Last Updated: September 6, 2022
1. SCOPE
This Privacy Policy applies to personal information collected, stored, used, disclosed and processed by Arist Holdings, Inc., together with our affiliate companies (collectively “Arist,” “we,” “us,” and “our”) in the course of our business, including our website located at http://arist.co (the “Site”) and our platform accessible via our Site that allows organizations or individuals (“Authors”) to create online courses (“Courses”), which will be completed through text messages or such other messaging features offered by the Services, with individuals and/or organizations that wish to enroll in such Courses (“Learners”), as well as our related offerings. To make this Privacy Policy easier to read, the Site and our platform, services and related offerings are collectively called the “Services.”
Your privacy is important to us, and we are strongly committed to making our practices regarding your personal information transparent and fair. Please read this Privacy Policy carefully and make sure that you fully understand and agree to it. If you do not wish to provide us with such personal information, or to have it processed by us or any of our affiliates or service providers, please do not access or use the Services. You may also choose not to provide us with certain “optional” personal information, but please keep in mind that without it, we may not be able to provide you with the full range of our Services or with the best user experience when using our Services.
Capitalized terms not defined in this Privacy Policy have the meaning set forth in our Terms of Service Agreement at https://arist.co/legal/terms-of-service or any successor URL (“Agreement”). Please review the Agreement, as it also governs your access and use of the Services.
2. PERSONAL INFORMATION WE COLLECT
The categories of personal information we collect depend on how you interact with our Services.
a. Information You Provide to Us
Learner Account. When you register to be a Learner, as part of the Account setup process, we collect personal information from you including without limitation your name, email address and phone number. We also collect information about your interests.
Author Account. When you register to be an Author, as part of the Account setup process, we collect personal information such as name, email address, phone number, a description of skill set with respect to Course subject areas, Payment Account information, and any other necessary Account information.
Your Communications with Us. When you request information about our Services, sign up for marketing from us, register for our newsletter, or otherwise communicate with us, we collect personal information such as your email address, phone number or mailing address.
Surveys. We may contact you to participate in surveys. If you decide to participate, you may be asked to provide certain information, which may include personal information.
Interactive Features. We may offer interactive features such as the Course Library, messaging and chat features, collaboration and commenting functionalities, blogs and social media pages. We and others who use our Services may collect the information you submit or make available through these interactive features. Any content you provide on the public sections of these features will be considered “public” and is not subject to the privacy protections referenced herein.
Conferences, Trade Shows, and Other Events. We may attend conferences, trade shows, and other events where we collect personal information from individuals who interact with or express an interest in Arist and/or the Services. If you provide us with any information at one of these events, we will use it for the purposes for which it was collected.
Business Development and Strategic Partnerships. We may collect personal information from individuals and third parties to assess and pursue potential business opportunities.
Job Applications. We may post job openings and opportunities on the Services. If you reply to one of these postings by submitting your application, CV and/or cover letter to us, we will collect and process the information contained therein to assess your suitability, aptitude, skills, and qualifications for employment with Arist.
b. Information Collected Automatically
Automatic Data Collection. We may collect certain information automatically when you use the Services. This information may include your Internet protocol (IP) address, user settings, MAC address, cookie identifiers, mobile advertising and other unique identifiers, details about your browser, operating system or device, location information (including inferred location based on your IP address), Internet service provider, mobile carrier, the Courses you enroll in and details about your interactions with such Courses, pages that you visit before, during and after using the Services, information about the links you click, information about how you interact with the Services, including the frequency and duration of your activities, and other information about how you use the Services.
Cookies, Pixel Tags/Web Beacons, and Analytics Information. We, as well as third parties that provide content, advertising, or other functionality on the Services, may use cookies, pixel tags, local storage, and other technologies (“Technologies”) to automatically collect information through the Services. Technologies are essentially small data files placed on your device that allow us and our partners to record certain pieces of information whenever you visit or interact with our Services.
- Cookies. Cookies are small text files placed in device browsers to store their preferences. Most browsers allow you to block and delete cookies. However, if you do that, the Services may not work properly.
