Capsim Privacy Policy

Last Updated: January 2022
Please ensure you read the privacy notice in full.

Capsim (“Capsim”, “we”, “us”, or “our”) believes in creating engaging, real-world experience that teaches and measures specific skills of students and employees. Capsim cares about the security and privacy of the personal data that is entrusted to us.

This privacy notice sets out how Capsim collects and uses information about you when you use our products and services (“services”) and why we collect certain personal data. This notice also explains the choices that you can make about the way that we use your information.

Your privacy protection is important to us. This is why we have adopted the following pivotal legislation: EU’s General Data Protection Regulation 2016/679 (“GDPR”), UK General Data Protection Regulation (“UK GDPR”) and the California Consumer Privacy Act 2018 (“CCPA”). This privacy notice relates to all personal data we process and addresses the legislation mentioned.

‘Personal data’, in this privacy notice, means any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is someone who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Capsim Management Simulations Inc.
2012 Corporate Lane, Suite 108, DPT 8022,
Naperville, Illinois 60563 USA

Our EU representative under the GDPR is Kimura Limited d/b/a Apex Privacy - Main Street, Portarlington, Co. Laois, Ireland. In regards to the processing of your data, Capsim will act as its Processor.

For all data privacy matters, please contact our Data Protection Officer (DPO), at Privacy@Capsim.com.

Capsim’s Privacy Policy applies to all visitors to this website and to anyone who uses Capsim’s products or services through this website (“you” and “your”). This Privacy Policy applies to Capsim’s collection, use, storage, processing, transmission, and transfer of your information, as well as creation of information pertaining to you, whether online and offline. Capsim may update, revise, modify or amend this Privacy Policy at any time. You should check this page periodically for updates, revisions, modifications, or amendments. The last change to this Privacy Policy was on the date that appears on the top of this Privacy Policy.

Here are some definitions
In this policy, we use definitions from the GDPR unless otherwise stated.

‘GDPR’ means either or both of the EU GDPR and UK GDPR. We will use this when there is little or no difference in the wording of the relevant law for the context.

 

‘Personal data’ means any information relating to an identified or identifiable natural person, namely one who can be identified, directly or indirectly from that information alone or in conjunction with other information ‘in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person’.

 

“Financial Information” means Personal Information of a financial nature, such as your credit card number.

 

“Other Business Parties” means parties other than you that contract with Capsim either to provide products and services to Capsim in connection with products or services that Capsim provides to you or that engage Capsim to assist in its provision of products or services to you (e.g., your university or your employer). Other Business Parties may include your fellow students or employees.

“Personal Information” means information about you that Capsim collects about you that may be used, alone or in combination with other information, to identify you as a specific individual.

 

“Unrelated Parties” means persons or entities other than you, Capsim, or Other Business Parties.

 

“Unrelated Parties” means persons or entities other than you, Capsim, or Other Business Parties.

Why we collect your personal data
So that we can help you, we need your data and here we tie in our legal reasons for needing to collect your data.

In order for us to provide you with our services or for correspondence purposes we need to collect your personal data. We ensure that the information we collect and use is confined to this purpose. We always process your personal data for specific purposes, with the nature of the data collected depending on your interaction with us. We are committed to transparency in this.

Our legal bases for controlling or processing personal data are:

  • Article 6.1(a) GDPR (Consent): You provide informed consent to us or have a reasonable expectation that we will use your information in a certain way – for example, to engage in our community discussions, or to hear about new services or offers. You can withdraw your consent at any time by request to privacy@capsim.com
  • Article 6.1(b) GDPR (Contract): Providing our services and fulfilling our obligations to you, usually relating to a terms of service or partnership agreement;
  • Article 6.1(c) GDPR (Legal Obligation): The necessity to meet compliance with our legal obligations; and/or
  • Article 6.1(f) GDPR (Legitimate Interest): Where it is in our legitimate interests to do so. We only rely on ‘legitimate interests’ as the legal basis for processing by us, or third parties we use, for these purposes:
    • business development; or
    • providing login systems to users via their existing accounts.

