(Last modified on April 11, 2023)
Welcome!
Welcome to EM:RAP. We are confident that you will enjoy and appreciate using our “Services”, which allow you to access various audio, video or text materials (collectively “EM:RAP Content”) on our website at www.emrap.org or any subdomain thereof (the “Website”) or through our iOS or Android “Applications”. We want you to know we take your privacy and protection of Personal Information very seriously. We are providing this Privacy Policy (the “Policy”) to tell you about who we are, what Personal Information we collect from you and about you, and what we do with your Personal Information, all while you use the Services or otherwise interact with us and the EM:RAP Content. The Policy also explains your rights under the law, the necessary authorities to enforce those rights, and how you can contact us with any questions or concerns. We ask that you please read this Policy carefully.
Key Elements of this Policy
Below are the key elements of this Policy so you can understand the most important parts right away to make an informed decision about your consent for our collection, use, and disclosure of your Personal Information. You can find the details in the rest of the Policy.
Personal Information we collect from you, but only with your consent |
What we do with it |
Third parties we share it with |
Contact Information |
Communicate with you and manage our relationship |
Companies that provide our communications services, such as MailChimp |
Account Information |
Manage your account, and enable logging in to the Services |
Companies that provide the infrastructure for the Services, such as silverorange |
Billing Information |
Process your payments for your purchase of Subscriptions to the Services |
Payment processors, such as Braintree and Recurly |
Some Terms
Before we get started with the details, below are a few terms we think you should understand as you read this Policy.
“Data Protection Laws” refers to the laws that are designed to protect your Personal Information and privacy in the place where you live. These include: (1) the California Consumer Privacy Act (“CCPA”) which applies to our activities in the United States; (2) the “GDPR”, the European Data Protection Law which stands for “General Data Protection Regulation”, with the official name Regulation (EU) 2016/679 of the European Parliament and of the Council; and (3) the “UK GDPR” which applies to our activities in the United Kingdom; please note that when this Policy refers only to the “GDPR”, this includes the UK GDPR as applicable. EM:RAP is committed to adhering to these and any other applicable Data Protection laws.
“Personal Information” is information we collect from you or about you, and which is defined in the CCPA as “information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” The similar concept in the GDPR is “personal data”, defined as “any information relating to an identified or identifiable natural person.” In either case, it can be as simple as your name or your email, or something more complicated like an online identifier (usually a string of letters and / or numbers) that gets attached to you. Any mention of “Personal Information” in this Policy shall also mean personal data as defined in the GDPR.
Other terms and definitions used in this Policy may be found in our Terms of Use, and will have the same meaning in this Policy as they do there.
About Us and Contacting Us
EM:RAP, Inc. (“EM:RAP”) is a duly-incorporated company in the State of California, USA, at the address listed below. Where this Policy refers to “EM:RAP”, it may refer to EM:RAP, Inc. and / or its shareholders, officers, directors, employees, agents, partners, principals, representatives, successors and assigns — depending on the context.
Under the CCPA, EM:RAP is a “business”. Under the GDPR, EM:RAP is a “data controller”. That means we collect Personal Information directly from you and determine the purpose and means of “processing” that data. “Processing” is a broad term that means collection, use, storage, transfer or any other action related to your Personal Information; it is used in this Policy in that way. The CCPA defines processing as “any operation or set of operations that are performed on Personal Information or on sets of Personal Information, whether or not by automated means”; any use of processing in this Policy would also meet such definition.
If you want to ask us anything about what’s in this Policy, or anything else privacy- or data-related, or exercise any of your available privacy rights, you can email:
EM:RAP Privacy Officer
privacy@emrap.org
Here is the mailing address for you as well:
EM:RAP Privacy Officer
1812 W. Burbank Blvd., #356
Burbank, CA 91506
USA
Your Rights
You have the following rights regarding your Personal Information held by EM:RAP, and other privacy rights. Please note that not necessarily all of these rights may be available to you; this depends on the Data Protection Laws where you are located that apply to you. These rights may be exercised without affecting the price you pay for any of the Services. Notwithstanding that, exercising certain of these rights may affect your ability to use some or all of the Services.
- The right to withdraw at any time your consent for EM:RAP to process your Personal Information;
- The right to have your Personal Information erased from EM:RAP’s records;
- The right to access your Personal Information and any relevant information around its processing and use;
- The right to have a copy of your Personal Information given to you in an easy-to-read format so you can transfer it to another business or data processor;
- The right to have your Personal Information corrected or updated if you believe it is inaccurate or out of date;
- The right to opt out of marketing communications we send you, at any time;
- The right to know whether EM:RAP sells or shares your Personal Information (and if so, who gets it). Please refer to that information elsewhere in this Policy, though you can contact our Privacy Officer if you need additional information or clarifications;
- The right to demand that EM:RAP not sell your Personal Information;
- The right to restrict the processing of your Personal Information if it is inaccurate or if our processing or use of it is against the law; and
- The right to refuse any marketing or advertising targeted at you by EM:RAP.
If you wish to exercise any of these rights, please contact our Privacy Officer at the contact information above, or refer to certain relevant sections further in this Policy. Please note that exercising certain of these rights may prevent us from offering the Services to you, and if so you will be entitled to a refund as per the refund policy found in the Terms of Use.
Personal Information Collected from You and What We Use It For
In the table below, please find all the Personal Information we may collect from you directly, what we use it for, and the legal basis under the GDPR for us having and processing this Personal Information. Under the CCPA, there is no equivalent concept. However, by submitting this Personal Information you acknowledge having granted to EM:RAP your consent to process the Personal Information.
Personal Information category |
Personal Information processed |
What we use it for (the “purpose” of processing) |
Legal basis for processing under the GDPR |
Contact information |
Your name and email address |
To communicate with you |
Your consent in giving us this information |
Account Information |
Your email address, your first and last name, and your profession |
To create an account for you, to communicate with you, and to provide you with the Services |
Your consent and performance of a contract between you and us |
Billing Information |
Credit card holder name, credit card number, expiration date, CVV number and billing address |
To allow you to pay for your Subscription(s) for use of the Services or for Donations you make to EM:RAP’s non-profit organization |
Performance of a contract between you and us |
Anti-fraud Information |
Your telephone number |
To prevent fraud during payment processing |
Performance of a contract between you and us |
Challenge Coin information |
Your name, title and email address |
To communicate with you about the Challenge Coin nomination |
Your consent in giving us this information |
Analytics information |
An analytics identifier |
General analytics, and error and crash reporting in the Application |
Necessity for our legitimate business interests |
Where you have provided Personal Information further to the contract between you and us, if you fail to provide such data or withdraw your consent to use such data, we will no longer be able to provide certain Services to you.
Personal Information Collected About You from Third Parties and What We Use It For
Sometimes we get Personal Information about you from third parties. This table explains the details about this Personal Information – what it is, where it came from, what we do with it, and the legal basis for us having and processing this Personal Information under the GDPR.
Personal Information category |
Personal Information processed |
Who we get the data from |
What we use it for (the “purpose” of processing) |
Legal basis for processing under the GDPR |
Account Information, when a third party purchases a Subscription to the Services for you when purchasing a Group Subscription |
Name and email address |
The administrator of the Group who bought a Subscription for you |
To set up your account and provide you with the Services |
Your consent and performance of a contract |
Challenge Coin information of the nominee |
Name, title and email address of the Challenge Coin nominee |
The individual who nominated you for a Challenge Coin |
To communicate with you |
Your consent |
Sensitive Personal Information
We do not collect any of what the GDPR considers sensitive Personal Information from you, unless you voluntarily submit it through a comment form or as User Content, which we encourage you not to do.
Who We Transfer Your Personal Information To
We routinely share some of your Personal Information with certain types of third parties who are identified in the table below, along with what they do with it. Some of those third-party recipients may be based outside your home jurisdiction. If you are in the European Economic Area, please see the “Transfer of Your Personal Information Outside of the European Economic Area” further down in this Policy for more information including on how we safeguard your Personal Information when this occurs.
We will share Personal Information with law enforcement or other public authorities if: (1) we are required by applicable law in response to lawful requests, including to meet national security or law enforcement requirements; (2) if we believe it is necessary in order to investigate, prevent, or take action regarding illegal activities, fraud, or situations involving potential threats to the safety of any person, or any violation of EM:RAP’s Terms of Use; or (3) if we believe it is necessary to investigate, prevent, or take action regarding situations that involve abuse of the Services infrastructure or the Internet in general (such as voluminous spamming or denial of service attacks).
We may also share Personal Information: (1) to a parent company, subsidiaries, joint ventures, or other companies under common control with EM:RAP (in which case we will require such entities to honour this Policy); or (2) if EM:RAP merges with another entity, is subject to a corporate reorganization, sells or transfers all or part of its business, assets or shares (in which case we will require such entity to assume our obligations under this Policy, or inform you that you are covered by a new privacy policy).
We will never share your Personal Information with other third parties except under these circumstances. We do not sell, rent, or lease your Personal Information to any third party for direct marketing purposes, or any other purpose.
Personal Information category |
Who we transfer it to |
What they do with it |
Contact information |
Companies that provide email services, such as MailChimp, as detailed more fully in the Email Communications section below |
Send you emails |
Contact information |
Our project management software, Shortcut |
Store it so that we may retrieve it to communicate with you about errors in the Services you have experienced |
Account Information (including contact information) |
Companies providing technical infrastructure for the Services, specifically Amazon AWS, silverorange, and Google Firebase |
Control your logging in to the Services so they can be provided to you, and record-keeping |
Billing Information (including Anti-Fraud Information) |
Process your payments for your purchase of Subscriptions or Donations; prevent fraudulent transactions |
|
Analytics identifiers and email addresses |
Companies that provide data analytics such as Amplitude and Google Analytics, as more fully detailed in the Limited Automated Gathering of Information section below |
Provide us with analytics as to how the Services are used, both on the Website and in the Application, and error and crash reporting in the Application and Services, and to trace fraudulent activities |
How We Protect Your Personal Information
We have implemented very strict technical and organizational procedures for ensuring that, by default, only Personal Information which is necessary for each specific purpose of the processing is processed by us. These procedures prevent your Personal Information from being lost, or used or accessed in any unauthorized way.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable supervisory authority of a suspected data security breach where the Data Protection Laws require us to do so, and within the time frame required by the applicable Data Protection Law.
EM:RAP uses only industry-best practices (physical, electronic, and procedural) in keeping any data collected (including Personal Information) secure. In addition, we use third-party vendors and hosting partners to provide the necessary hardware, software, networking, storage, and related technology required to operate the Services. These third parties have been selected specifically for their high standards of security, both electronic and physical. All backups of Personal Information are stored at are encrypted.
Finally, all information, including Personal Information, is transferred with encryption using Secure Sockets Layer (“SSL”) or Transport Layer Security (“TLS”), robust security standards for Internet data transfer and transactions. You can use your browser to check EM:RAP’s valid SSL security certificate.
Tracking Technology (“Cookies” and Related Technologies)
EM:RAP uses tracking technology (“cookies” and related technology such as tags, pixels, and web beacons) on the Website and in the Services. By interacting with the Services you agree to their use. Cookies are small text files placed on your computer or device when you visit a website or use an online service, in order to track use of the site or service and to improve the user experience by storing certain data on your computer or device.
Specifically, we use cookies and related technologies for the following functions:
- To enable your signing-in to the Services and keeping you signed in;
- To facilitate payment processing for your Subscription(s) to the Services or Donations and to keep track of your status during the payment process;
- To provide general internal and user analytics on the Website and in the Application and to conduct research to improve the content of the Services using analytics programs listed below in this Policy; and
- To assist in identifying possible fraudulent activities.
Your browser can be set to refuse cookies or delete them after they have been stored. You can refer to your browser’s help section for instructions, but below are instructions for the most commonly-used browsers and operating systems:
Please note that deleting or blocking certain cookies may reduce your user experience by requiring you to re-enter certain information, including information required to use our Services. Furthermore, deleting certain cookies may prevent certain functions, or the entirety of the Services, from working at all.
Email Communications and Compliance with Anti-Spam Laws
EM:RAP uses MailChimp to manage our mailing list and to send out our newsletter, and Mandrill (a MailChimp add-on) to send out emails related to various Services functions (MailChimp and Mandrill, collectively the “Email Service Providers”). Personal Information is transferred to the Email Service Providers in order to manage the mailing list and for the emails to be sent properly. Your Contact Information is only used to send out emails; the Email Service Providers do not use this Personal Information for any other purpose, and will not transfer or sell your Personal Information to any other third party. For more information, please refer to MailChimp’s Privacy Policy.
You may unsubscribe from EM:RAP’s mailing list at any time, by following the link at the bottom of all EM:RAP emails. Other types of emails, such as transactional, relational, and other emails related to the Services will not have an opt-out option as they are necessary for the use of the Services.
EM:RAP’s practices in regards to its email are designed to be compliant with anti-spam laws, specifically the CAN-SPAM Act of 2003. If you believe you have received email in violation of any anti-spam law, please contact us using the contact information further up in this Policy.
Limited Automated Gathering of Information for Statistical, Analytical and Security Purposes
EM:RAP may automatically collect certain information using the "Third-party Analytics Programs: Google Analytics and Amplitude, to help us understand how our users use the Website and Applications. For example, each time you visit the Website, we may automatically collect your IP address, browser and computer or Device type, access times, the web page from which you came, the web page(s) or content you access, and other related information. We use information collected in this manner only to better understand your needs and the needs of Website visitors and Services users in the aggregate. EM:RAP also makes use of information gathered for statistical purposes to keep track of the number of visits to the Website, the specific pages on the Website, specific actions on a Website page, and users generally with a view to introducing improvements to the Website, Applications, and Services.
EM:RAP also makes use of Sentry on the Website for error reporting, and if you are logged into the Services on the Website your email address will be collected and associated with the error, so we can correct it and communicate with you about it.
EM:RAP also uses Google Firebase, Google Firebase Crashlytics, and Microsoft App Center (the “App Analytics Programs”) to track users of the Application, how they use the Services, to improve the Services, and to diagnose technical problems. The App Analytics Programs use cookies and other technologies to collect data on users’ behavior and their Devices; in particular your Device's IP address (captured and stored only in anonymized form), Device screen size, Device type (unique Device identifiers), browser information, geographic location, and other non-identifiable information. The App Analytics Programs store this information in a pseudonymized user profile. Neither the App Analytics Programs nor EM:RAP will ever use this information to identify individual users or to match it with further data on an individual user.
Your IP address and other relevant information we collect using the Third-Party Analytics Programs or the App Analytics Programs may be used in order to trace any fraudulent or criminal activity, or any activity in violation of the Terms of Use.
How the Application Accesses Your Device (“Permissions”)
The following is a complete listing and description of what functions on your Device that were developed by third parties are accessed and/or modified by the Application. Unless otherwise specified, these permissions apply to both the iOS Application and the Android Application. Where noted, these will function with explicit user permission only. You acknowledge that denying explicit permission may affect or reduce your user experience with the Services offered through the Application.
- Notifications - The Application may send you notifications to alert you about new EM:RAP Content (user permission only);
- Network services access – The Application will access your wi-fi or cellular services to display your network connection and exchange data with servers controlled by EM:RAP. This allows retrieval and sending of information from and to the internet in general, which is required to use the Services;
- Read and write Device storage – The Application may read and write to your Device’s storage in order to save and access EM:RAP Content (user permission only).
Using Your Device’s Settings and Uninstall for the Application
For the Application, you can access and change certain user settings from the settings menu on your Device. You may also uninstall; uninstall methods may vary depending on your Device or iOS or Android version. EM:RAP has no control over these functions and denies any responsibility for your use thereof, and any data or Personal Information sent to third parties as a result of said activities.
Transfer of Your Personal Information Outside of the European Economic Area (EEA) and the U.K.
For our European users, we endeavour to keep your Personal Information inside the EEA or the U.K. (as applicable). However, certain of our data processors (and EM:RAP) are in other countries where your Personal Information may be transferred. However, these countries are limited to countries with particular circumstances that protect your data, specifically:
- The United States. Your Personal Information is only transferred to companies in the United States that: (1) have signed agreements with us or have informed us that they are GDPR-compliant; and (2) have signed the Standard Contractual Clauses for the transfer of personal data outside the EEA and the U.K.
- Canada. Canada has been determined to have an “adequate level of protection” for your Personal Information under European data protection law.
That’s it! You have the right, however, to refuse to have your data transferred outside the EEA. Please contact our Privacy Officer to make that request. Please note that making this request may prevent you from being able to use a portion or all of the Services.
Supervisory Authorities and Complaints
If you are in the EEA or the U.K., under the GDPR you have the right to make a complaint to the appropriate supervisory authority. If you are not satisfied with the response received or the actions taken by our Privacy Officer, or if you would like to make a complaint directly about EM:RAP’s data practises, we invite you to contact the supervisory authority in your country. For example, if you are in the U.K., you should contact the Information Commissioner’s Office who is the supervisory authority. You can reach them in a variety of ways, including by phone (0303 123 1113 in the UK) and mail (Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF). If you are in France, you should contact the Commission Nationale de l'Informatique et des Libertés who is the supervisory authority there. Their contact information can be found here.
The full listing of all Data Protection Authorities (the supervisory authorities) across the EEA can be found here.
Data Retention
Your Personal Information will only be kept for as long as it is necessary for the purpose needed for that processing. For example, we will only retain your Account Information for as long as you have an account with us.
Automated Decision-Making
EM:RAP does not use any automated decision-making processes in providing the Services.
Children’s Privacy Statement
The Services are not intended for children under the age of 16. We do not knowingly collect any Personal Information from a child under 16. If we become aware that we have inadvertently received Personal Information from a person under the age of 16 through the Services, we will delete such information from our records.
Changes to This Privacy Policy
The date at the top of this page indicates when this Policy was last updated. We will endeavor to update the Policy at least once every 12 months and more frequently as needed. You can always find the most updated version of the Policy at this URL.
© EM:RAP, Inc. 2023