- Pixel Tags/Web Beacons. A pixel tag (also known as a web beacon) is a piece of code embedded in the Services that collects information about engagement on the Services. The use of a pixel tag allows us to record, for example, that a user has visited a particular web page or clicked on a particular advertisement. We may also include web beacons in e-mails to understand whether messages have been opened, acted on, or forwarded.
Our uses of these Technologies fall into the following general categories:
- Operationally Necessary. This includes Technologies that allow you access to our Services, applications, and tools that are required to identify irregular behavior, prevent fraudulent activity and improve security or that allow you to make use of our functionality;
- Performance Related. We may use Technologies to assess the performance of our Services, including as part of our analytic practices to help us understand how our users and visitors access or use the Services;
- Functionality Related. We may use Technologies that allow us to offer you enhanced functionality when accessing or using our Services. This may include identifying you when you sign into our Services or keeping track of your specified preferences, interests, or past items viewed;
- Advertising or Targeting Related. We may use first party or third-party Technologies, including cross-device tracking, to deliver content, including ads relevant to your interests, on our Services or on third-party sites.
Analytics. We may use Google Analytics and other service providers to collect and process analytics information on our Services. You can opt out of Google Analytics’ processing of your information on our Site by following the instructions here. We also may use Oribi and other service providers for session replay analytics.
c. Information from Other Sources
We may obtain information about you from other sources, including from third party services and organizations. For example, if you are a Learner and access our Services through your third-party social networking service (“SNS”) Account, we may collect information about you from that SNS Account that is made available via your privacy settings. In addition, we may choose to conduct background checks on Authors (through the use of third-party vendors), to the fullest extent permitted by law.
3. HOW WE USE YOUR INFORMATION
We use your personal information for a variety of business purposes, including:
a. To Provide the Services or Information Requested, such as:
- Fulfilling our contract with you;
- Recommending Courses to you based on your interests;
- To send you text messages;
- Responding to questions, comments, and other requests;
- Allowing you to register for events;
- Providing access to certain areas, functionalities, and features of our Services; and
- Answering requests for customer or technical support.
b. Administrative Purposes, such as:
- Pursuing legitimate interests, such as direct marketing, research and development (including marketing research), network and information security, and fraud prevention (only applies to your email we will never use your phone number for marketing purposes);
- Measuring interest and engagement in our Services;
- Improving or troubleshooting the Services;
- Developing new products and services;
- Ensuring internal quality control and safety;
- Authenticating and verifying individual identities;
- Carrying out audits;
- Communicating with you about your account, activities on our Services and Privacy Policy changes;
- Preventing and prosecuting potentially prohibited or illegal activities;
- Enforcing our agreements; and
- Complying with our legal obligations.
c. Marketing Our Products and Services. We may use personal information (excluding your phone number) to tailor and provide you with content and advertisements. We may provide you with these materials as permitted by applicable law. If you have any questions about our marketing practices or if you would like to opt out of the use of your personal information for marketing purposes, you may contact us at any time at privacy@arist.co.
d. Consent. We may use personal information for other purposes that are clearly disclosed to you at the time you provide personal information or with your consent.
e. Use De-identified and Aggregated Information. We may use personal information and other data about you to create de-identified and/or aggregated information, such as de-identified demographic information, de-identified location information, information about the device from which you access our Services, or other analyses we create. De-identified and/or aggregated information is not personal information, and we may use and disclose such information in a number of ways, including research, internal analysis, analytics, and any other legally permissible purposes.
f. Share Content with Friends or Colleagues. Our Services may offer various tools and functionalities. For example, we may allow you to provide information about your friends through our referral services. Our referral services may allow you to forward or share certain content with a friend or colleague, such as an email inviting your friend to use our Services.
4. DISCLOSING YOUR INFORMATION TO THIRD PARTIES
We may share your personal information with the following categories of third parties:
a. Authors. If you are a Learner and enroll in a Course, you are instructing Arist to share your personal information with the Author whose Course you have enrolled in. In addition, you may choose to provide additional personal information directly to Authors. Once your personal information has been shared with the Author, it will also be subject to the Author’s privacy policy and the Author may use your personal information for the Author’s own purposes. Please note that we do not control and we are not responsible for the Author’s processing of your personal information. You provide personal information to Authors at your own risk.
b. Third-Party Messaging Platforms. If you interact with a Course or Author via a third-party SNS platform (e.g., Meta/Facebook Messenger or WhatsApp), the third-party messaging platform can collect and use any information you provide via that channel in accordance with its terms of service and privacy policy. We do not control third-party messaging platforms and we are not responsible for their privacy or security practices. You provide information to third-party messaging platforms at your own risk.
c. Service Providers. We may share any personal information that we collect about you with our third-party service providers. The categories of service providers to whom we entrust personal information include service providers for: (i) the provision of the Services; (ii) the provision of information, products, and other services you have requested; (iii) marketing and advertising (no phone number data will be shared); (iv) payment and transaction processing; (v) customer service activities; and (vi) the provision of IT and related services.
d. Business Partners. We may provide personal information to business partners to provide you with a product or service you have requested. We may also provide personal information to business partners with whom we jointly offer products or services.
e. Affiliates. We may share personal information with Arist’s affiliated entities.
f. APIs and Software Development Kits. We may use third party APIs and software development kits (“SDKs”) as part of the functionality of our Services. For more information about our use of APIs and SDKs, please contact us as set forth below.
g. Disclosures to Protect Us or Others. We may access, preserve, and disclose to external parties any information we store in association with you if we, in good faith, believe that doing so is required or appropriate to: (i) comply with law enforcement or national security requests and legal process, such as a court order or subpoena; (ii) protect your, our, or others’ rights, property or safety; (iii) enforce our policies or contracts; (iv) collect amounts owed to us; or (v) assist with an investigation and prosecution of suspected or actual illegal activity.
h. Disclosure in the Event of Merger, Sale, or Other Asset Transfer. If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, purchase or sale of assets, or transition of service to another provider, then your information may be sold or transferred as part of such a transaction, as permitted by law and/or contract.
5. YOUR CHOICES
You may be able to opt out of certain uses of your personal information.
a. Email Communications. If you receive an unwanted email from us, you may use the unsubscribe link found at the bottom of the email to opt out of receiving future emails. Note that you will continue to receive transaction-related emails regarding products or Services you have requested. We may also send you certain non-promotional communications regarding us and our Services, and you will not be able to opt out of those communications (e.g., communications regarding the Services or updates to our Terms of Service or this Privacy Policy).
b. Text Messages. You may opt out of receiving text messages by replying "STOP" to a text message you have received from us or by otherwise contacting us.
c. “Do Not Track”. Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.
d. Cookies and Interest-Based Advertising. You may stop or restrict the placement of Technologies on your device or remove them by adjusting your preferences as your browser or device permits. Please note that cookie-based opt-outs are not effective on mobile applications. However, you may opt-out of personalized advertisements on some mobile applications by following the instructions for Android and iOS.
e. Targeted Advertising. The online advertising industry also provides websites from which you may opt out of receiving targeted ads from data partners and other advertising partners that participate in self-regulatory programs. You can access these websites and learn more about targeted advertising and consumer choice and privacy at www.networkadvertising.org/managing/opt_out.asp, http://www.youronlinechoices.eu/, https://youradchoices.ca/choices/, and www.aboutads.info/choices/. Please note you must separately opt out in each browser and on each device.
6. DATA RETENTION
We (and our authorized service providers) store the personal information we receive as described in this Privacy Policy for as long as you use our Services or as reasonably necessary to fulfill the purpose(s) for which it was collected, provide our Services, resolve disputes (i.e. as required by laws applicable to log-keeping, records and bookkeeping, and in order to have proof and evidence concerning our relationship, should any legal issues arise following discontinuance of use), establish legal defenses, pursue legitimate business purposes, enforce our agreements and comply with applicable laws. Please note that except as required by applicable law or our specific agreements with you, we will not be obligated to retain personal information for any particular period, and we are free to securely delete it or restrict access to it for any reason and at any time, with or without notice to you. If you have any questions about our data retention policy, or if you wish to request that we stop processing or delete your Personal Data (see GDPR section below), please contact us by e-mail at privacy@arist.co.
7. SECURITY OF YOUR INFORMATION
We use industry-standard physical, procedural and technical security measures, including encryption as appropriate, to ensure that your information is treated securely and in accordance with this Privacy Policy. However, please be aware that regardless of any security measures used, we cannot and do not ensure, guarantee or warrant the absolute security of any information you provide to us or to any third parties as described herein. To the fullest extent permitted by applicable law, we do not accept liability for unauthorized disclosure.
By using the Services or providing personal information to us, you agree that we may communicate with you electronically regarding security, privacy and administrative issues relating to your access to and use of the Services. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on the Services, by mail or by sending an email to you.
8. THIRD PARTY WEBSITES/APPLICATIONS
The Services may contain links to other websites/applications, and other websites/applications may reference or link to our Services. These third-party services are not controlled by us. We encourage our users to carefully read the privacy policies and other applicable terms and policies of each third-party website and application with which they interact. Subject to the terms herein, we do not endorse, screen or approve, and we are not responsible for, the privacy practices or content of such other websites or applications. You provide personal information to third party websites or applications at your own risk.
9. CHILDREN’S INFORMATION
The Services are not directed to individuals under the age of 18, and we do not knowingly collect personal information from children. If you learn that your child has provided personal information to us without your consent, you may contact us by e-mail at privacy@arist.co or as otherwise set forth below. If we learn that we have collected a child’s personal information in violation of applicable law, we will promptly take steps to delete such information and terminate the child’s account.
10. INTERNATIONAL DATA TRANSFERS
All information processed by us may be transferred, processed, and stored anywhere in the world, including but not limited to, the United States or other countries, which may have data protection laws that are different from the laws where you live. As explained in further detail herein, we endeavor to safeguard your information consistent with the requirements of applicable laws.
11. GDPR
For the purpose of this Privacy Policy, Arist is the “controller” in respect of certain Personal Data (as defined under the EU General Data Protection Regulation (“GDPR”), such as account registration details, that we collect directly from you and other users of the Services, and that Arist uses for the purposes of our business. The “controller” of your other “Personal Data” is you; and Arist acts as the data “processor” and processes such Personal Data on behalf of you, per your data processing instructions.
Under GDPR, the main legal basis that we rely on to process Personal Data collected by the Services includes the following:
- Necessary for entering into, or performing, an agreement – to perform obligations that Arist undertakes in providing Services to you, or to take steps at your request to enter into an agreement with Arist, it will be necessary for us to process your Personal Data;
- Necessary for compliance with a legal obligation – Arist is subject to certain legal requirements which may require processing of your Personal Data. Arist may also be obligated to disclose your Personal Data to a regulatory body or law enforcement agency;
- Necessary for the purposes of legitimate interests – either Arist, or a third party, will need to process your Personal Data for the purposes of Arist’s (or a third party’s) legitimate interests, provided that Arist has established that those interests are not overridden by your rights and freedoms, including your right to have your Personal Data protected. Arist’s legitimate interests include responding to requests and enquiries from you or a third party, optimizing our Site, platforms and client experience, informing you about our products and Services and ensuring that our operations are conducted appropriately and efficiently;
- Consent – in some circumstances, Arist may ask for your consent to process your Personal Data in a specific way.
As noted herein, Arist will share your Personal Data with trusted third parties where we have retained them to provide services that you or our clients have requested, and to perform maintenance or respond to technical issues involving the Services. You may request a list of sub-processors that we currently engage by emailing us at privacy@arist.co. Where Arist discloses Personal Data to third parties, we require minimum standards of confidentiality and data protection.
To the extent that your Personal Data is transferred outside of the European Economic Area (“EEA”) or accessed from outside the EEA, we will ensure that approved safeguards are in place to comply with GDPR, such as the European Commission’s approved standard contractual clauses. In limited circumstances, transfers of Personal Data may be based on context specific derogations which permit transfers in the absence of safeguards, such as where a transfer is necessary for the establishment, exercise or defense of legal claims.
As noted above, Arist will retain your Personal Data for the time necessary to provide the Services or to achieve other purposes set forth in this Privacy Policy. To request that Arist stop processing or delete your Personal Data, please contact us by e-mail at privacy@arist.co.
You have the following rights in relation to Personal Data that Arist holds about you, which rights you may exercise by emailing us at privacy@arist.co. Arist will require evidence of your identity before being able to act upon your request.
- You have the right to request confirmation of whether we are processing your Personal Data.
- You have the right to ask for a copy of your Personal Data. With good reason, and if the GDPR permits, we can refuse your request in whole or in part. If we do refuse, we will provide our reasons for the refusal.
- In certain situations, with respect to Personal Data you have previously provided to us, and that we process by automated means, you have the right to receive an electronic copy in a structured, commonly used and machine-readable format. You may request that we transmit this information to you or to another company (the “right of data portability”).
- In certain situations, you have the right to object to or restrict our uses of your Personal Data (for example, if we are processing your Personal Data on the basis of our legitimate interests and there are no compelling legitimate grounds for our processing which override your rights and interests, or if you object to use of your Personal Data for purposes of direct marketing). You may also be entitled to restrict our use of your Personal Data (for example, where you have challenged the accuracy of the Personal Data and while we are verifying its accuracy). To request that Arist stop processing or delete your Personal Data, please contact us by e-mail at privacy@arist.co.
- You have the right to seek correction or amendment of Personal Data that is inaccurate, untrue, outdated or incomplete.
- In certain situations, you have the right to request erasure of your Personal Data (for example, if the Personal Data is no longer necessary for the purposes for which it was collected or processed, or if our processing is based on your consent and there is no other legal basis for us to process the Personal Data).
If you are located in the EEA or the United Kingdom, you have the right to lodge a complaint with a supervisory authority if you believe our processing of your Personal Data violates applicable law.
12. CALIFORNIA RESIDENTS
This section only applies to our processing of personal information that is subject to the California Consumer Privacy Act of 2018 (“CCPA”). The CCPA provides California residents with the right to know what categories of personal information Arist has collected about them and whether Arist disclosed that personal information for a business purpose (e.g., to a service provider) in the preceding 12 months. California residents can find this information below:
[see images 1 and 2 below]
The categories of sources from which we collect personal information and our business and commercial purposes for using personal information are set forth above.
In addition to the rights set forth in the GDPR section above, California residents (and in some cases, the California resident’s authorized agent) may contact us to request deletion of your personal information.
For purposes of the CCPA, we do not “sell” personal information, nor do we have actual knowledge of any “sale” of personal information of minors under 16 years of age.
California residents have the right not to receive discriminatory treatment by Arist for the exercise of their rights conferred by the CCPA.
13. CHANGES TO OUR PRIVACY POLICY
We may update and amend this Privacy Policy from time to time in our sole discretion. If there are any material changes to this Privacy Policy, we will notify you as required by applicable law. You understand and agree that you will be deemed to have accepted the updated Privacy Policy if you continue to use the Services after the new Privacy Policy takes effect.
14. OUR TEXT MESSAGING PROGRAM POLICY
After enrolling in a Course, users can expect to receive text (SMS) messages each day for the duration of the Course. Each message will be educational in nature and will be no longer than 1,200 characters in length.
You can cancel the SMS service at any time. Just text "STOP" in reply to a text message. After you send the SMS message "STOP" to us, we will send you an SMS message to confirm that you have been unsubscribed. After this, you will no longer receive SMS messages from us. If you want to join again, just sign up as you did the first time and we will start sending SMS messages to you again.
If you are experiencing issues with the messaging program, you may reply to a text with the keyword HELP for more assistance, or you may contact us directly for help at support@arist.co or privacy@arist.co.
Carriers are not liable for delayed or undelivered messages
As always, message and data rates may apply for any messages sent between us and you. Message frequency varies. If you have any questions about your text plan or data plan, it is best to contact your wireless service provider or carrier.
15. CONTACT US
If you have any questions about our privacy practices or this Privacy Policy, or if you wish to submit a request to exercise your rights as detailed in this Privacy Policy, please contact us at:
Arist Holdings, Inc.
2261 Market Street, #4320
San Francisco, CA 94114
Email: privacy@arist.co
Web: www.arist.co