Where we rely on a specific basis for processing your information and you wish to object to that processing, you must be aware that it might not be possible for you to continue using our services.

How we collect personal data
Here we give you examples of ways that you interact with us and the resulting data we may collect!

Capsim collects information from you whenever you visit or use the website, some of which you provide voluntarily and some of which is collected automatically. In addition, Capsim may receive information about you from Other Business Parties. This can be information that you provide through our websites, over the phone, through email, including when you:

  • create an individual or corporate user account;
  • request support;
  • register for or participate in an online class, exam, certification, training, webcast or other event;
  • request information or materials;
  • when you interact with our services.
  • participate in surveys or evaluations;
  • participate in promotions, contests or giveaways;
  • make a purchase through our shopping cart or register products;
  • apply for employment;
  • submit questions or comments; or
  • submit content or posts on our forums or other interactive webpages.
  • when you fill a registration form or otherwise submit your personal information.
For a complete register of process information, please contact privacy@capsim.com.
How we use personal data
Here we let you know how we use your personal data to provide and maintain our services.

We may need to pass your personal data on to third-party service providers contracted to Capsim in the course of providing you services. We do this because there are services, such as our videos and chat features, which will not work unless we are able to make these transfers. Any third parties we share your data with are obliged to keep your personal data secure and use it only for necessary service delivery.

https://www.capsim.com/ may use your information for the following purposes:

  • Providing and maintaining our Service, as well as monitoring the usage of our Service.
  • For data analysis to identify usage trends and to evaluate and improve our Service, products, services, and marketing efforts.
  • Managing your account. Your Personal Data can enable access to multiple functions of our Service that are available to registered users.
  • Determine your eligibility for Capsim products and services and to provide you requested Capsim products and services.
  • Respond to your inquiries and provide you customer support and to foster communication and collaboration among you, Capsim and Other Business Parties including informing you about opportunities to participate in Capsim’s Challenges.
  • Analyze how Capsim’s website, products and services are being accessed and used to improve Capsim’s website performance and delivery and to improve Capsim’s products and services, including training and quality assurance.
  • To prevent misuse of Capsim’s websites and apps by you or others.
  • Record and analyze your academic performance, results, outcomes and preferences.
  • Obtain and process payment for Capsim products and services and to maintain business records.
  • For the performance of a contract. Your Personal Data will assist with the development, undertaking, and compliance of a purchase contract for products or services you have purchased through our Service.
  • To contact you. Capsim will contact you by email, phone, SMS, or another form of electronic communication related to the functions, products, services, or security updates when necessary or reasonable.
  • To update you with news, general information, special offers, new services, and events.
  • Testimonials and customer feedback collection. If you share a testimonial or review about your experience using our Service, it will be shared or otherwise used on the website.
  • Dispute resolution and site protection. Your information will be used in the instance of a legal dispute to resolve issues related to our Service.
  • Enforce Capsim’s Terms of Use and Terms and Conditions as may be required or permitted by legal, regulatory, industry self-regulatory, insurance, audit, or security requirements applicable to you, Capsim or any Other Business Party

Your Financial Information will be used to provide requested products and services, to analyze operational and business results, to analyze risk, and to conclude a transaction between you and either Capsim or an Other Business Party. It will not be sold, rented, or otherwise transferred to anyone for any other purpose. Capsim uses the services of a third-party service provider to process credit card payments. Therefore, Capsim itself will not have access to you credit card information. In addition, the third-party service provider has agreed that it only uses your [personally identifiable] credit card information to process your payments.

If you are using Capsim products or services in your capacity as a student of an Other Business Party that is subject to the U.S. federal Family Educational Rights and Privacy Act (FERPA) (“Covered Educational Institution”), to the extent that your Personal Information is an “education record” under FERPA, it will be subject to FERPA. If you want to assert your rights under FERPA, you should contact your Covered Educational Institution.

