EU-U.S. Privacy Shield and Magnifi’s scope of participation in the EU-U.S. Privacy Shield Framework is available at www.privacyshield.gov/welcome
Swiss-U.S. Privacy Shield Framework
The United States Department of Commerce and the Swiss Federal Data Protection and Information Commissioner have agreed on a set of data protection principles and frequently asked questions (the “Swiss-U.S. Privacy Shield Framework”) to enable U.S. companies to satisfy the requirement under Swiss law that adequate protection be given to personal information transferred from Switzerland to the United States.
Magnifi Group, Inc. (“Magnifi” or “we”) recognizes that the Swiss Community has established a data protection regime which applies to the Swiss individual and restricts companies within Switzerland when transferring personal data about Swiss individuals in Switzerland to the United States, unless there is “adequate protection” for such personal data when it is received in the United States. To create such “adequate protection,” Magnifi adheres to the Swiss-U.S. Privacy Shield Framework published by US Department of Commerce (“Swiss-U.S. Privacy Shield Principles”) with respect to personal data about individuals in Switzerland that we receive from our clients and other business partners. Magnifi’s Swiss-U.S. Privacy Shield Certification also extends to data that we receive directly through Magnifi’s publicly accessible websites via secure form submission (any of our websites such as www.learnwise.com). More information on the Swiss-U.S. Privacy Shield and Magnifi’s scope of participation in the Swiss-U.S. Privacy Shield Framework is available at www.privacyshield.gov/welcome
Adherence to Seven Privacy Shield Principles
Client Personal Data processed or stored by Magnifi may be subject to contractual agreements with our clients that require more stringent privacy and security safeguards than the requirements in the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks. At a minimum, however, Magnifi handles Client Personal Data in accordance with our EU-U.S. and Swiss-U.S Privacy Shield Policies, which are based upon the seven principles identified within the EU-U.S. and Swiss-U.S Privacy Shield Frameworks
This Notice addresses data subjects residing in the EU (“EU Persons”) and Switzerland (“Swiss Persons”) whose data we may receive from one of our clients or other business partners in the EU or Switzerland, e.g., referral partners, integration partners, etc. When Magnifi receives Client Personal Data for processing pursuant to instructions of clients or their partners, we are acting as an agent for our client and do not provide notice to individuals regarding the collection and use of their personal data. Our clients remain responsible for providing notice, if and to the extent they believe such notice is necessary under applicable EU or Swiss law.
Business Purposes for the Collection and Use of Personal Data
Magnifi Group sells and maintains web-based learning management software largely to small and midsize businesses. We receive mostly business-related information from the EU or Switzerland, including contact information of individual representatives of the businesses with whom we are dealing including names, work email addresses, business phone numbers, and business addresses. In connection with our services, our customers use our hosted technology platform to store and process EU or Swiss Data at their own discretion. As EU or Swiss Data covered by this Notice is by definition sent to us by another company in the EU or Switzerland (e.g., a customer of Magnifi), the categories of data sent and the purposes of processing often depend on such other company, with whom the EU or Swiss Person typically has a closer employment or business relationship (and which, therefore, can provide additional information on categories of data shared with us). Such data typically includes, without limitation, names, work email addresses, business roles, and training records. Magnifi will not use Client Personal Data for any other purposes than for the purposes that Magnifi clients provide such information
Magnifi collects and uses EU or Swiss Data for purposes of providing products and services to our customers, communicating with corporate business partners about business matters, processing EU or Swiss Data on behalf of corporate customers, providing information on our/their services, and conducting related tasks for legitimate business purposes.
Contact information and Client Personal Data is accessible only by those Magnifi employees and consultants who have a reasonable need to access such information in order for us to fulfill contractual, legal and professional obligations. All of our employees and consultants have entered into strict confidentiality agreements, and/or have been subjected to thorough criminal background checks requiring that they maintain the confidentiality of Client Personal Data.
Accountability of Onward Transfer
Magnifi recognizes potential liability in cases of onward transfer to third parties. Magnifi does not transfer Client Personal Data to third parties unless:
- Lawfully directed by a client
- Magnifi may provide Personal Data to third parties that act as agents, consultants, and contractors to perform tasks on behalf of
and under our instructions. For example, Magnifi may store such Personal Data in the facilities operated by third parties. Such
third parties must agree to use such Personal Data only for the purpose for which they have been engaged by Magnifi Group and
they must either:
- Comply with the Privacy Shield principles or another mechanism permitted by the applicable EU or Swiss protection law(s) for transfers and processing of Personal Data;
- Or agree to provide adequate protections for the Personal Data that are no less protective than those set out in this Policy.
- Magnifi Group may disclose Personal Data for other purposes or to other Third Parties when a Data Subject has consented to or requested such disclosure.
