Privacy Policy for Sentinel World Simulation

Effective Date: May 14, 2020

American Sentinel University, Inc. d/b/a Sentinel U, a Colorado for-profit corporation, with an address of 10065 E Harvard Ave, Suite 450, Denver, Colorado, 80231, United States of American (“U.S.A.”), together with Our affiliates and subsidiaries (“Company,” “We,” “Us,” or “Our”) is committed to ensuring the privacy and security of You (“User” or “Your”), and Your use of, access to, or visitation of Company’s online healthcare simulation Sentinel World®, available to download through sentinelworld.healthcarelearninginnovations.com (the “Simulation”), including any and all content, functionality, and services offered on or through the Simulation (the “Simulation Services”) (hereinafter, the Simulation and the Simulation Services are collectively referred to as the “Platform”), whether as a guest or registered User. Company is committed to safeguarding the privacy of the User and its data, information, and other personally identifying information through Our compliance with this policy (the “Privacy Policy”). Company and User may be referred to in the singular as a “Party” and collectively as the “Parties.”

This Privacy Policy informs the User of the types of information We may collect from You or that You may provide when You use, access, or visit the Platform, whether as a guest, interested party in one of Our degree programs, a student in Our university, or an otherwise registered User. Moreover, this Privacy Policy details Our practices for collecting, using, maintaining, retaining, protecting, and disclosing Your data and information, including Your Personal Data (as herein defined later).

Please read this Privacy Policy carefully, thoroughly, and completely to understand Our policies and practices regarding Your data, information, and other personally identifying information, and how We collect, use, maintain, protect, and disclose it. If You do not agree with the terms of the Privacy Policy, You may elect to not use, visit, or access Our Platform. By accessing, visiting, or using this Platform, You agree to the terms of this Privacy Policy in its entirety.

This policy may change from time to time (“Changes”). Your continued use of or access to this Platform after Company makes Changes is deemed to be acceptance of those changes; therefore, please routinely monitor this Privacy Policy for any updates, revisions, modifications, or amendments. We will notify the User of any Changes by providing access to the new Privacy Policy on the Simulation. Company will notify the User via email and/or a prominent notice on Our Simulation, prior to or contemporaneous with the Changes becoming effective, and Company will update the date at the top of this Privacy Policy (the “Effective Date”). If Our practices change regarding previously collected Personal Data (later defined herein) in a way that would be materially less restrictive than those policies in effect at the time We collected the information, Company will make reasonable efforts to provide notice and to obtain consent to any such uses as may be required by law.

Definitions.
1. Data Controller. “Data Controller” means the natural or legal person, alone or jointly with others, who determines the purposes and means of the processing of Personal Data (as defined herein). For the purpose of this Privacy Policy, Company is the Data Controller of the Personal Data.
2. Data Processor. “Data Processor” means any natural or legal person, public authority, agency, or other body which processes Personal Data (as defined herein) on behalf of the Data Controller.
3. Data Subject. “Data Subject” means any identified or identifiable natural or legal person who is using or accessing the Simulation. For the purpose of this Privacy Policy, the Data Subject is the User.
4. Device. “Device” means any unit of physical hardware or equipment that provides one or more computing functions within a computer system including, but not limited to, desktop computers, laptop (or otherwise portable) computers, mobile/cellular phones, tablets, and other computers capable of using or accessing the Platform.
5. Personal Data. “Personal Data” means any information that can be used to distinguish or trace an individual User’s identity, either alone or when combined with other personal or identifying information, that is linked or linkable to a specific individual.
6. Processing. “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
7. Usage Data. “Usage Data” means certain data that is generated by use of Our Platform, either by an individual User or from general use of the system.
8. Web Log. “Web Log” means a file automatically created and maintained by a web server, containing information on who or what visits, accesses, or uses the Simulation, the point of origination for those visiting, accessing, or using the Simulation, and the activities and behavior of those visiting, accessing, or using the Simulation.
Opt-Out Policy
1. Opt-Out. From time to time, User acknowledges that User shall receive requests for User input and opinion on the Simulation through survey and other questionnaire means , and other communications as set forth in Section IV.D. User may expressly opt out of receiving any, or all, of these communications from the Company by accessing a web-link to unsubscribe, or alternatively, notifying Company in accordance with the section titled “Comments, Concerns, and Complaints.”
