Last Modified: May 1, 2020
What Information We Collect
How We Use the Information We Collect
How We Share the Information We Collect
Cookies and Other Technology
EU General Data Protection Regulation (GDPR) Policy
“Assessment”means an instrument, questionnaire, or inventory, such as the Personal Resilience Questionnaire (“PRQ”) or Synergy Questionnaire (“SQ”) that is completed by Respondents for the preparation of Reports; or to provide information about a Respondent to the Respondent, RA, or RA Customers.
“Certified Practitioner”means an individual who has successfully completed one of our certification programs that can administer an Assessment to Respondents, and interprets the Reports or other output generated by RA to provide feedback to the Respondent(s) about the contents of the Respondent’s Reports.
“Customer”means an individual, business, or other entity that purchases RA’s Products or Services, or with which RA has a contractual relationship to provide Products or Services.
“Non-Personal Information”means information such as IP address, device information, cookie data, or other session data that cannot lead to an identifiable individual.
“Personal Information”means information such as name, email address, mailing address, telephone number, billing information, and account information, that is necessary for providing or receiving Products or Services of RA.
“Platform”means the offerings that we currently provide, such as Personal Resilience and Team Resilience/Team Synergy, and those that we may develop in the future.
“Products and Services”means the products and services promoted, sold, or available for sale by RA, such as our Assessments and Reports.
“Reports”means an analysis of the responses provided in connection with an Assessment, which reflects a Respondent’s responses to an Assessment. Reports may be dynamically displayed in our platforms, or statically displayed in print or electronic form.
“Respondent”means an individual who takes, will take, or has taken an Assessment.
“Sender”means an individual who invites a respondent to complete an Assessment and who has access to the Reports generated about the Respondent.
“Website”means this Website and any others owned and operated by RA.
What Information We Collect
If you visit our Website, we collect Non-Personal Information that is provided to us by your browser and through our log files. We may record some of this data in one or more cookies that we send to your browser (see “Cookies and Other Technologies”).
If you register or create an account, we require that you provide certain Personal Information during account registration. We collect your name, contact information, and may ask you for other optional information.
If you complete an Assessment, we collect your name, Assessment responses, session data, and other information you may choose to provide or associate with your account.
If you choose to receive marketing communications, we may collect information on the open rate and whether a specific individual has clicked on a link.
If you are a Customer or other business contact, we may collect your name and other contact information in the regular course of our interaction with you.
If you interact with third parties regarding our Products or Services, we may receive information about you, such as from Customers, websites where we advertise, business partners, and service providers.
How We Use The Information We Collect
To facilitate the use of our Platform, we use session data to enhance navigation, to avoid requesting identity information when the visitor moves from page to page, and in general to enhance the quality of our Platform. We may use aggregated session data to better understand how our Platform is navigated, as well as the types of browsers and computer operating systems that our visitors use, and the IP addresses of the visitors.
In connection with Assessments, we use the responses to an Assessment to score the Assessment and to generate Reports and other data related to the Respondent. We may combine data from multiple Respondents; combine Respondent data with our general research databases, which do not include Respondent name or email address; or compare or associate Respondent data with other Respondent data.
For security purposes, we may use IP addresses and session data to ensure a secure connection, to diagnose problems with our servers, and to administer our Websites and Platforms.
For marketing purposes, we may use email or other contact information to send marketing communications and will always provide an unsubscribe option.
How We Share The Information We Collect
Customers: If you take an Assessment sponsored by a Customer, that Customer may receive Reports based on the Assessment you took in order to provide you with relevant products and services. We require that a Certified Practitioner oversee the use of Reports within the Customer environment.
Law Enforcement; Litigation: Certain federal, state, local, or other government regulations may require that we disclose information that we hold. We will use reasonable efforts to disclose only the information required under applicable law in response to a valid court order, warrant, or subpoena.
To Defend or Enforce Our Rights: RA may use information to protect itself, to prevent fraudulent activity, or where it is otherwise necessary to pursue available remedies. If a Customer neglects to pay amounts due and owed to RA, RA may send that Customer’s name, contact information, and account information to a third-party service provider for collection of overdue payments.
Cookies And Other Technologies
Most websites, including ours, use a browser feature to set a small file called a “cookie” on your computer’s browser. The website placing the cookie can then recognize that browser when you revisit the site to allow automatic login and track how you are using the site. You have the right to block cookies by configuring your browser’s preferences or settings to stop accepting cookies, or prompt you before accepting a cookie from a website that you visit.
How We Store And Protect Your Information
We retain your Personal Information for as long as your account remains active or for as long as you continue to do business with us. Thereafter, we may retain Assessment responses and other data for as long as the information is needed for our research, statistical analysis, product development, or other commercial purposes.
We follow generally accepted industry standards to protect Personal Information, both during transmission and once we receive it. We use administrative, physical, and technical measures to protect Personal Information from any unauthorized access, loss, misuse, disclosure, alteration, or destruction.
All data collected through our Platforms are transmitted securely over the internet using 256-bit TLS encryption protocols or better. The data are stored on secure servers in a secured environment that has passed string SOC-2 security audits and have received SOC-3 Trust Services Criteria seals and certifications.
EU General Data Protection Regulation (“GDPR”) Policy
The GDPR is a set of regulations that took effect on May 25, 2018 that enhances the date privacy rights of EU individuals. RA is committed to upholding GDPR compliance among our Products and Services.
We have updated our internal policies and external contracts to ensure compliance with the GDPR prior to the official launch. RA processes personal data on the following legal bases: (1) with your consent; (2) as necessary to provide our Products and Services; and (3) as necessary for our legitimate interests in providing the Products and Services where those interests do not override your fundamental rights and freedom related to data privacy. RA has put in place safeguards to protect personal privacy and individual choice, including disclosures of its data processing activities and the use of consent mechanisms.
Right to Lodge a Complaint: Customers or others that interact with RA that reside in the EEA or Switzerland have the right to lodge a complaint about our data collection and processing actions with the supervisory authority concerned. The contact details for data protection authorities are available here.
Transfers: Personal Information we collect may be transferred to, and stored and processed in, the United States or any other country in which we or our affiliates or subcontractors maintain facilities. Upon the start of enforcement of the General Data Protection Regulation (GDPR), we will ensure that transfers of Personal Information to a third country or an international organization are subject to appropriate safeguards as described in Article 46 of the GDPR.
Individual Rights: If you are a resident of the EEA or Switzerland, you are entitled to the following rights once the GDPR becomes effective. Please note that in order to verify your identity, we may require you to provide us with personal information prior to accessing any records containing information about you.
The right to access and correction, you have the right to request access to, and a copy of, your personal data at no charge, as well as certain information about our processing activities with respect to your data. You have the right to request correction or completion of your personal data if it is inaccurate or incomplete. You have the right to restrict our processing if you contest the accuracy of the data we hold about you, for as long as it takes to verify its accuracy.
The right to request data erasure, you have the right to have your data erased from our Platform if the data is no longer necessary for the purpose for which it was collected, you withdraw consent and no other legal basis for processing exists, or you believe your fundamental rights to data privacy and protection outweigh our legitimate interest in continuing the processing.
The right to object to our processing, you have the right to object to profiling or other processing if your legitimate interests outweigh the legitimate interests of RA and so long as it does not interfere with a task carried out for reasons of public interest.
Data Breach Notification Policy: RA will follow all applicable rules and regulations of the GDPR, along with guidance and instruction from the applicable data protection authorities, in handling, responding, and resolving a data breach.
Data Governance Obligations: RA has established procedures for periodically verifying implementation of and compliance with the GDPR Principles. RA conducts ongoing assessments of our data protection practices to verify the attestations and assertions of our privacy practices are have been implemented properly.
Privacy by Design: RA has implemented various technical and organizational measures to protect and minimize the amount and use of personal data we receive. We have designed our systems and processes to ensure the necessary safeguards of data protection are met.
Staff Training and Competence: RA has trained all necessary staff on the privacy regulations in effect and have appointed a global Data Protection Officer to administer the data governance framework globally.
Global Data Protection Officer
Linda Hoopes, Ph.D.
315 W. Ponce de Leon Ave., Suite 750
Decatur, GA 30030
United States of America