- In certain limited or exceptional circumstances in accordance with the EU-U.S. and Swiss- U.S. Privacy Shield Frameworks.
Please be aware that Magnifi Group may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements. Magnifi Group is liable for appropriate onward transfers of personal data to third parties.
Should Magnifi learn that a third party to which Personal Data has been transferred by Magnifi is using or disclosing Personal Data in a manner contrary to this Policy, Magnifi will take reasonable steps to prevent or stop the use or disclosure.
Magnifi assures compliance with this EU-U.S. and Swiss-U.S. Privacy Shield Policy and the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks by utilizing the self-assessment approach as specified by the U.S. Department of Commerce. The assessment is conducted on an annual basis to ensure that all of Magnifi’s relevant privacy practices are being followed in conformance with the EU-U.S. and SwissU.S. Privacy Shield Policies and the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks. Any employee that Magnifi determines is in violation of these policies will be subject to discipline, up to and including termination of employment and/or criminal prosecution.
Magnifi is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
For complaints that cannot be resolved by Magnifi and the complainant, Magnifi agrees to cooperate with JAMS – an independent dispute resolution mechanism, pursuant to the EU-U.S. and SwissU.S. Privacy Shield Frameworks.
Privacy Shield Policy Updates
This EU-U.S. and Swiss-U.S. Privacy Shield Policy may occasionally be updated. When material updates are made, the date of the last revision will be reflected at the end of the page. This page may be bookmarked to facilitate periodic review of this EU-U.S. and Swiss-U.S. Privacy Shield Policy and to note recent updates. Neither this EU-U.S. and Swiss-U.S. Privacy Shield Policy nor updates to it will affect or modify any contracts we have with our clients.
Choice, Access, Review, Update, and Opting Out
If you are an EU or Swiss Person about whom we hold EEA or Swiss Data on a client’s behalf, you may submit the following requests to the business that provided your EEA or Swiss data:
- Request access to your EEA or Swiss data
- Request to update, correct or delete such EEA or Swiss data
- Request changes to the extent of EEA or Swiss data collected
- Request to opt out of EEA or Swiss data collection
You can also contact our EU-U.S. and Swiss-U.S. Privacy Shield Contact. We reserve the right to take appropriate steps to authenticate an applicant’s identity, to charge an adequate fee before providing access and to deny requests, except as required by the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks
EU-U.S. & Swiss-U.S. Privacy Shield Contact
In compliance with the Privacy Shield Principles, Magnifi commits to resolve complaints about our collection or use of your personal information. EU or Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Magnifi at: firstname.lastname@example.org. Please include “Privacy Shield” in the subject line. Or you may call us at: +1 858.273.24459. We will promptly investigate and attempt to resolve complaints and disputes in a manner that complies with the principles described in this Policy.
Magnifi has further committed to refer unresolved Privacy Shield complaints to JAMS:https://www.jamsadr.com/, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit https://www.jamsadr.com/about/submit-a-case for more information or to file a complaint. The services of JAMS:https://www.jamsadr.com/ are provided at no cost to you.
EU or Swiss Persons (EU or Swiss Data Subjects) may complain to their home data protection authority and can invoke binding arbitration for some residual claims not resolved by other redress mechanisms.
If you have a comment or concern that cannot be resolved with us directly, you may contact the competent local data protection authority.
EU-U.S. and Swiss-U.S. Privacy Shield Policy Effective Date: 6/12/2018 (Supersedes: Safe Harbor Statement Effective Date: 12/30/2009).
Privacy Declaration for EU Individuals
It is a matter of course for us to respect your personal rights. This also applies to the handling of personal data during your visit and use of this website. Therefore we, Magnifi Group, Inc., act in accordance with the applicable data protection law. In the following you will learn how we treat your personal data and in particular which data we process for which purposes and which rights you have in this respect.
- Subject Matter
- The entity responsible within the meaning of the EU General Data Regulation (GDPR) is:
Magnifi Group GmbH
Danzinger Straße 83
- Personal Data
Personal data is all information relating to an identified or identifiable natural person. The basic personal date is your name. In addition, your gender, date of birth, address, occupation, e-mail address and IP address are also considered personal data. Non-personal data, on the other hand, is data with which the determination of your actual identity is impossible or at least requires considerable effort. This includes, for example, the aforementioned information if we receive it anonymously or under a pseudonym and therefore cannot assign it to any natural person.
Principle of Anonymity
When using the Learn-Wise Websites, you remain anonymous to us as long as you do not voluntarily provide us with personal data by contacting us of your own accord.
- Provision of Personal Data
- The provision of personal data is neither required by law nor by contract for the use of the Learn-Wise Websites. You are not obliged to provide any personal data about yourself. However, you cannot visit the Learn-Wise Websites without transferring the IP address you are using.