Children’s Privacy
1. Scope of the Platform. Company does not intend to collect, nor does it knowingly collect, Personal Data from anyone under the age of thirteen (13). No User under the age of thirteen (13) may provide any Personal Data to Company or on the Platform.
2. Notification. If We learn (or are informed) We have collected or received Personal Data from any User under thirteen (13) years of age, without verification or parental consent, We will delete the Personal Data. If You have knowledge or awareness, or alternatively suspect or believe, that Company might have any information, including Personal Data, about any User under the age of thirteen (13), please reference the section titled “Comments, Concerns, and Complaints,” for the purpose of informing Company regarding Company’s collection or receipt of Personal Data from any individual under the age of thirteen (13).
Processing of Information & Data
1. Collection. Generally, We do not collect information and data about Users of the Platform, with the exception of the following:
  1. Personal Data including, but not limited to:
    - name (first and last); and
    - email address;
  2. Web Logs, consisting of the following:
    - the Internet domain from which You access the Simulation;
    - Your Internet Protocol (IP) address;
    - Your Internet speed, if provided for by the web browser employed by User;
    - the type and version of the web browser employed by User;
    - the date and time User accessed, used, or visited the Simulation;
    - the duration of access to the Simulation;
    - which of Company’s online healthcare simulation, including Sentinel World®, was accessed by User, and what actions were taken and/or performed by User within the online healthcare simulation; and
    - the URL of the webpages accessed, used, or visited on the Simulation.
2. Automatic Collection. As You navigate through and interact with Our Platform, We may use automatic data collection technologies, such as Web Logs, to collect certain information about Your browsing actions, and patterns, including traffic data, location data, logs, and other communication data and the resources that You access and use on the Simulation.
3. Retention. Company will retain Your information, including Personal Data, only for as long as is necessary for the purposes set out in this Privacy Policy. In addition, We will retain Your information, including Personal Data, to the extent necessary to comply with Our legal obligations, to resolve disputes, and to enforce Our legal agreements and policies.
4. Use. Generally, We do not use or exploit information and data, including Personal Data, of Users to this Platform. We use information and data, including Personal Data, collected from Web Logs and other means:
  - to present the Platform and its contents, resources, and services to You;
  - to maintain the Platform, and to improve the navigation, functionality, and operability of the Platform;
  - to request Your input and opinion on the Simulation through survey and other questionnaire means;
  - to verify the Users’ identities prior to Company’s grant of access to or use of the contents, resources, and services of the Company;
  - to contact You regarding Changes to the Privacy Policy;
  - to provide You with information, contents, resources, products, and services that You may request from the Company;
  - to deliver support to the User in connection with the Platform;
  - if applicable, to carry out Our obligations and enforce Our rights arising from any contracts entered into between You and Company;
  - to monitor, observe, or examine the use of or access to the Platform;
  - to detect, prevent, and address technical, technological, or service errors and issues;
  - to enable You to engage in, participate in, utilize, or activate the interactive features on the Platform;
  - to provide You with information, contents, resources, products, and services related to, or in connection with, the User’s status a registered User (e.g., student) with the Company; and
  - in any other method or fashion as We may so specify upon Your provision of said information, including Your Personal Data.
5. Transfer. Your information, including Personal Data, may be transferred to, and maintained on, Devices located outside of Your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of Your jurisdiction. Your consent to this Privacy Policy, followed by Your submission of such information, including Personal Data, represents Your agreement to that transfer. Company shall take reasonable measures to ensure that Your data is treated securely and in accordance with this Privacy Policy, and that no transfer of Your Personal Data to a third-party organization or a country shall occur, unless there are adequate controls in place regarding the privacy of Your information, including Personal Data, and the information security protocol. If You are located outside of the United States, please be advised that any information, including Personal Data, You provide to us will be transferred to and within the United States. By using, accessing, or visiting Our Platform, You consent to this transfer.
