Privacy Statement

Version effective date: March 18, 2020

Introduction

Level Access (Level) takes privacy seriously. Our Privacy Program is designed to ensure we meet or exceed our obligations when it comes to protecting personal information, also known as personal data, or personally identifiable information (PII). This privacy policy (Policy) is designed to explain our Privacy Program and how it applies to you and your PII.

Level processes personal information for a variety of business purposes. This Policy will explain the categories of personal information collected, how it is processed, how it is protected, how long PII is kept, who it is shared with, and your rights with regards to your information. The Policy also lists additional information such as how to contact us.

We review our privacy practices and policies annually and when any changes occur which may affect its application. When major or user-impacting updates are made to this statement we will notify affected and interested parties by email. Minor updates will be issued directly to this document online. Please be sure to review this Policy regularly for updates and to stay informed regarding our privacy practices.

Information We Collect

General

The following table summarizes the purpose, categories, and lawful bases for processing of personal information at Level:

Processing Purpose and Lawful Basis Categories
Use of Our Software Services and General Business Activity for the performance of our contracts with our customers Business email addresses, names, business addresses
Marketing and Sales Activities between us and business contacts to follow up on opportunities to work together Business email addresses, names, business addresses
Conducting Research with willing participants of the community to test accessibility and usability of products and services Email addresses, names, technology preferences and other disability-related information, demographic information, voice data
To both Deliver and Monitor the Performance and Security of our Software Services and Websites IP addresses, user agents, web browsing activity
For Employment and Recruitment Email addresses, names, home addresses, information for taxation and payroll purposes, employment history

Cookies

We use cookies and similar technologies such as tracking pixels to enable software functionality and compile data about the usage of and interaction with our Software Services. For example, cookies are used to identify your device and create a secure session. The use of cookies in our software services are necessary to provide functionality and troubleshoot security and performance issues.

Level also uses cookies and similar technologies like tracking pixels to enhance our Marketing and Sales activities. We gather information from recipients of our emails, visitors to our websites, form fills on our websites, and those who click on our ads in order to tailor and target our advertising. We limit the amount of personal information gathered this way as much as possible to protect your privacy. For more information about our use of cookies and other technologies, please see the Cookies section on our website.

By using our software and services you agree that we can place these types of cookies on your device. You can typically remove or reject cookies via your browser settings by following the instructions provided by your browser, however, be aware this may affect functionality.

How We Use the Information We Collect

This section goes into detail about our business purposes for processing personal information. If you would like additional information about any of these purposes, please Contact Us.

Use of Our Software Services and General Business Activity

Software Services

Level provides a variety of software services, some of which require the creation of a user account which, by necessity, includes collection of basic contact information such as name and email address.

Our software services also record browsing activity within the services themselves. For example, a login event, the viewing of a report, taking a test, etc. This information is used to troubleshoot issues, provide security and administration with an audit log of activity, and tailor your experience with the service.

General Business Activity

Level operates like most modern businesses with email, file servers, other technologies, and sometimes paper (though we try to keep it to a minimum). Through these processes we inevitably capture some basic contact and business information.

Marketing and Sales Activities

Level believes our mission of bringing digital accessibility to the world is important for everyone, and our Marketing and Sales teams play a key role in achieving that mission.

We collect contact information from form fills on our websites, in person (for example, at conferences), from business partners, and from public sources of information such as social networking websites. If we feel we have an opportunity to help your business, we may use your business information to provide you with information such as webinars, free tools, whitepapers and reports, industry news and community events, or to contact you about working together.

To opt-out of marketing emails, simply click on the “unsubscribe” link at the bottom of any email. Alternatively, you may get in touch to unsubscribe, or if you have more questions.

Please note that Level only works with business partners who demonstrate a strong commitment to privacy. If we have gained your contact information from a business partner, you should have been informed by them about the collection and use of your information.

Joint Webinars

We occasionally partner with other businesses to deliver joint webinars where we both contribute to the content delivered. In these cases, either we or our partner will collect your information and it will be shared with the other party. This sharing is strictly limited between the two parties and only done once for each joint webinar.

Conducting Research

One of the types of service we provide to our clients are usability testing studies. Our clients have us as accessibility and usability experts run these studies in order to inform them about potential issues with their products. In order to run these studies, we need to collect information from individuals both before participating in the studies and during the study sessions.

Contact and Eligibility Information

Contact and Eligibility Information is collected from willing members of the community for participation in usability testing studies.

Contact and Eligibility Information is never shared with clients. It is only used for recruiting purposes.

You may consent for us to retain this information for participation in future studies. If you choose not to consent, we delete the information at the end of your current study.

Study-Specific Information

Study-Specific Information is collected when we run a study and is used to inform the client about accessibility and usability issues in their products.

We gather this information from participants in two ways; through a survey and by taking a video recording of the study session.

In the survey we may request information from you such as your age, health insurance information, or banking preferences. Exactly what we collect depends on the study being run. This information is only collected for that particular study. Once the study has completed, your information is de-identified so it cannot be linked back to you.

We also take a video recording of the study session itself in order to capture the experience of using the products with assistive technology. These recordings include voice, other audio, and other actions taken on the screen and by technology peripherals as you complete the research tasks.

De-identified survey information and the session recordings are shared with the client and is retained for a maximum of three (3) years. Due to the sensitive nature of this information, we require additional contractual clauses from any party it is shared with and additional security controls to ensure it is handled appropriately and protected from unauthorized disclosure.

Delivery and Monitoring of Software Services and Websites

Technical Usage Data

If you visit or interact with Level’s Sites or Software Services, technical information about your interaction (“technical usage data”) may be collected, in server logs for example, to protect and improve those services. We retain technical usage data for up to 180 days.

Browser Extensions

We publish several browser extension tools to help us, our clients, and the community find and fix accessibility issues. The extensions have limited access to pages you visit and only collect information when you specifically tell it to collect it. This access is limited to website content and resources and a summary of web browsing activity. Data collected is never sent back to our servers unless you actively direct the tool to do so. There is no passive data collection.

We only collect and store what is necessary for the extensions to perform their stated functions and any data collected is transferred back to our servers using TLS 1.2. It is encrypted at rest using AES-256 on our software platform which resides in AWS in the US-East region.

Our browser extensions are not designed to collect any PII with the exception of technical usage data as defined above. However, as they are tools under your control, it is possible to use them to collect any information on a web page. If you believe you have inadvertently captured personal information, please reach out to us and we will work with you to sort it out.

For more information about our extensions, please see the individual extension pages in the respective browser extension repositories.

Employment and Recruitment

Before coming to work for Level, some personal information is collected from you during the recruiting process, and if you are successful, so that we can fulfil the employment contract with you.

Information about recruitment is retained for a minimum of one (1) year, or longer if there’s a potential for employment opportunities in future. Information to fulfil an employment contract will be retained up to seven (7) years after you leave our service.

Level stores this information in our business support systems, which includes some third-party systems based in the US.

Security, Retention and Sharing

It is Level’s aim to protect the rights of individuals when it comes to privacy and knowing what happens with your information. Moreover, we take measures to ensure any information of yours we process is protected at all times, including when shared.

Security and Retention

We do our best to protect all information entrusted to us. We take extra care to protect personal information and even more care to protect any sensitive personal information shared with us.

The types of protection we utilize range from; security and privacy awareness training for staff; strong access controls following principles such as least privilege and the need to know; vulnerability management; anti-malware and other preventative and detective controls; use of encryption; supplier risk management processes; secure disposal and others. See our Security Statement or Contact Us for more information about our security practices.

To further reduce risk, we minimize retention periods for all personal information to only the length needed achieve the processing purpose. The retention periods vary according to the purpose and legal basis for processing and may be informed by other requirements when required by law.

Sharing

Level does not sell your personal information to other parties, however, there are cases where we share it under clearly defined circumstances.

Level engages in occasional marketing and research activities where we share your personal information. We will always inform you of this ahead of time allowing you to choose whether or not to participate in the activity. For more details, see the Marketing and Sales Activities and Conducting Research sections above.