Capsim will share your information only with your explicit consent. Your information may be shared to a third-party for reasons including:

  • Analytics information. Your information might be shared with online analytics tools in order to track and analyze website traffic.
  • Improving our Service. Your information might be shared with third-party service providers in order to improve our Service and/or interactions with providers.
  • Payment processing and recovery services. Your information will be used in order to process payments in the event of a purchase, refund, or other similar request.
  • Marketing initiatives. Your information will be used for generating and sending newsletters, email marketing efforts, advertisements, and more.
  • Corporate transactions. Any other entity which buys us, or part of our business will have the right to continue to use your Personal Data, but subject to the terms of this Privacy Policy.
  • Compliance and harm prevention: (i) to comply with applicable law; (ii) to enforce our contractual rights; (iii) to protect the Services, rights, privacy, safety, and property of Capsim, you, or others; and (iv) to respond to legal requests which may include authorities outside your country.

Any third party we share your information with must disclose the purpose for which they intend to use your information. They must retain your information only for the duration disclosed when requesting or receiving said information. The third-party service provider must not further collect, sell, or use your personal information except as necessary to perform the specified purpose. We seek to enter into Data Processing Agreements with our third party service providers to ensure they only process your data as instructed by us. If you obtain products or services directly from us on behalf of others we will ensure those third party service providers have a Data Processing Agreement (DPA) with us.

If you choose to provide such information during registration or otherwise, you are giving Capsim permission to use, share, and store that information in a manner consistent with this Privacy Policy.

Your information may be disclosed for additional legal reasons, including:

  • Complying with applicable laws, regulations, or court orders.
  • Responding to claims that your use of our Service violates third-party rights.
  • Enforcing agreements you make with us, including this Privacy Policy.

 

How we store personal data
Here we outline our processes for data storage, how we will protect your data and keep it only for as long as needed!

We will process (collect, store and use) the information you provide in a manner compatible with GDPR. We maintain physical, organizational and technical safeguards for all personal data we hold. We will endeavor to keep your information accurate and up to date, and not keep it for longer than is necessary. We are required to retain certain information in accordance with the law, such as information needed for income tax and audit purposes. How long certain kinds of personal data should be kept are governed by specific business sector requirements and agreed practices. Personal data can be held in addition to these periods depending on individual business needs.

We will process different forms of personal data for as long as it is necessary and proportionate for the purpose for which it has been supplied and we will store the personal data for the shortest amount of time possible, taking into account legal and service requirements.

All data is stored on servers that are located in the US. Production servers and data are hosted in Amazon Web Services (AWS) Cloud. Capsim products are web application platforms, therefore all the data is separated logically, rather than physically. Retained data can be deleted upon client’s request. At the 7-year mark, data will be either deleted or archived. All stored passwords and email addresses are encrypted. Please note that user passwords are not provided during LTI integration.

Authorization of data is done via SSL protocol with validated private keys and secrets. Data is accessed by authorized personnel only: Capsim Employees and Third-Party certified secure AWS contractors have all signed Privacy and Non-Disclosure Agreements.

The personal information which is accessed is First Name, Last Name, Student ID, Student Email. This information is stored for the convenience of the Professor and Students for teamwork and grading. Upon request, this information can be made anonymous by using randomly generated placeholder info. Students can only see their own personal information and grading data. Professors can see data for all students and courses which they are teaching.

All stored personal information is used only for the purpose of the client/user. Capsim does not sell, rent, or lease any personal information.

Amazon Web Services (AWS) Cloud

As mentioned, all production servers and data are hosted in Amazon Web Services (AWS) Cloud. The IT infrastructure that AWS provides is in alignment with security best practices and IT security standards, including: SOC 1/SSAE 16/ISAE 3402 (formerly SAS 70), SOC 2, SOC 3, FISMA, DIACAP, and FedRAMP, DOD CSM Levels 1-5, PCI DSS Level 1, ISO 9001 / ISO 27001 / ISO 27017 / ISO 27018, ITAR, FIPS 140-2, MTCS Level 3

As well as several industry-specific standards, including:

  • Criminal Justice Information Services (CJIS)
  • Cloud Security Alliance (CSA)
  • Family Educational Rights and Privacy Act (FERPA)
  • Health Insurance Portability and Accountability Act (HIPAA)

AWS Physical Security

All physical access to AWS facilities is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means.

