Skip To main content

Webinar |

Banking on Digital Accessibility, featuring Discover, KeyBank, and Voya |

Register now

Privacy Statement

Version effective date: May 1, 2024

Introduction

Level Access (“Level” or “us,” “we,” “our”) takes privacy seriously. Our Privacy Program is designed to ensure we meet or exceed our obligations when it comes to protecting personal information, also known as personal data, or personally identifiable information (PII). This privacy policy (Policy) is designed to explain our Privacy Program and how it applies to you and your PII.

Level processes personal information for a variety of business purposes. This Policy will explain the categories of personal information collected, how it is processed, how it is protected, how long PII is kept, who it is shared with, and your rights with regards to your information. The Policy also lists additional information such as how to contact us.

We review our privacy practices and policies annually as well as when any changes occur that may affect its application. When major or user-impacting updates are made to this statement, we will notify affected and interested parties by email. Minor updates will be issued directly to this document online. Please be sure to review this Policy regularly for updates and to stay informed regarding our privacy practices.

Information we collect

General

The following table summarizes the purpose, categories, and lawful bases for processing of personal information at Level:

Purpose, categories, and lawful bases for processing of personal information
Processing Purpose and Lawful Basis Categories
Use of our software services and general business activity for the performance of our contracts with our customers Business email addresses, names, business addresses
Marketing and sales activities between Level employees and business contacts to follow up on opportunities to work together Business email addresses, names, business addresses
Conducting research with willing participants of the community to test accessibility and usability of products and services Email addresses, names, technology preferences and other disability-related information, demographic information, voice data
To both deliver and monitor the performance and security of our software services and websites IP addresses, user agents, web browsing activity
For employment and recruitment Email addresses, names, home addresses, information for taxation and payroll purposes, employment history, other background check information including criminal history and national identification number history

Cookies

We use cookies and similar technologies such as tracking pixels to enable software functionality and to compile data about the usage of and interaction with our software services. For example, cookies are used to identify your device and create a secure session. The use of cookies in our software services is necessary to provide functionality and troubleshoot security and performance issues.

Level also uses cookies and similar technologies like tracking pixels to enhance our marketing and sales activities. We gather information from recipients of our emails, visitors to our websites, form fills on our websites, and those who click on our ads to tailor and target our advertising.

 

By using our software services and websites, you agree that we can place these types of cookies on your device. You can typically remove or reject cookies via your browser settings by following the instructions provided by your browser; however, be aware this may affect functionality.

How we use the information we collect

This section provides details about our business purposes for processing personal information. If you would like additional information about any of these purposes, please contact us.

Use of our software services and general business activity

Software services

Level provides a variety of software services, some of which require the creation of a user account which, by necessity, includes collection of basic contact information such as name and email address.

Our software services also record browsing activity within the services themselves. For example, a login event, the viewing of a report, taking a test, etc. This information is used to troubleshoot issues, provide security and administration with an audit log of activity, and tailor your experience with the service.

General business activity

Level operates like most modern businesses with email, file storage, other technologies, and sometimes paper (though we try to keep paper to a minimum). Through these processes we inevitably capture some basic contact and business information.

Marketing and sales activities

Level believes that making every digital experience accessible is important for everyone, and our marketing and sales teams play a key role in our ability to do this.

We collect contact information from form completions on our websites, in-person events (for example, at conferences), virtual events, lead generation programs such as content syndication or appointment setting, our business partners, and public sources of information such as social networking websites. If we feel we have an opportunity to help your business, we may use your business information to provide you with information such as webinars, free tools, whitepapers and reports, industry news and community events, or to contact you about working together.

To opt-out of marketing emails, one may simply click on the “unsubscribe” link at the bottom of any email. Alternatively, you may get in touch to unsubscribe or ask additional questions.

Please note that Level only works with business partners who, to our best information demonstrate a strong commitment to privacy. If we have gained your contact information from a business partner, you should have been informed by them about the collection and use of your information.

Joint marketing campaigns

We occasionally partner with other businesses to deliver joint marketing campaigns such as webinars where we both contribute to the content delivered. In these cases, either we or our partner will collect your information, and it will be shared with the other party. This sharing is strictly limited between the two parties and only done once for each joint campaign.

Conducting research

One of the types of services we provide to our clients is usability testing studies. As accessibility and usability experts, our clients request that we run these studies to inform them about potential issues with their products. To run these studies, we must to collect information from individuals both before participating in the studies, and during the study sessions.

Contact and eligibility information

Contact and Eligibility Information is collected from willing members of the community for participation in usability testing studies.

Contact and eligibility Information is never shared with clients or partners. It is only used for recruiting purposes.

You may consent for us to retain this information for participation in future studies. If you choose not to consent, we will delete the information at the end of your current study.

Study-specific information

Study-specific information is collected when we conduct a study, and it is used to inform the client about accessibility and usability issues in their products.

We gather this information from participants in two ways: through a survey, and by taking a video recording of the study session.

In the survey, we may request information from you such as your age, health insurance information, or banking preferences. Exactly what we collect depends on the study being conducted, that you have requested. This information is only collected for that particular study. Once the study has completed, your information is de-identified so it cannot be linked back to you.

With your initial consent to the study, we also take a video recording of the study session itself in order to capture the experience of using the products with assistive technology. These recordings include voice, other audio, and other actions taken on the screen and by technology peripherals as you complete the research tasks.

De-identified survey information and the session recordings are shared with the client and are retained for a maximum of three (3) years. Due to the sensitive nature of this information, we require additional contractual clauses from clients it is shared with and additional security controls to ensure it is handled appropriately and protected from unauthorized disclosure.

Delivery and monitoring of software services and websites

Technical usage data

If you visit or interact with Level’s sites or software services, technical information about your interaction (“technical usage data”) may be collected, in server logs for example, to protect and improve those services. We retain technical usage data for up to 365 days.

Browser extensions

We publish several browser extension tools to help us, our clients, and the community find and fix accessibility issues. The extensions have limited access to pages you visit and only collect information when you specifically tell it to collect that information. This access is limited to website content and resources and a summary of web browsing activity. Data collected is never sent back to our servers unless you actively direct the tool to do so. There is no passive data collection.

We only collect and store what is necessary for the extensions to perform their stated functions, and any data collected is transferred back to our servers using TLS 1.2. It is encrypted at rest using AES-256 on our software platform which resides in AWS in the U.S. regions.

Our browser extensions are not designed to collect any PII, with the exception of technical usage data as defined above. However, as they are tools under your control, it is possible to use them to collect any information on a web page. If you believe you have inadvertently captured personal information that you wish to remove, please reach out to us and we will work with you to reconcile.

Employment and recruitment

Before coming to work for Level, personal information is collected from you during the recruiting process, to determine eligibility, and to enable us to fulfill the employment contract with you.

Information about recruitment is retained for a minimum of one (1) year, or up to seven (7_ years if there’s a potential for employment opportunities in the future. Information to fulfill an employment contract will be retained up to seven (7) years after you leave our service.

Level stores this information in our business support systems, which include third-party systems based in the U.S.

Security, retention, and sharing

It is Level’s aim to protect the rights of individuals when it comes to privacy, including knowing what happens with your information. Moreover, we take measures to ensure any information of yours we process is protected at all times, including when shared.

Security and retention

We do our best to protect all information entrusted to us. We take extra care to protect personal information and even more care to protect any sensitive personal information shared with us.

The types of protections we utilize include security and privacy awareness training for staff, strong access controls following principles such as least privilege and the need to know, vulnerability management, anti-malware and other preventative and detective controls, use of encryption, supplier risk management processes<; secure disposal, and others. Contact us for more information about our security practices.

To further reduce risk, we minimize retention periods for all personal information to only the length needed to achieve the processing purpose. The retention periods vary according to the purpose and legal basis for processing and may be informed by other requirements when required by law.

Sharing

Level does not sell your personal information to other parties; however, there are cases where we share it under clearly defined circumstances.

Level engages in occasional marketing and research activities where we share your personal information. We will always inform you of this in advance, allowing you to choose whether to participate in the activity. For more details, see the Marketing and sales activities and Conducting research sections above.

Level uses some third-party suppliers to provide our services and operate our business. These third parties reside in the U.S. and may process or store your personal information on our behalf. We ensure strong contractual clauses are in place to ensure your rights and information are protected whenever sub-processing takes place.

Level may be required to share your data with regulators, law enforcement, government agencies, or the courts in order to comply with applicable laws. Where allowed, we will notify you of this type of disclosure should it become necessary.

Level may share your data or certain parts of your data with a potential acquirer or investor of our company.

When you provide your personal information to Level, it may be shared with our affiliates and subsidiaries within the Level Access Group. This sharing enables us to enhance service offerings and provide you with customized solutions and promotions across our combined enterprise. We ensure that all shared information is handled in accordance with industry standards of security, privacy and confidentiality.

In all cases where data is shared, we ensure that third parties provide a minimum level of security and provide contractual guarantees for the preservation of data rights and the protection of personal information.