Level uses some third-party suppliers to provide our services and operate our business. These third parties reside in the US and may process or store your personal information on our behalf. We ensure strong contractual clauses are in place to ensure your rights and information are protected whenever sub-processing takes place.

Level may be required to share your data with regulators, law enforcement, government agencies, or the courts in order to comply with applicable laws. Where allowed, we will notify you of this type of disclosure should it become necessary.

Level may share your data or certain parts of your data with a potential acquirer or investor of our company.

In all cases where data is shared, we ensure that third parties provide a minimum level of security and provide contractual guarantees for the preservation of data rights and the protection of personal information.

Children

None of Level’s business activities, websites or software services are directed at children. We do not willingly or knowingly collect or process information from children under the age of 16. If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us and we will take steps to delete their information from our systems.

Your Rights

As available, and except as limited under applicable law, individuals may request to exercise the rights described below:

    1. You may request to be removed from direct marketing.
    1. You may request access to your data held by us.
    1. You may request to update, rectify, or change your information to ensure it is complete.
    1. You may request that Level restricts the processing of your data.
    1. You may request that your data be erased or deleted.
    1. You may object to Level processing your data based on our legitimate interests.
    1. You may request that Level port or transfer your data to another service.
    1. You may withdraw your consent for collection, processing, and sharing of your personal data at any time.

Level does not use your data to perform automated decision-making, including profiling.

To exercise or inquire about your data rights, see the Contact Us section.

Regional and Regulatory Information

California Residents

Subject to certain restrictions, California residents have the right to request that we disclose what personal information we collect about you, to delete any personal information that we collected from or maintain about you, and to opt-out of the sale of personal information about you. As above, we do not knowingly collect information about children under the age of 16.

This section describes those rights more clearly and our process for handling those requests.

California residents have the right to request that we disclose which categories of personal information that we collect, use, or sell about you. The above processing purposes outline the categories of information collected and how it is used. We do not sell your information to other parties.

You may also request that we delete any personal information that we have collected from or about you. However, there are some cases where we may need to retain personal information. For example, when authorized under applicable law, when required as necessary to provide our services, to protect our business and systems from fraudulent activity, to debug and identify errors that impair existing functionality, to comply with law enforcement requests pursuant to lawful process, for scientific or historical research or to comply with other legal obligations.

California residents have the right to opt out of the “sale” of their personal information, however, Level does not “sell” your personal information, as defined under the California Consumer Protection Act (CCPA).

California residents have the right to not be discriminated against, including by charging different prices, for exercising their rights as described in this section and Level will not discriminate against you for exercising your CCPA rights.

Canadian Residents

For our Canadian residents, as with others, you may lodge a complaint with us at any time and we will investigate, respond, and take corrective actions as necessary. To file a complaint, please use one of the contact mechanisms described below. However, if you feel we haven’t responded adequately to your request, please lodge a complaint with the Privacy Commissioner of Canada.

EU and UK Residents

Respecting the data rights of European and UK residents is very important to us. Not only have we structured our Privacy Program to ensure we meet the data protection requirements of the GDPR and ICO, we use the GDPR and ICO principles to enhance and extend data protection best practices for others as well.

The sections above list information about our processing purposes, categories of personal data collected, the lawful basis for processing, who personal data is shared with, how it is protected, and how long it is kept. We’d also like to stress that where consent is the lawful basis for processing, we will ensure we gain your affirmative consent (and you always have the right to withdraw it) before processing that information, and that above all we will ensure we honor your privacy rights.

You may lodge a complaint with us at any time and we will investigate, respond, and take corrective actions as necessary. To file a complaint with us, please use one of the contact mechanisms described below. If you are unsatisfied with our response, you may also lodge a complaint about Level’s processing activities to a Supervisory Authority.

Contact Us

To exercise your rights regarding your information, lodge a complaint, or if you have questions regarding this Privacy Statement or our privacy practices, please email us at privacy@levelaccess.com, call us at +1-800-889-9659, or write to us at:

Level Access
1600 Spring Hill Road
Suite 400
Vienna, VA, 22182, USA

We thank you for your interest in our privacy program. Your feedback helps us realize our commitment to provide and improve a transparent and robust privacy program for all people with whom we interact.