Authorized staff must pass two-factor authentication a minimum of two times to access data center floors. All visitors are required to present identification and are signed in and continually escorted by authorized staff.

All physical access to data centers by AWS employees is logged and audited routinely.

Marketing
We love to share, but you can opt out and we will not sell your information!

We have no interest in collecting any data beyond that needed to ensure our services work for you. If you are going to be contacted by us for marketing purposes, we will not rely solely on this privacy notice. We will endeavour to seek your consent appropriately. Capsim does not sell data, and has no intentions in doing so in the future.

All marketing activities must comply with our Privacy & Marketing Policy, its related procedure, and all applicable laws at all times.

Children and Personal Data
You can help us to keep children safe!

At Capsim we understand the importance of protecting the personal data of children under the age of 16. It is not our intention to collect personal data from a child. If you believe that a child has disclosed personal data or that we hold personal information about a child, please email us at privacy@capsim.com.

Data protection rights
Here, we outline your GDPR rights for the data you share with us.

At any point while we are in possession of or we process your personal data, you have the following rights:

  • (GDPR) right of access – you have the right to request a copy of the information that we hold about you;
  • (GDPR) right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete;
  • (GDPR) right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records;
  • (GDPR) right to restriction of processing – where certain conditions apply to have a right to restrict the processing;
  • (GDPR) right of portability – you have the right to have the data we hold about you transferred to another organisation;
  • (GDPR) right to object – you have the right to object to certain types of processing such as direct marketing;
  • (GDPR) right to object to automated processing, including profiling – you also have the right not to be subject to the legal effects of automated processing or profiling;
  • (GDPR) right to judicial review: in the event that we refuse your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined below;

To exercise your data protection rights please contact our DPO at Privacy@Capsim.com.

We will comply with your request to the extent required by applicable law. We will not be able to respond to a request if we no longer hold your Personal Data. If you feel that you have not received a satisfactory response from us, you may have the right under applicable laws to consult with the data protection authority in your country.

For your protection, we may need to verify your identity before responding to your request, such as verifying that the email address from which you send the request matches the email address that we have on file. If we no longer need to process Personal Data about you in order to provide our Services or our Sites, we will not maintain, acquire or process additional information in order to identify you for the purpose of responding to your request.

Cookies
We use cookies to help deliver a better experience.

Cookies are defined as ‘small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.’ You can find out all about cookies, how to manage them and delete them, and how to manage your browser settings, at the UK ICO and www.aboutcookies.org.

You can change or withdraw your consent to the cookies we use at any time contacting the Privacy Team at Privacy@Capsim.com You can also opt out of being tracked by Google Analytics across all websites.

Please note that if you manage your consent or your browser and third party settings to block cookies, some or all of the Website and Services may not have full functionality and your user experience may be impacted.

If we provide social media links or interactions on our website, such as like or share buttons, and you interact with them, the social media organization may drop cookies and they will be covered by the Privacy Policy of that organization. We typically do not receive any personal data collected as a result of such interaction, although we may receive aggregated reports.

  • Strictly necessary cookies. Strictly necessary cookies allow core website functionality such as user login and account management. The website cannot be used properly without strictly necessary cookies.
  • Performance cookies. Performance cookies are used to see how visitors use the website, eg. analytics cookies. Those cookies cannot be used to directly identify a certain visitor.
  • Targeting cookies. Targeting cookies are used to identify visitors between different websites, eg. content partners, banner networks. Those cookies may be used by companies to build a profile of visitor interests or show relevant ads on other websites.
  • Functionality cookies. Functionality cookies are used to remember visitor information on the website, eg. language, timezone, enhanced content
If you wish to withdraw consent you can contact the Privacy Team at Privacy@Capsim.com
Security
We use cookies to help deliver a better experience.

Your information’s security is important to us.