International transfer of information

Level Access operates globally and occasionally shares personal data across borders with its subsidiaries and other entities within the Level Access Group. This international data sharing is essential for our integrated business operations and service enhancement. All data transfers are conducted in compliance with applicable data protection laws to ensure the highest levels of security and privacy. Level Access and its subsidiaries, along with any third-party service providers involved in our operations, are bound by strict agreements to uphold the above.

Children

None of Level’s business activities, websites or software services are directed at children. We do not willingly or knowingly collect or process information from children younger than the age of 16. If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us and we will take steps to delete their information from our systems.

Your rights

As available, and except as limited under applicable law, individuals may request to exercise the rights described below:

  1. You may request to be removed from direct marketing.
  2. You may request access to your data held by us.
  3. You may request to update, rectify, or change your information to ensure it is complete.
  4. You may request that Level restricts the processing of your data.
  5. You may request that your data be erased or deleted.
  6. You may object to Level processing your data based on our legitimate interests.
  7. You may request that Level port or transfer your data to another service.
  8. You may withdraw your consent for collection, processing, and sharing of your personal data at any time.

Level does not use your data to perform automated decision-making, including profiling.

To exercise or inquire about your data rights, see the contact us section.

Regional and regulatory information

California residents

Subject to certain restrictions, California residents have the right to request that we disclose what personal information we collect about you, to delete any personal information that we collected from or maintain about you, and to opt-out of the sale of personal information about you. As above, we do not knowingly collect information about children younger than the age of 16.

This section describes those rights more clearly and our process for handling those requests.

California residents have the right to request that we disclose which categories of personal information that we collect, use, or sell about you. The above processing purposes outline the categories of information collected and how it is used. We do not sell your information to other parties.

You may also request that we delete any personal information that we have collected from or about you. However, there are some cases where we may need to retain personal information. For example, when authorized under applicable law, when required as necessary to provide our services, to protect our business and systems from fraudulent activity, to debug and identify errors that impair existing functionality, to comply with law enforcement requests pursuant to lawful process, for scientific or historical research or to comply with other legal obligations.

California residents have the right to opt out of the “sale” of their personal information; however, Level does not “sell” your personal information, as defined under the California Consumer Protection Act (CCPA).

California residents have the right to not be discriminated against, including by charging different prices, for exercising their rights as described in this section, and Level will not discriminate against you for exercising your CCPA rights.

Canadian residents

For our Canadian residents, as with others, you may lodge a complaint with us at any time and we will investigate, respond, and take corrective actions as necessary. To file a complaint, please use one of the contact mechanisms described below. However, if you feel we haven’t responded adequately to your request, please lodge a complaint with the Privacy Commissioner of Canada.

EU and UK residents

Respecting the data rights of European and UK residents is very important to us. Not only have we structured our Privacy Program to ensure we meet the data protection requirements of the GDPR and ICO, we use the GDPR and ICO principles to enhance and extend data protection best practices for others as well.

The sections above list information about our processing purposes, categories of personal data collected, the lawful basis for processing, who personal data is shared with, how it is protected, and how long it is kept. We’d also like to stress that where consent is the lawful basis for processing, we will ensure we gain your affirmative consent (and you always have the right to withdraw it) before processing that information, and that above all we will ensure we honor your privacy rights. Individual privacy rights under the GDPR include the following:

  1. The right to be informed.
  2. The right to rectification.
  3. The right of access.
  4. The right to be forgotten (erasure).
  5. The right to restrict the processing of your data.
  6. The right to data portability.
  7. The right to object.
  8. Rights regarding automated profiling and decision making.

You may lodge a complaint with us at any time and we will investigate, respond, and take corrective actions as necessary. To file a complaint with us, please use one of the contact mechanisms described below. If you are unsatisfied with our response, you may also lodge a complaint about Level’s processing activities to a Supervisory Authority.

Argentinian residents

For our Argentinian residents, as with others, you may lodge a complaint with us at any time and we will investigate, respond, and take corrective actions as necessary. To file a complaint, please use one of the contact mechanisms described below. However, if you feel we haven’t responded adequately to your request, please lodge a complaint with the National Directorate of Protection of Personal Data.

Contact Us

To exercise your rights regarding your information, lodge a complaint, or if you have questions regarding this Privacy Statement or our privacy practices, please email us at privacy@levelaccess.com, call us at +1-800-889-9659, or write to us at:

Level Access
Washington, D.C. Office
1310 N Courthouse Road, Suite 860
Arlington, VA 22201, USA

We thank you for your interest in our privacy program. Your feedback helps us realize our commitment to provide and improve a transparent and robust privacy program for all people with whom we interact.