PRIVACY POLICY

FRAMEWORK COMPUTER CONSULTANTS LIMITED (trading as DIGITARY) (“We“) are committed to protecting and respecting your privacy.

This policy (together with our Terms of Use and, in the case of organisations with whom we have separate contracts, any applicable terms of service, and any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Terms defined in any referenced terms of service shall have the same meaning in this policy unless the context indicates otherwise. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

For the purposes of applicable law, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (‘GDPR’)::

In respect of any digital documents or data issued through Digitary’s systems and/or any information contained within them – the Issuing Organisation (Digitary Member) is the data controller and Digitary is a data processor;
In respect of information Learners may provide on the Digitary CORE Learner portal as part of their use of Digitary including their name, email, pronouns, photograph, DOB, postal address and mobile number – the Issuing Organisation (Digitary Member) is the data controller and Digitary is a data processor;
In respect of data provided by or processed on behalf of Digitary’s Members, which include academic institutions, school districts, state agencies, public and private boards, and non-academic private entities – the Member is the data controller and Digitary is a data processor. This includes when Members direct Digitary to enable users to create accounts and direct transmission of digital documents through the learner portal; and
In respect of any other information provided directly to Digitary by a user of the system as described in detail in this Policy, such as business contact information of the administrator of a Member account or feedback about the Digitary system – Digitary is the data controller.

When Digitary processes data as a data processor, we do so at the direction of and on behalf of the data controller.

PERSONAL INFORMATION WE MAY COLLECT

In our capacity as a data controller, we may collect and process the following data provided directly to us, including:

Information that is provided by any person filling in forms on our site digitary.net (our site), including contact information such as name, business or organisation name, email address, job title, country, and phone number.
Information from Digitary potential customers (“Members”) including contact information such as name, business or organisation name, email address, job title, country, and phone number.
Information from Digitary customers (“Members”) including name, business or organisation name, email address, job title, country, phone number, and academic credential data.
- Members will upload academic documents and document metadata to their Digitary CORE Organisation Portal. Document metadata including student ID, name and email.
Information provided by any person who contacts us, including by providing feedback or questions or seeking customer support regarding the site and/or the Services.
Details of transactions carried out through our site, including payment information (processed by our payment processor), orders placed and records of transactions.

When Members provide us personal data about users, including students, we act as a processor for such information.

SENSITIVE PERSONAL INFORMATION

We ask that you do not send us or disclose any special categories of personal data or sensitive personal information (e.g. information related to racial or ethnic origin, political opinions, religious or other beliefs, health, biometrics, or criminal background) on or through the Services.

If you send or disclose any such sensitive personal information to us when you submit user generated content in our Services, you consent to our processing and use of such sensitive personal information in accordance with this Privacy Policy.

If you do not consent to our processing and use of such sensitive personal information, you must not submit such user generated content in our Services.

Automatically Collected Information. We (and service providers on our behalf) automatically collect certain information about your use of the Services or your device. We collect the following to provide the Services, for administration and ongoing security monitoring of our systems:

Device information such as hardware model, IP address, device identifiers, operating system, browser type and settings (like language and available font settings) and settings of the device you use to access the Services.
Usage information such as the Services you use, the time and duration of your use
Location information such as general location derived from your computer’s IP address.

We and our service providers may use cookies, web beacons, and other tracking technologies to collect such information.

COOKIES

Our site uses cookies to enable you to use the services we provide.

We use the following cookies:

Strictly necessary cookies. These are cookies that are required for the operation of our site. They include a cookie that enables you to log into secure areas of our site and a cookie to recognise your choice of language. These are session cookies and will expire on logout of the site or after 15 minutes of inactivity.
Performance Cookies. These cookies are used to collect aggregated information on the pages visited on our site which we use to improve the user experience and performance. Performance cookies preferences are selected on first login or from the account setting page in your digital wallet.

You can block the use of cookies on your browser. However, if you use your browser settings to block all cookies you may not be able to access all or parts of our site.

HOW WE STORE & TRANSFER YOUR PERSONAL DATA

The data that we collect from you is, in the first instance, stored and processed within the European Economic Area (“EEA“). Your data may be accessed by us from time to time as part of the provision of the Services. Your data may also be accessed by a registered organisation who issues Secure Electronic Documents to you (“Issuing Organisation“), as part of provision of the Services, and/or by a third party whom you have given your consent to access your Secure Electronic Document(s) (“Receiving Organisation“).

Your data may be transferred to, and stored at, a destination outside the EEA to facilitate processing by an Issuing Organisation and/or Receiving Organisation with whom you have interacted via the Services.

We ensure that appropriate safeguards are in place when transferring and storing your data outside of the region as required by applicable law. This includes adopting EU 2021 Standard Contractual Clauses (SCCs) or implementing an International Data Transfer Agreement (IDTA) where applicable.