Capsim utilizes a range of security measures to prevent the misuse, loss, or alteration of the information you have given us. However, because no security can ever be 100% guaranteed, Capsim cannot guarantee you against the loss, misuse, or alteration of your Personal Information and you must access our service at your own risk.

Capsim is additionally strongly committed to security and privacy of the personal data that is entrusted to us. Data at rest and in transit is encrypted using Advanced AES 256 Encryption. User data is only used for the necessary purposes of the simulation.

Capsim does not sell, rent, or lease any Personal Information. Our EU representative under the GDPR is Kimura Limited d/b/a Apex Privacy - Main Street, Portarlington, Co. Laois, Ireland. All production servers and data are hosted in Amazon Web Services (AWS) Cloud within the US.

Capsim is not responsible for the performance of websites operated by third parties or your interactions with them. When you leave this website, we recommend you review the privacy practices of other websites you interact with and determine the adequacy of those practices.

Our servers are being continuously monitored for uptime with immediate escalation to the authorized system administrators for any downtime. In the event that a security incident is suspected to have resulted in a breach of personal information, notification of the affected entities will occur within 48 hours of the breach. Upon discovering a possible security breach, system administrators focus on investigating and containing the breach as well as addressing appropriate gaps to prevent the incident from reoccurring. Client will be continuously updated on the status of the investigation, containment, and follow-up actions.

Public Status Page: https://status.capsim.com/

When developing any software through our agile methodology, the project is divided into iterations. Our secure design standards are applied to each iteration which will be implemented as part of the product requirements.

Our secure design strategy focuses on three main areas for every iteration. Confidentiality - data is protected from unauthorized individuals/systems. Integrity - data remains complete and uncorrupted. Availability - data is accessible only by authorized users without interference. Additionally, we incorporate server-side session checks prior to allowing access to software updates in order to verify the authenticity of the user. Finally, we also verify security guards that are in place combined with automated testing and version control prior to any release.

Capsim’s website may contain links to other websites. Some of them may collect your Personal Information and may apply their own policies on how your Personal Information is used. Please read all applicable policies of all websites you visit. Capsim is not responsible for the privacy practices of anyone else’s website(s).

 

International Data Transfer
Capsim products and offerings connect you to the world.

Personal Data may be stored and processed in any country where we do business, or our service providers do business. We may transfer your Personal Data to countries other than your own country, including to the United States. These countries may have data protection rules that are different from your country. When transferring data accross borders, we take measure to comply with applicable data protections law related to such transfer. Official (such as law enforcement or security authorities in those countries may be entitled to access your Personal Data.

We comply with laws on the transfer of personal data between countries to help ensure your data is protected, wherever it may be.

Capsim’s international transfer of personal data collected in the European Economic Area, the United Kingdom, and Switzerland is governed by Standard Contractual Clauses.

Updates to our Privacy Policy
We are transparent about any updates made to this Policy.

Capsim updates our privacy notice when necessary or in response to:

  • Feedback from our community, customers, relevant authority, industry or other stakeholders;
  • Changes in our products or services; and/or
  • Data processing or policy changes.
The “last updated” date at the top of this privacy notice reflects when the most recent changes were made. We encourage you to periodically review this privacy notice for any amendments.
You can help keep data safe
Responsible data handling is an important part of security!
Keeping your data secure also depends on you ensuring that your account’s security is maintained by using sufficiently complicated passwords and storing them safely with the addition of antivirus software and firewalls. You should ensure that you have sufficient security on your own systems, to keep any data you download or store on your own computer safe from unauthorized view.

 

How to contact us
We love feedback, reach out to us!

If you have any questions about our privacy policy, please contact us by email at privacy@capsim.com

Capsim Privacy Policy

Welcome!

Capsim (“Capsim”, “we”, “us”, or “our”) believes in creating engaging, real-world experience that teaches and measures specific skills of students and employees. Capsim cares about the security and privacy of the personal data that is entrusted to us.

Capsim Management Simulations Inc.
2012 Corporate Lane, Suite 108, DPT 8022,
Naperville, Illinois 60563
USA

Our EU representative under the GDPR is Kimura Limited d/b/a Apex Privacy - Main Street, Portarlington, Co. Laois, Ireland. In regards to the processing of your data, Capsim will act as its Controller.