- Contact with us via our contact form requires the provision of the data described in more detail in Section 6. If you do not provide us with this information, you cannot use the contact form.
- Processing of Personal Data
- When using the Learn-Wise Websites the following data collected while you are on the site: date and time of access. We do not allow any conclusions to be drawn about an individual person. We do not collect or store IP address.
- We have engaged various service providers to assist us in the provision, operation and maintenance of our IT systems, including the Learn-Wise Websites. These include, for example, hardware and software suppliers, Google Inc. (for the spam protection service reCAPTCHA, see Section 12), hosting providers and data centers. When such service providers work for us, they may be given access to your personal data as recipients. However, these service providers are then also contractually obliged to comply with data protection by means of a so-called order processing agreement; the statutory provisions on data protection also apply to our service providers anyway.
- Your personal data will not be passed on, sold or otherwise transferred to third parties, provided that the Magnifi Group Inc. is not considered to be a third party in this sense. Anything to the contrary shall only apply if this is necessary for the execution of the notified or agreed purposes and is permitted under applicable data protection law without consent, if you have expressly given your consent or if we are legally obliged to do so. Section 5.3 remains unaffected and applies independently of this Section.
- The personal data provided by you on the Learn-Wise Websites or collected by us will not be used for automated individual decision making.
- Contact Form
- If you contact us via the contact form, you agree that your message may be processed by us and by the Magnifi Group Inc. together with your stated contact data for the purposes of answering and contacting you. You can also enter a pseudonym (a fictitious name) as the name. Your consent and our legitimate interest in being able to contact users of the Learn-Wise Websites electronically (also by our parent company Magnifi Group Inc.) form the legal basis for the processing (Art. 6 para. 1 lit. a and f GDPR).
- We, including Magnifi Group Inc., will only process the data you provide via the contact form to process your message and respond to you. As long as we have received your contact data, which you provide via the contact form, only for processing, contacting and answering your message, we will not use this personal data for any other purposes. Apart from cases in which we are legally obliged to do so, we will not pass on your contact data to third parties in this case. For the avoidance of doubt, our parent company Magnifi Group Inc. is not deemed to be a third party
- Six (6) months after sending the reply, we delete the data transmitted by you via the contact form, unless we are legally obliged to keep it for a longer period or we still need your personal data to carry out or process an existing contractual relationship or for purposes of proof. In such a case we delete the relevant data after the legal retention period has expired or as soon as we no longer need the data for the execution or processing of an existing contractual relationship or for purposes of proof.
- You may withdraw your consent at any time for the future (for contact details see Section 17 below). Your contact data will be stored after the withdrawal for as long and as far as we are obliged to do so within the scope of the legal archiving obligations or we still need your personal data to carry out or process an existing contractual relationship or for purposes of proof.
- Withdrawal of Consent
- Subject to the statutory provisions, you are entitled to withdraw your consent to the processing of your personal data for the future at any time. To do so, please contact the office mentioned in Section 17 below
- We point out to you that the processing of your personal data, which we have carried out on the basis of your given consent until your withdrawal, is not affected by the withdrawal and remains legal.
- Right of Access, Right to Rectification, Erasure, Restriction of Processing, Object and Data Portability
Subject to the statutory provisions, you have the right to obtain information from us about your personal data processed by us, as well as the right to correct, delete, restrict processing, object to processing and to data portability. The exact conditions under which you are entitled to the aforementioned rights can be found in Articles 15 to 21 GDPR and Sections 34, 35 and 37 of the Federal Data Protection Act (BDSG). If you wish to exercise one or more of the above rights, please also contact the office indicated in Section 17.
- Right of Appeal
Subject to the statutory provisions, you have the right to contact the responsible supervisory authority with complaints regarding data protection. The Hesse data protection officer is responsible for us. You can reach her / him together with the supervisory authority via the website https://www.datenschutz.hessen.de.
- As soon as you visit the Learn-Wise Websites, the following cookies are set:
• PHPSESSIONID: This is a cookie generated by WordPress (the software we use to administer the Learn-Wise Websites). The cookie serves as a general identifier that is used to maintain user session variables. It contains a randomly generated number that is assigned to your browser during the browser session. The cookie is deleted at the end of the browser session.
• YouTube – related cookies. We embed videos from our YouTube channel on our website; therefore, the following cookies are used:
— @@History/@@scroll|#: This cookie is used by YouTube to create historical timelines in YouTube videos.
— PREF: Registers a unique ID that is used by Google to keep statistics of how the visitor uses YouTube videos across different websites
— VISITOR_INFO1_LIVE: This cookie tries to estimate your bandwidth on pages with integrated YouTube videos.
— YSC: Registers a unique ID to keep statistics of what videos from YouTube the user has seen.