Staff of Issuing Organisations may be involved in uploading any Secure Electronic Document, processing any Secure Electronic Document, or (at your request) receiving and reviewing any Secure Electronic Document. Any such staff may also have sight of certain limited administrative personal information that relates to you, such as unique identifier, education and qualification details, name, address and other related information. Where applicable, they may also have access to data as part of the processing of your payment details (if any) and the provision of support services (if any).

By submitting or agreeing to the submission of personal data on your behalf, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

All information you provide to us is stored on our secure servers. Payment transactions (if any) will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

HOW WE USE PERSONAL INFORMATION

We use information held about you in the following ways:

To provide the Services,
- For clarity, providing the Services includes the provision of personal data of users to Receiving Organisations in our capacity as a processor to Members; this includes both Secure Electronic Documents and other information relating to user which we hold on behalf of Members and which users can send to a Receiving Organisation via the Services.;
To ensure that content from our site is presented in the most effective manner for you and for your computer.
To provide you with information, products or services that you request from us
To provide you information about products and services that may interest you (with your permission where required by law).
To carry out our obligations arising from any contracts entered into between you and us.
To allow you to participate in interactive features of our service, when you choose to do so.
To notify you about changes to our service.

We may also use your data in order to provide you with information about goods and services which may be of interest to you. We may contact you about these through our site, by email or by other electronic means. We will not provide any personal data to any third parties for this purpose. By registering for the Services, you consent to the use of data in this manner.

We may also aggregate information that is collected from users on our site. This information will not identify any person. We may also provide third parties with this aggregate information about our users that does not identify them.

HOW WE DISCLOSE YOUR INFORMATION

We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 155 of the Irish Companies Acts, 1963.

We may disclose your personal information to other entities:

In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
If Digitary or a substantial part of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
To our processors that provide services on our behalf, such as hosting vendors, saas tools (such as CRM platforms), analytics service providers, and payment processors
If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms of Use and other agreements; or to protect the rights, property, or safety of Digitary, our customers, or others.

LEGAL BASIS FOR PROCESSING YOUR INFORMATION

The laws in some jurisdictions require data controllers to identify the legal grounds by which they process personal data. Where those laws apply, our legal grounds are:
- Legitimate interests: We process personal data to further the legitimate interests of Digitary (or of our customers, business partners, or suppliers), including to:
  - Provide our Services
  - Provide cybersecurity and managing information technology assets
  - Protect business activities, individuals, and property
  - Provide customer service
  - Marketing and advertising our Services
  - Analyse and improve business activities
  - Manage risks and legal issues
- Performance of Contracts: Certain processing of personal data is necessary to meet our contractual obligations, or to take steps to enter into a contract.
- Consent: If the law requires, and in some other cases, we handle personal data on the basis of consent.
- Legal compliance and legal claims: We process personal data to comply with our legal obligations, and we may use or disclose personal data because it is necessary to establish, exercise, or defend legal claims.

YOUR RIGHTS AND CHOICES

Where we process data on behalf of a data controller such as a Member, you should contact such an entity to exercise any rights you may have.

If you reside in certain territories, you may have the right to exercise certain rights under applicable law with respect to personal data we process as a data controller.

Your rights or requests may be subject to exceptions under applicable law. Depending upon your jurisdiction and the applicable law, you might have the rights to request the following:

Right not to provide consent or to withdraw consent: Where we rely on your consent in order to process certain personal data, you have the right not to provide your consent or to withdraw your consent at any time. This does not affect the lawfulness of the processing based on consent before its withdrawal.
Right of access and/or portability: You may have the right to access the personal data that we hold about you and, in some limited circumstances, have that data provided to you so that you can provide or port that data to another provider.
Right of erasure: In certain circumstances, you may have the right to the erasure of personal data that we hold about you (for example if it is no longer necessary for the purposes for which it was originally collected).
Right to object to or restrict processing: You may have the right to request that we stop processing your personal data or restrict processing in certain circumstances and/or to stop sending you marketing communications.
Right to rectification/correction: You may have the right to require us to correct any inaccurate or incomplete personal data.
Right to lodge a complaint to your local Data Protection Authority: You may have the right to lodge a complaint with your national Data Protection Authority or equivalent regulatory body.

You may also contact us at dataprotection@digitary.net to make a request or to submit questions in relation to your personal data. Please note that to protect your privacy and security, we must be able to verify your identity before we can process your request.

Marketing Communications. If you do not want to receive marketing email communications from us, you can opt-out by clicking on the “unsubscribe” link located on the bottom of our marketing emails or you may send a request to hello@digitary.net.