For all data privacy matters, please contact our Data Protection Officer (DPO), at Privacy@Capsim.com.

Overview

Capsim’s Privacy Policy applies to all visitors to this website and to anyone who uses Capsim’s products or services through this website (“you” and “your”). This Privacy Policy applies to Capsim’s collection, use, storage, processing, transmission, and transfer of your information, as well as creation of information pertaining to you, whether online and offline. Capsim may update, revise, modify or amend this Privacy Policy at any time. You should check this page periodically for updates, revisions, modifications, or amendments. The last change to this Privacy Policy was on the date that appears on the bottom of this Privacy Policy.


Definitions

As used in this Privacy Policy, the following terms have the following meanings:

“Financial Information” means Personal Information of a financial nature, such as your credit card number.

“Other Business Parties” means parties other than you that contract with Capsim either to provide products and services to Capsim in connection with products or services that Capsim provides to you or that engage Capsim to assist in its provision of products or services to you (e.g., your university or your employer). Other Business Parties may include your fellow students or employees.

“Personal Information” means information about you that Capsim collects about you that may be used, alone or in combination with other information, to identify you as a specific individual.

“Unrelated Parties” means persons or entities other than you, Capsim, or Other Business Parties.

Information Collected

Capsim collects information from you whenever you visit or use the website, some of which you provide voluntarily and some of which is collected automatically. In addition, Capsim may receive information about you from Other Business Parties. The information that you provide to Capsim includes your responses, decisions, and other actions as you participate in and complete simulations.

We collect the following data from you:
1. Student Key
2. Full name
3. Username
4. Password
5. E-mail
6. Ship address (street, number, city, state, zip code, and country)
7. Phone number
8. Student ID
9. Usage data and IP address (Cookies)

Capsim’s Use of Your Personal Information

Capsim does not sell, rent, or lease your Personal Information to others. Capsim does not share your Personal Information with anyone other than Other Business Parties.

Capsim may collect, use, and disclose Personal Information for the following purposes:
1. to determine your eligibility for Capsim products and services
2. to provide you requested Capsim products and services
3. to respond to your inquiries and provide you customer support
4. to foster communication and collaboration among you, Capsim and Other Business Parties, including informing you about opportunities to participate in Capsim’s Challenges
5. to analyze how Capsim’s website, products and services are being accessed and used
6. to improve Capsim’s website performance and delivery and to improve Capsim’s products and services, including training and quality assurance
7. to prevent misuse of Capsim’s websites and apps by you or others
8. to record and analyze your academic performance, results, outcomes and preferences
9. to obtain and process payment for Capsim products and services
10. to maintain business records
11. to enforce Capsim’s Terms of Use and Terms and Conditions as may be required or permitted by legal, regulatory, industry self-regulatory, insurance, audit, or security requirements applicable to you, Capsim or any Other Business Party

Your Financial Information will be used to provide requested products and services, to analyze operational and business results, to analyze risk, and to conclude a transaction between you and either Capsim or an Other Business Party. It will not be sold, rented, or otherwise transferred to anyone for any other purpose. Capsim uses the services of a third-party service provider to process credit card payments. Therefore, Capsim itself will not have access to you credit card information. In addition, the third-party service provider has agreed that it only uses your [personally identifiable] credit card information to process your payments.

If you are using Capsim products or services in your capacity as a student of an Other Business Party that is subject to the U.S. federal Family Educational Rights and Privacy Act (FERPA) (“Covered Educational Institution”), to the extent that your Personal Information is an “education record” under FERPA, it will be subject to FERPA. If you want to assert your rights under FERPA, you should contact your Covered Educational Institution.

Capsim’s Disclosure of Your Personal Data

1. Service Providers

We share Personal Data with certain of our service providers subject to contract terms that limit their use of Personal Data. We have service providers that provide services on our behalf, such as identity verification services, website hosting, data analysis, marketing service, information technology, and related infrastructure, customer service, email delivery, and auditing services. These service providers may need to access Personal Data to perform their services. We authorize such service providers to use or disclose the Personal Data only to perform services on our behalf or comply with legal requirements. We require such service providers to contractually commit to protect the security and confidentiality of Personal Data they process on our behalf. Our service providers are predominantly located in the European Union and the United States of America.

2. Corporate transactions

In the event that we enter into, or intend to enter into, a transaction that alters the structure of our business, such as reorganization, merger, sale, joint venture, assignment, transfer, change of control, or other disposition of all or any portion of our business, assets or stock, we may share Personal Data with third parties in connection with such transaction. Any other entity which buys us, or part of our business will have the right to continue to use your Personal Data, but subject to the terms of this Privacy Policy.

3. Compliance and harm prevention:

We share Personal Data as we believe necessary: (i) to comply with applicable law; (ii) to enforce our contractual rights; (iii) to protect the Services, rights, privacy, safety, and property of Capsim, you, or others; and (iv) to respond to a request from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include authorities outside your country of residence.

Your rights

You may have choices regarding our collection, use, and disclosure of your Personal Data.

1. The right to request confirmation of whether Capsim processes Personal Data relating to you, and if so, to request a copy of that Personal Data;

2. The right to request that Capsim rectifies or updates your Personal Data that is inaccurate, incomplete, or outdated;

3. The right to request that Capsim erase your Personal Data in certain circumstances provided by law;

4. The right to request that Capsim restrict the use of your Personal Data in certain circumstances, such as while Capsim considers another request that you have submitted (including a request that we make an update to your Personal Data);

5. The right to request that we export your Personal Data that we hold to another company, where technically feasible;

6. Where the processing of your Personal Data is based on your previously given consent, you have the right to withdraw your consent at any time; and/or

7. In some cases, you may also have the right to object to the processing of your Personal Data.

To exercise your data protection rights please contact our DPO at Privacy@Capsim.com.

We will comply with your request to the extent required by applicable law. We will not be able to respond to a request if we no longer hold your Personal Data. If you feel that you have not received a satisfactory response from us, you may have the right under applicable laws to consult with the data protection authority in your country.

For your protection, we may need to verify your identity before responding to your request, such as verifying that the email address from which you send the request matches the email address that we have on file. If we no longer need to process Personal Data about you in order to provide our Services or our Sites, we will not maintain, acquire or process additional information in order to identify you for the purpose of responding to your request.

Security Measures

Capsim takes commercially reasonable steps to secure your Personal Information to protect against its loss, misuse, and alteration. Unfortunately, no data transmission over the internet can be guaranteed to be completely secure. As a result, Capsim cannot guarantee you against the loss, misuse, or alteration of your Personal Information, and you provide information to Capsim at your own risk.

Data Storage

All data is stored on servers that are located in the US. Production servers and data are hosted in Amazon Web Services (AWS) Cloud. Capsim products are web application platforms, therefore all the data is separated logically, rather than physically. Retained data can be deleted upon client’s request. At the 7-year mark, data will be either deleted or archived. All stored passwords and email addresses are encrypted. Please note that user passwords are not provided during LTI integration.

Authorization of data is done via SSL protocol with validated private keys and secrets. Data is accessed by authorized personnel only: Capsim Employees and Third-Party certified secure AWS contractors have all signed Privacy and Non-Disclosure Agreements.

The personal information which is accessed is First Name, Last Name, Student ID, Student Email. This information is stored for the convenience of the Professor and Students for teamwork and grading. Upon request, this information can be made anonymous by using randomly generated placeholder info. Students can only see their own personal information and grading data. Professors can see data for all students and courses which they are teaching.

All stored personal information is used only for the purpose of the client/user. Capsim does not sell, rent, or lease any personal information.

