GDPR Compliance

The European General Data Protection Regulation (GDPR) was approved on April 14, 2016, by the European Parliament and went into effect as of May 25, 2018. The GDPR is a regulation on the collection and processing of information related to an individual residing within the European Union (EU).

The GDPR’s six key principles, as detailed in Article 5 of the legislation, include:

1. Provide full transparency on what data is collected and how data will be used before requesting the individual’s consent.
2. Ensure that collected data is used only for the purposes explicitly specified at the time of collection and consent
3. Minimize the data collected and utilized solely for the purpose for which it is collected.
4. Ensure that collected data is accurate throughout the chain of processors.
5. Carefully evaluate the duration of how long data is stored, as data must only be stored for as long as necessary to serve its intended purpose and provide users the right to delete their data.
6. Prevent against unauthorized use or accidental loss of data through the deployment of appropriate security measures and adherence to mandatory breach reporting.

At Rise, we value our worldwide customer base, your individuality, and your right to privacy. As outlined in our security white paper, Rise employs a holistic approach to security. We welcome the GDPR as an opportunity to deepen our commitment to data protection.

For the GDPR, we are considered processors for the data we collect from you, the controller. As a processor, Rise commits that data put in our care by EU data subjects is:

• Collected conservatively and with willful consent
• Able to be deleted and managed by the user
• Always protected with necessary safeguards

As a cloud-based learning platform, the protection of our customers’ information and their users’ privacy is of utmost importance. We will continually invest in the security of Rise by employing an experienced security team and utilizing the most robust tools available for monitoring and mitigating threats. In addition, the Rise security team will comply with GDPR requirements around security incident notifications.

We engage carefully vetted sub-processors for specific purposes necessary to operate Articulate services. We require that each sub-processor sign and adhere to a Data Processing Agreement (DPA), reflecting our commitment and that of our vendors to take the individual’s right to data privacy seriously.

View a complete list of vendors we utilize as sub-processors.

We’ve invested in the following areas to comply with GDPR:

• Continuous improvements to our security infrastructure
• Data breach notification procedures
• Annual penetration testing
• Maintenance of Privacy Shield self-certification
• Data portability and data management

To comply with EU data protection laws around international data transfer mechanisms, we self-certify under the EU-U.S. Privacy Shield.

Providing you with control over Rise’s collection, retention, and usage of your data is a key component of the GDPR. The following methods describe the controls available to data subjects:

• Opt-Out by Default
  • Visitors to rise.com are opted out of marketing communications by default.
• Opt-Out via Self-Serve
  • To manage your communication preferences, please visit our email subscription preferences page.
• Browser Cookie Control
  • Rise automatically collects usage data through the use of cookies, small text files a website uses to recognize repeat users, facilitate the user’s ongoing access to the site, and facilitate the use of the site. View a complete list of cookies and how Rise uses them.
  • To prevent the use of cookies for remarketing purposes, you may opt out by visiting Google’s Ads Preferences Manager. Also, you can opt out of other third-party use of cookies by visiting the Network Advertising Initiative opt-out page.
• Information Deletion and Extraction
  • Contact privacy@rise.com to request deletion or a copy of the data we collected about you.

Please contact us at privacy@rise.com if you have any questions about our GDPR compliance.

Privacy Policy

Data Processing Agreement

Complete Text of the GDPR

List of Sub-Processors