6. Disclosure. Generally, We do not disclose, release, sell, or trade information and data, including Personal Data, of Users to third-party persons and entities. Company may disclose aggregated information and data, including Personal Data, of Our Users, only insofar as the information does not identify any User. We may disclose your information and data, including Your Personal Data:
  - to Our subsidiaries, affiliates, successors, and assignees;
  - to contractors, Service Providers (as defined later herein), learning resources, assessment sites, external vendors, and other third parties We engage to support Our business model and Platform, and who are bound by contractual obligations to keep Your information, including Personal Data, confidential and proprietary, and to use Your information, including Personal Data, only for the purposes and grounds upon which We disclose;
  - to a buyer or any successor in interest in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Company’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which information and data, including Personal Data, held by Company about Our Users is among the assets transferred;
  - to fulfill the purpose for which You provide such information;
  - to provide the User with a quality learning experience through the Platform;
  - to comply with any court order, law, or legal process, including to respond to any government or regulatory request;
  - to enforce or apply Our terms of use (“Terms of Use”), available at https://www.sentinelu.com/terms-of-use/ and other agreements;
  - where, in Company’s sole and absolute discretion, such disclosure is necessary or appropriate to protect the rights, property, or safety of Company, Users, or any third parties with which We contract or engage, or others, including the exchange of information with other entities for the purposes of fraud protection and credit-risk reduction;
  - to protect and maintain the security, operability, viability, functionality, and reliability of this Platform;
  - to prevent or investigate potential, threatened, imminent, or actual wrongdoing in connection with the Platform; and
  - for all other grounds, contingent upon Your consent.
7. Facilitation. We may employ third-party entities, individuals, contractors, and/or subcontractors (“Service Providers”) to facilitate the Platform, provide the Platform on Our behalf, perform Platform-related services, or assist Company in analyzing how Our Platform and its content, resources, and services are used or accessed. These Service Providers may only use, access, or disclose Your information, including Personal Data, for the sole purpose of performing facilitative services. Company utilizes the following Service Providers:
  1. Contegix Help Desk, which provides 24/7 support for all Users of the Company’s online healthcare simulations through telephonic and email means, and whose privacy policy is available at. https://www.contegix.com/privacypolicy;
  2. InApp, which contributes to and assists with the development of Company’s online healthcare simulation products, and whose privacy policy is available at http://inapp.com/privacy-policy/; and
  3. PayPal, which provides PCI-compliant processing services for payment cards, and whose privacy policy is available at https://www.paypal.com/us/webapps/mpp/ua/privacy-full.
Access, Correction, and Deletion
1. Requests. Requests to access, correct, or delete personal information and data, including Your Personal Data, may be submitted through reference to the section titled “Comments, Concerns, and Complaints.” Also, Company may not be able to delete, correct, or revise Your information and data, including Your Personal Data, where Company is legally required to retain and maintain such information and data.
Information Security
1. Protective Measures. We have implemented physical, administrative, and technical measures designed to secure and protect Your information and data, including Personal Data, from accidental loss and from unauthorized access, use, alteration, and disclosure.
  1. Secured Protocols. We have security measures in place to protect from accidental loss and from unauthorized access, use, alteration, and disclosure of the information and data, including Your Personal Data, under Our control. These hardened security systems include firewalls, authenticated access to internal databases (e.g., passwords), encryption, and periodic review of the security and privacy procedures. Company employs industry-standard secure sockets layer (SSL) encryption with Secure Hash Algorithm (SHA) 256 to encrypt transcript data.
2. User Responsibility. The safety and security of Your information, including Your Personal Data, also depends on You. You are responsible for maintaining confidentiality as to those credentials necessary to access the Platform. We ask that You not share Your credentials with any third-party person or entity.
3. Internet Transmission. Unfortunately, the transmission of information via the Internet is not completely secure. Although We exercise best efforts to protect Your personal information, We cannot guarantee the security of Your information and data, including Your Personal Data, transmitted to or from the Platform. Any transmission of information and data, including Your Personal Data, is at Your own risk. Please exercise caution in submitting Your information and data, including Your Personal Data, especially if You are accessing the Platform using a Wi-Fi hotspot or public network. If You have reason to believe that Your use of or access to the Platform is no longer secure or protected, please immediately notify Company of the issue in accordance with the section titled “Comments, Concerns, and Complaints.”
4. Breach Notification. Company shall promptly notify User upon discovery of any actual or suspected misappropriation, unauthorized access to, or disclosure or use of, User information and data, including Your Personal Data (the “Data Breach”). Company shall promptly investigate each Data Breach; where a Data Breach is confirmed by Company to have actually occurred, User shall reasonably cooperate with Company in connection with any independent investigation that Company may desire to conduct with respect to such Data Breach. User shall reasonably cooperate with Company in identifying any reasonable steps that should be implemented to limit, stop, or otherwise remedy any actual or suspected Data Breach.