Amazon Web Services (AWS) Cloud

As mentioned, all production servers and data are hosted in Amazon Web Services (AWS) Cloud. The IT infrastructure that AWS provides is in alignment with security best practices and IT security standards, including:
• SOC 1/SSAE 16/ISAE 3402 (formerly SAS 70)
• SOC 2
• SOC 3
• FISMA, DIACAP, and FedRAMP
• DOD CSM Levels 1-5
• PCI DSS Level 1
• ISO 9001 / ISO 27001 / ISO 27017 / ISO 27018
• ITAR
• FIPS 140-2
• MTCS Level 3

As well as several industry-specific standards, including:
• Criminal Justice Information Services (CJIS)
• Cloud Security Alliance (CSA)
• Family Educational Rights and Privacy Act (FERPA)
•Health Insurance Portability and Accountability Act (HIPAA)
• Motion Picture Association of America (MPAA)

AWS Physical Security

All physical access to AWS facilities is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means.

Authorized staff must pass two-factor authentication a minimum of two times to access data center floors. All visitors are required to present identification and are signed in and continually escorted by authorized staff.

All physical access to data centers by AWS employees is logged and audited routinely.

Secure Development Standards

When developing any software through our agile methodology, the project is divided into iterations. Our secure design standards are applied to each iteration which will be implemented as part of the product requirements. Our secure design strategy focuses on three main areas for every iteration. Confidentiality - data is protected from unauthorized individuals/systems. Integrity - data remains complete and uncorrupted. Availability - data is accessible only by authorized users without interference. Additionally, we incorporate server-side session checks prior to allowing access to software updates to verify the authenticity of the user. Finally, we also verify security guards that are in place combined with automated testing and version control prior to any release.

Incident Notification

Our servers are being continuously monitored for uptime with immediate escalation to the authorized system administrators for any downtime. In the event that a security incident is suspected to have resulted in a breach of personal information, notification of the affected entities will occur within 48 hours of the breach. Upon discovering a possible security breach, system administrators focus on investigating and containing the breach as well as addressing appropriate gaps to prevent the incident from reoccurring. Client will be continuously updated on the status of the investigation, containment, and follow-up actions.

Server Status and uptime notification can be seen live here: https://status.capsim.com/

Internet Technologies Used

Cookies, web beacons, and other relevant internet technologies are used on the website. They reside in your computer and browser and can be removed. If you desire to remove such technologies you may do so, but this may render the website unusable by you.

Other Websites

Capsim’s website may contain links to other websites. Some of them may collect your Personal Information and may apply their own policies on how your Personal Information is used. Please read all applicable policies of all websites you visit. Capsim is not responsible for the privacy practices of anyone else’s website(s).

International Data Transfers

Capsim products and offering connect you to the world. Personal Data may be stored and processed in any country where we do business, or our service providers do business. We may transfer your Personal Data to countries other than your own country, including to the United States. These countries may have data protection rules that are different from your country. When transferring data accross borders, we take measure to comply with applicable data protections law related to such transfer. Official (such as law enforcement or security authorities in those countries may be entitled to access your Personal Data.

We comply with laws on the transfer of personal data between countries to help ensure your data is protected, wherever it may be.

Capsim’s international transfer of personal data collected in the European Economic Area, the United Kingdom, and Switzerland is governed by Standard Contractual Clauses.

Updates to this Privacy Policy and Notification

We may change this Privacy Policy from time to time to reflect new services, changes in our Personal Data practices, or relevant laws. The “Last Revised” legend at the bottom of this Privacy Policy indicates when this Privacy Policy was last updated. Any changes are effective when we post the revised Privacy Policy on the website.

We may provide you with disclosures and alerts regarding the Privacy Policy or Personal Data collected by posting them on our website.

If applicable law requires that we obtain your consent or provide notice in a specified manner prior to making any changes to this Privacy Policy applicable to you, we will provide such required notice and will obtain your required consent.

Your Responsibilities

Keeping your data secure also depends on you ensuring that your account’s security is maintained by using sufficiently complicated passwords and storing them safely with the addition of antivirus software and firewalls. You should ensure that you have sufficient security on your own systems, to keep any data you download or store on your own computer safe from unauthorized view.

Contact us

If you have any questions, please contact Capsim’s Data Protection Officer at Privacy@Capsim.com

Last revised: September 13th, 2021