— KEY: Used to verify what the user entered on all the contact forms. Its purpose is to confirm that users are manually typing on the form as opposed to a spammer using a ‘bot’ to fill them in automatically.
• The cookies used by Google and their meaning are also described at https://policies.google.com/technologies/types.
- If you click on one of the social media links available on the Learn-Wise Websites, the linked website of the social network opens. From there, additional cookies may be stored on your device. These cookies are not under our control. The respective provider is solely responsible for the data protection-compliant behaviour of such cookies.
- In the privacy settings of your browser, you can view and delete the stored cookies at any time and restrict or prohibit the acceptance of cookies.
- When using third-party services on the Learn-Wise Websites (e.g. Google Maps or reCAPTCHA) or when you click on a link, third-party cookies may be used without our express warning. In the privacy settings of your browser, you can also view and delete these stored cookies at any time and restrict or prohibit the acceptance of cookies.
We currently do not use any social media plugins on the Learn-Wise Websites. However, we do display social media links from the following social networks:
• Facebook: www.facebook.com.
• Twitter: www.twitter.com.
Each of them is a link to our company appearance on the corresponding social network; the link contains no further functions (unlike, for example, the Like button of Facebook). If you click on a social media link on the Learn-Wise Websites, only the corresponding linked web page opens.
- We use iframes (inline frames) on the Learn-Wise Websites to display embedded content of the following
• Youtube: www.youtube.com.
- The legal basis for our use of iframes is our legitimate interest in making YouTube videos relevant to us easily accessible to users of the Learn-Wise Websites (Art. 6 para. 1 lit. f GDPR)
- If you visit a website of the Learn-Wise Websites with the iframe mentioned in Section 12.1 above, your browser will create a direct link to the provider's servers in order to transfer embedded contents from there into your browser. This content is integrated into the Learn-Wise Websites via the iframe, so that it is displayed as a kind of mini website in the Learn-Wise Websites that you visit. You cannot see that you are surfing on two websites at the same time. YouTube's Internet address is not displayed. You can recognize the YouTube video by the typical red play button with a white triangle.
- YouTube, as the provider of the embedded content that is displayed to you via the iframe, learns by the direct connection to your browser that you have visited the corresponding Learn-Wise Websites. If you are logged in to your YouTube account at this time, YouTube will still be able to associate your visit to the Learn-Wise Websites with your account even if you do not click on the embedded YouTube video. If you decide to click and use the content offered, YouTube will know. Your browser then sends further usage data to YouTube, which can be stored and reused by this provider.
- For more information about the purpose and scope of data collection and processing by YouTube,
• YouTube, https://policies.google.com/privacy?hl=de&gl=de.
There you will also find further information about your rights and privacy settings
- Google web fonts, so-called Google fonts, are used on the Learn-Wise Websites, which require your browser to download them into its cache. To do this, your browser establishes a connection to the servers of the provider of the web fonts and transmits the IP address used by your device at this time. The provider of the web fonts thus learns that a user with your IP address visits our Learn-Wise Websites. If your browser does not support the web fonts used by the Learn-Wise Websites, the display is based on a standard font instead
- The legal basis for our use of web fonts is our legitimate interest in displaying texts and fonts of our web presence on the Learn-Wise Websites correctly and independently of the system you use in order to ensure a uniform, visually pleasing presentation of our Learn-Wise Websites on the accessing devices (Art. 6 para. 1 lit. f GDPR).
- On the Learn-Wise Websites we use map material from Google Maps and use the programming interface Google Maps API for its integration and geographical representation. As is usual with Google services, Google also collects and processes data about the use of the service when using Google Maps. In this respect, it cannot be ruled out that Google will find out at least the IP address assigned to you during your visit to the Learn-Wise Websites. Depending on which other data (e.g. in cookies) is stored on your device, Google may also obtain further information about you while you surf the Learn-Wise Websites
- The legal basis for our use of Google Maps is our legitimate interest to show you our location via the interactive map service Google Maps used by millions of Internet users and to use Google Maps (Art. 6 para. 1 lit. f GDPR).
- Further information on the purpose and scope of data collection and processing by Google can be found
We take various technical and organizational security measures to protect the integrity and confidentiality of your personal data. For this purpose, your personal data is encrypted during transmission using the so-called Secure Socket Layer technology (SSL). This means that the communication between your computer and the servers of the Learn-Wise Websites takes place using a recognized encryption method, which is considered secure in the current version (currently SSL version 3, 256 bit). If your browser supports SSL, this function protects the transmission of personal data. In this case, most browsers display a short dialog box or a graphic icon to indicate whether the security protocol is supported. You can find further information in the help function of your browser.
- Since we do not meet the legal requirements for the appointment of a data protection officer, we will not appoint a data protection officer until further notice.