5. Limitation of Liability. COMPANY EXPRESSLY DISCLAIMS ANY REPRESENTATION OR WARRANTY, WHETHER EXPRESSED OR IMPLIED, WITH RESPECT TO ENSURING, GUARANTEEING, OR OTHERWISE OFFERING ANY DEFINITIVE REPRESENTATION OR WARRANTY OF SECURITY IN CONNECTION WITH YOUR INFORMATION AND DATA, INCLUDING YOUR PERSONAL DATA, OR USAGE INFORMATION, AND FURTHER DISCLAIMS ANY LIABILITY THAT MAY ARISE, SHOULD ANY OTHER INDIVIDUALS OR THIRD-PARTY ENTITIES OBTAIN THE INFORMATION YOU SUBMIT TO THE PLATFORM.
Third Parties and Third-Party Sites and Resources
1. Third-Party Sites. Our Platform and its contents, resources, and services may contain links to third-party sites that are not operated, directly or indirectly, by Company. If You click or select a third-party link, You will be directed to the third party’s site. User acknowledges and agrees that Company has no control over and assumes no responsibility for the content, privacy policies, or practices of any third-party site or service.
2. Other Privacy Policies. To the extent that You submit, present, or offer any personal information, including Your Personal Data, to any third party, such third party’s collection, use, and disclosure of such information may be governed by its privacy policy, and not by Our Privacy Policy.
3. Limitation of Liability. WE ARE NOT RESPONSIBLE FOR THE INFORMATION COLLECTION, USAGE, DISCLOSURE, OR OTHER PRIVACY PRACTICES OF ANY THIRD PARTIES, INCLUDING OUR THIRD-PARTY SERVICE PROVIDERS, ANY THIRD-PARTY SOCIAL MEDIA PLATFORM (E.G., FACEBOOK, INC.), ANY THIRD PARTY MAKING AVAILABLE THE DEVICES OR OPERATING SYSTEMS FOR WHICH CERTAIN SIMULATION RESOURCES, CONTENT, OR SERVICES ARE AVAILABLE (E.G., GOOGLE, INC.), AND ANY THIRD PARTY OPERATING ANY SITE TO OR ON WHICH THE PLATFORM CONTAINS A LINK. THE INCLUSION OF A LINK ON THE PLATFORM DOES NOT IMPLY, DIRECTLY OR INDIRECTLY, ANY ENDORSEMENT OF THE LINKED SITE BY COMPANY OR BY OUR AFFILIATES, SUCCESSORS, AND ASSIGNEES.
Rights under the Family Educational Rights and Privacy Act (FERPA)
1. In General. The Family Educational Rights and Privacy Act (FERPA), as set forth in 20 U.S.C. § 1232g (and the corresponding federal regulations), is a federal law that protects the privacy of student education records. The law applies to all educational institutions that receive funds under an applicable program of the U.S. Department of Education.
2. Disclosure. Generally, educational institutions, such as Company, must have consent, in writing, from a parent (or eligible student) in order to release any information or data, including Your Personal Data, from a student’s record of education. Pursuant to 34 C.F.R. § 99.31, educational institutions, such as Company, possesses the right to disclose any information or data, including Your Personal Data, to the following:
  1. educational institution officials with legitimate educational interest;
  2. other educational institutions to which a student is transferring (from Company);
  3. specified officials for audit or evaluation purposes;
  4. appropriate parties in connection with financial aid to a student (i.e., User);
  5. organizations conducting studies for, or on behalf of, educational agencies or institutions to:
    1. develop, validate, or administer predictive tests;
    2. administer student aid programs; or
    3. improve instruction;
  6. accrediting organizations, for the purpose of executing accrediting functions;
  7. any government or regulatory agency, wherein the Company must comply with any court order, law, or legal process;
  8. appropriate officials in connection with a health or safety emergency; and
  9. to State and local officials (or authorities) to whom this information specifically concerns the juvenile justice system, and the system’s ability to effectively serve the student (i.e., User) whose records are disclosed or otherwise released.