THIRD PARTY LINKS AND SERVICES

Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

DATA SECURITY

We use industry-standard technology designed to protect your information and all transmissions made through our Services, and take reasonable measures to protect the confidentiality, security and integrity of personally identifiable information collected on our Services.

If you create an account, you are responsible for maintaining the confidentiality of your account password and for activity that occurs under your account credentials. Please email us at dataprotection@digitary.net if there are any unauthorised uses of your account or other breaches of security.

SINGLE SIGN-ON

You can sign in to our Site using sign-in services provided by your organisation, Google, Facebook and LinkedIn. These services will authenticate your identity and provide you the option to share certain personal information with us, such as your name and email address, to pre-populate our sign-up form.

Such services, like Facebook Connect, give you the option to post information about your activities on this Site to your profile page to share with others within your network. If you connect to such services through our Site you authorise us to access, use and store the information that you agreed the services could provide to us based on your settings on that service.

We will access, use and store that information in accordance with this Privacy Policy. You can revoke our access to the information you provide in this way at any time by amending the appropriate settings from within your account settings.

RETENTION & DESTRUCTION OF DATA

We will retain personal information we collect from you where we have a justifiable business need to do so or for as long as we determine it is needed to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law (such as tax, legal, accounting or other purposes). We may delete or de-identify your information sooner if we receive a verifiable erasure request, subject to exemptions under applicable law.

We may destroy or otherwise dispose of any of personal data we collect from you unless we receive, no later than ten days after the end of any agreement with you (whether under terms of service or otherwise) or a trial period (where no contract is entered into immediately following the trial period), a written request for the delivery to you of the then most recent back-up of any of your personal data we hold. We shall use reasonable commercial endeavours to deliver the back-up to you within 30 days of our receipt of such a written request.

HOW WE MAKE UPDATES TO THIS POLICY

Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, may be notified to you by email.

USE OF SERVICES PROVIDED THROUGH OUR SITE

Contracts for the use of Services through our site are governed by our Terms of Use.

HOW TO CONTACT US FOR MORE INFORMATION

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to dataprotection@digitary.net

Cookie	Duration	Description
BIGipServersjoweb-nginx-app_https	session	This cookie is associated with a computer network load balancer by the website host to ensure requests are routed to the correct endpoint and required sessions are managed.
checkForPermission	10 minutes	This cookie is set by Beeswax to determine whether the user has accepted the cookie consent box.
elementor	never	This cookie is used by the website's WordPress theme. It allows the website owner to implement or change the website's content in real-time.
viewed_cookie_policy	1 year	The cookie is set by the GDPR Cookie Consent plugin to store whether or not the user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_6LYZV7EM76	2 years	This cookie is installed by Google Analytics.
_gat_gtag_UA_135044343_1	1 minute	Set by Google to distinguish users.
_gat_UA-135044343-1	1 minute	A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
_hjAbsoluteSessionInProgress	30 minutes	Hotjar sets this cookie to detect the first pageview session of a user. This is a True/False flag set by the cookie.
_hjFirstSeen	30 minutes	Hotjar sets this cookie to identify a new user’s first session. It stores a true/false value, indicating whether it was the first time Hotjar saw this user.
_hjIncludedInPageviewSample	2 minutes	Hotjar sets this cookie to know whether a user is included in the data sampling defined by the site's pageview limit.
_hjIncludedInSessionSample	2 minutes	Hotjar sets this cookie to know whether a user is included in the data sampling defined by the site's daily session limit.
_hjSession_2684283	30 minutes	Hotjar account session sets this session cookie to detect the pageview of a user.
_hjSessionUser_2684283	1 year	Hotjar account session sets this session cookie to detect a user.
_hjTLDTest	session	To determine the most generic cookie path that has to be used instead of the page hostname, Hotjar sets the _hjTLDTest cookie to store different URL substring alternatives until it fails.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
vuid	2 years	Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos to the website.

Cookie	Duration	Description
_mkto_trk	2 years	This cookie, provided by Marketo, has information (such as a unique user ID) that is used to track the user's site usage. The cookies set by Marketo are readable only by Marketo.
bito	1 year 1 month	This cookie is set by Beeswax for advertisement purposes.
bitoIsSecure	1 year 1 month	Beeswax sets this cookie for targeting and advertising. The cookie is used to serve the user with relevant advertisements based on real time bidding.
Test Cookie	2 years	The test cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
tuuid	2 years	The tuuid cookie, set by BidSwitch, stores an unique ID to determine what adverts the users have seen if they have visited any of the advertiser's websites. The information is used to decide when and how often users will see a certain banner.
tuuid_lu	2 years	This cookie, set by BidSwitch, stores a unique ID to determine what adverts the users have seen while visiting an advertiser's website. This information is then used to understand when and how often users will see a certain banner.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.