3. Directory Information. Educational institutions, such as Company, may disclose, without consent of the User (or any authorized individual acting for, or on behalf of, User) information qualifying as “directory” information (as defined by 34 C.F.R. § 99.37). Nevertheless, should Company elect to disclose the “directory” information of the User, Company shall give notice to User of:
  1. the types of personally identifiable information (i.e., the Personal Data) that the agency or institution has designated as directory information;
  2. a parent’s or eligible student’s right to refuse to let the agency or institution designate any or all of those types of information about the student as directory information; and
  3. the period of time within which a parent or eligible student (i.e., the User) has to notify the agency or institution, in writing, that he or she does not want any or all of those types of information about the student designated as directory information.
4. All notices from User to opt out of disclosure of “directory” information shall be provided in accordance with the Company’s notice of disclosure to the parent, or eligible student (i.e., User). In the event no such notice is provided, User should submit such requests to opt out in the manner and the means laid forth in “Comments, Concerns, and Complaints.”
Rights under the California Consumer Privacy Act (CCPA)
1. Applicability of CCPA. To the extent Company performs, operates, or executes business in the State of California, and meets any of the following three (3) criteria, Company is subject to the obligations and mandates of the CCPA:
  1. Company has gross annual revenues in excess of $25 million;
  2. Company, on an annual basis, buys, receives, or sells the personal information of at least 50,000 California consumers, households, or devices; or
  3. Company derives at least fifty percent (50%) of its annual revenue from the sale of California consumers’ personal information.
2. Rights under the CCPA. To the extent Company is subject to the obligations and mandates of the CCPA, Company shall afford a California-resident User the following rights:
  1. the right to know what personal information is collected, used, shared, or sold both as to the categories and specific pieces of personal information;
  2. the right to delete personal information held by Company and by extension, the Service Providers of Company;
  3. the right to opt-out of sale of personal information, including Personal Data; Users may direct Company to cease, terminate, and stop the sale of Users’ personal information, including the Personal Data;
  4. the right to non-discrimination in terms of price, service, access, use, or consumption of Company’s resources, including the Simulation, when the User exercises a privacy right available under the CCPA; and
  5. all other obligations and mandates available under the CCPA, available at Cal. Civ. Code § 1798.100 et seq, effective as of January 1, 2020.
Rights under the General Data Protection Regulation (GDPR)
1. Applicability of the GDPR. To the extent Company, as a Data Controller, processes personal information, including Personal Data, of Data Subjects, and meets any of the following three (3) criteria, Company is subject to the obligations and mandates of the GDPR:
  1. Company has an establishment in the European Union (EU); or
  2. Company is not established in the EU, but either:
    - offers goods or services to Users who are EU residents; or
    - monitors the behavior of Users who are EU residents.
2. Rights under the GDPR. To the extent Company is subject to the obligations and mandates of the GDPR, Company shall afford an EU-resident User the following rights, all of which are defined in Articles 12 to 23 of Chapter 3 of Regulation (EU) 2016/679 (General Data Protection Regulation):
  1. the right to be informed;
  2. the right of access;
  3. the right to rectification;
  4. the right to erasure or deletion (i.e., the “right to be forgotten”);
  5. the right to restrict Processing;
  6. the right to portability of personal information, including Personal Data;
  7. the right to object; and
  8. rights in relation to automated decision-making and profiling.
General Provisions
1. Terms of Use. Conditioned upon the use of and access to the Platform and its contents, services, and resources, Company mandates User to accept and agree to be bound by Company’s policy on its terms and conditions of use (“Terms of Use”), which is incorporated herein by reference at https://www.sentinelu.com/terms-of-use/.
2. Do-Not-Track Technology. The Simulation will continue to operate as described in this Privacy Policy, whether or not a “Do Not Track” signal or similar mechanism is received from Your web browser or Device. We do not support or provide Do Not Track (“DNT”) technology. You can enable or disable DNT by adjusting, altering, or changing the settings on the web browsers of Your preference.
3. Comments, Concerns, and Complaints. Requests to access, correct, delete, or inquire of Your personal information and data, including Your Personal Data, should be directed to the applicable agents and representatives in the manner and means laid forth at privacy@SentinelU.com. All other feedback, comments, request for technical support, and other communications relating to the Platform and the Platform’s contents, resources, and services should be directed to the applicable agents and representatives in the manner and the means laid forth in Support@SentinelU.com. Otherwise, all communications must be performed by e-mail, telephone, fax, or U.S. Mail, using the information set out below:
  1. Mailing Address: