Home

Services

Pricing

Contacts

Cart

Privacy Policy

Privacy Policy

The policy relates to the TopSM platform and all user data collected and managed through the platform to deliver TopSM Services.  If you use TopSM Services (a “User”) this policy applies to you and you are bound by it.  If you disagree you must stop using TopSM  Services and close your account.  

  1. Our commitment

Everto Teenus OÜ trades as “TopSM”, and is located in Tallin, Estonia.  TopSM respects User’s rights regarding their privacy and information, taking great care with any personally identifying information.  As an Estonian domiciled entity, the TopSM platform is subject to the laws of Estonia and regulations of the E.U. The General Data Protection Regulation (effective from May 2018) and Data Protection Acts 1988-2018 in Estonia apply to the safeguarding and processing of personal data that could be used to identify any citizens of the E.U.. TopSM is committed to complying with its legal obligations in this regard, not just to data subjects (Users) in the E.U. but to extend the same courtesy to all TopSM Users worldwide.

This policy is based on obligations created through General Data Protection Regulation in the E.U. and other equivalent legislation worldwide such as the California Consumer Privacy Act in the US. 

  1. Collection, processing and storage of data

The TopSM platform may collect and process personal data relating to past and present users and learners in the course of business. TopSM collects data directly from the User input but also in automated ways such as through system logs, cookies, web beacons and integration with third-party service providers.  Processing of data includes: collecting; recording; storing; altering; disclosing; destroying; and blocking. This policy governs TopSM’s approach to data and does not apply to any third party organisations which may have integrated their systems to the TopSM platform. 

  1. Personally Identifying Information (PII)

Personally Identifying Information (PII) may be required to uniquely identify a User upon Registration (e.g. a personal email address) and other information may be required to complete purchases and receive certification if requested.  You may also be invited to create a personal profile and resumé (including date of birth, existing education, work experience and career ambitions) and to generate or supply other personal information (such as completing personality, psychometric and workplace assessments) to build out your profile to determine your suitability for different careers, job opportunities and to establish your own tailored learning pathway.  You will have the option to share or unshare some or all of this information in your own public profile.   

Personal data is stored within your User account on the platform and access is completely restricted via encrypted networks and access permissions in order to ensure the highest levels of confidentiality and protection.  No personal data is available to download or remove from the platform by employees or third parties, and TopSM ensures that only authorised personnel have online access to a User’s account data.  

  1. Course information

After registration, a User can enroll in a course offered by TopSM or its affiliated Publishers.  Aggregated data on age, gender (where available) and country of origin is shared with affiliated Publishers relating to the Users enrolled on the courses they teach, and is subject to a legal agreement between TopSM and each individual Publisher.  There is no way for a Publisher to access or derive User level information from this aggregated information.  

TopSM processes certain data relevant to the publication and playback of course content by publishers and learners. Certain data is collected to ensure Users, publishers and learner progress are uniquely identified and accurate records are maintained in order to deliver the TopSM learning service and to comply with relevant legal obligations.  This will include regular emails to keep Users informed of their progress and make various suggestions and recommendations. Patterns of usage behaviour and course content evaluation is also collected and stored as metadata to help TopSM and Publishers improve the services and offer the most appropriate content and courses to registered Users. 

  1. Third party information processors and service providers

All User personal data is stored securely on third party cloud-based electronic storage and safeguarded. User purchases of physical goods require a home delivery address to process orders. TopSM  uses payment processing and fulfilment partners who will receive sensitive PII to enable payment collection and when necessary, physical fulfilment. Highly sensitive data, such as credit card information and passwords are never received by TopSM (e.g. when you allow third party authentication via your social media sign-on, or by choosing third party payment providers such as Paypal or Stripe, that isolate TopSM from your payment details). Recurring payment details are stored by a third-party payment provider that you choose and not by TopSM.  Although TopSM allows Users to register with their social media single sign-on (such as Facebook, Google, Linked-in etc.) the information available on these third party platforms is governed by their terms and information sharing practices. TopSM only takes necessary information from these social platforms (i.e. your name, email address, and country for legitimate purposes) and does NOT take any other personal or social information on your friends and contacts from these platforms.  

TopSM tests and operates a number of analytical tags, scripts and tracking pixels (also known as web beacons) from third party providers such as Google, Facebook, Bing, and Hotjar) to enable browser and mobile analytics that measure page views and sessions. This helps TopSM  understand User behaviours as the visit, navigate and leave the TopSM platform.  

TopSM provides free learning supported through advertising services managed by third parties.  TopSM  both buys online ads and sells online ads through third party providers (e.g. Google AdWords, Bing, Facebook Ads and Google AdSense). Cookies and tracking pixels are used by advertising service providers as independent third party data controllers to enable personalised advertising to the User based on intent, search history and demographics built up by advertising service providers over time. TopSM has no access to these third party cookies or tracking technology nor any control over how third party advertising service providers use the data they collect.

  1. Technical data collection

As an internet based service, web server log files are also collected and monitored for usage and behaviour patterns over time. User device information and IP addresses are also collected to understand platform traffic flows how each User interacts with TopSM Services and to ensure the right balance of technical support, customer service resources and device expertise is available to Users.  

TopSM  also stores and uses cookie information (a piece of text saved on each User’s device) to help track unique user sessions, to personalise TopSM Services for the User.  TopSM stores Preference, Security, Functional and Session cookies to tailor the usage experience, securely automate User login and enable purchase transactions. TopSM uses web beacons to help monitor email communications with our registered Users to understand which messages are successfully delivered and read.

  1. User consent and self-service control

By using TopSM Services and directly inputting your information on the platform, you the User are consenting to the collection and use of your data by TopSM. You have full access to your information through your user account, and are responsible for ensuring that you keep your personal details up-to-date through the platform.  You have the power to modify your personal data and the power to deactivate your account and request the removal of your personally identifiable information when you delete your account.  You may modify your email client, browser settings or use browser add-ons to control how cookies, beacons and other third-party services work.  Privacy settings are also provided on your mobile device operating system to give you more control over your data.  Reducing the level of data shared and advertising options may reduce the quality of, or disable, some or all TopSM services. 

To understand and control how the digital advertising industry uses your data please visit the Network Advertising Initiative’s Consumer Opt-Out link or the Digital Advertising Alliance’s Consumer Opt-Out link.  These help you to opt-out of receiving tailored advertising from companies that participate in those programs. To opt out of Google Analytics for display advertising or customize Google display network ads, You can visit the Google Ads Settings page.  Opting out means that your personal data is not used to personalise ads.  Opting out does not mean you will not receive ads.  TopSM has no affiliation nor control over these industry initiatives and how you use these tools is your own responsibility. 

TopSM recognises the privacy interests of children. Parents and guardians need to take an active role in their children’s online activities and interests. Digital consent is generally not legally recognised for children under the age of 13, or under the age of 16 where such children reside in the European Economic Area. Parents and legal guardians should not allow their children defined as such to register, enrol and learn on the TopSM platform without full time supervision. TopSM reserves the right to delete any User account that we discover was created by a child unable to give digital consent. If a parent or guardian discovers that TopSM has unlawfully collected the personal information from a child please contact our data protection officers who will take all reasonable steps to delete such information promptly. 

  1. Retention of data

TopSM is under a legal obligation to keep certain data for a specified period of time. Furthermore TopSM aggregates data and anonymises User accounts that are deleted so that it is no longer reasonably associated with an identified or identifiable natural person. Such Other Information is used by TopSM for other relevant business purposes for as long as necessary.  This may include keeping Other Information after the User has deleted their account for whatever period of time needed for TopSM to pursue its legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce commercial agreements. 

  1. Security and disclosure of data

The organisation will take all reasonable steps to ensure that appropriate security measures are in place to protect the confidentiality of electronically stored data. The platform is large and public and subject to regular attack by hackers.  The platform has been hardened extensively over time however no online system is perfect or immune from breach. TopSM has appropriate security measures in place to protect against unauthorised access.  Safeguards are applied to the processing and retention of data. These include:

Limitations on access to prevent unauthorised consultation, alteration, disclosure or erasure of personal data.

  • Strict time limits for erasure of personal data in line with our retention policy.
  • Logging mechanisms to permit verification of whether and by whom personal data has been consulted, altered, disclosed or erased.
  • Pseudonymisation, anonymisation and encryption. 
  • The platform databases are not accessible directly by employees or software developers other than authorised DevOps administrators. Multi factor authentication is required for all authorised DevOps administrators to ensure access to sensitive data is restricted to the maximum possible. 
  • Security measures will be reviewed from time to time, having regard to the technology available, the cost and the risk of unauthorised access. 
  • Security measures will be reviewed from time to time, having regard to the technology available, the cost and the risk of unauthorised access. 

Customer Support employees will have access to a certain amount of personal data relating to users and other third parties. Employees must not disclose User’s personal data, except where necessary in the course of their employment or in accordance with law. They must not remove or destroy personal data except for lawful reasons and with the permission of the organisation. Any breach of the data protection principles is a serious matter and may lead to disciplinary action up to and including dismissal. All TopSM employees must adhere to the following data protection principles:

  • Process data fairly, lawfully and transparently.
  • Keep data only for specified, explicit and legitimate purposes.
  • Process data only in ways which are compatible with the purposes for which it was given.
  • Ensure data is accurate and up-to-date.
  • Ensure data is adequate, relevant and limited to what is necessary for the purpose for which it was given.
  • Keep data safely and securely.
  • Retain personal data for no longer than is necessary for the purpose for which it is processed and in line with the company’s data retention policy.

Users have an obligation to keep their User account credential sufficiently strong, protected for safe-keeping and private to themselves to prevent unauthorised access. Users must monitor and control all activity on their account.  If you suspect a breach of your account please change your password immediately and contact TopSM  customer support so that the impact can be minimised. 

Were a data breach to occur and if such a breach puts individuals’ personal rights and freedoms at risk and TopSM is unable to contain those risks, all affected individuals will be notified expeditiously.  Furthermore TopSM ’s data protection officers will inform the Data Protection Commissioner in Estonia so that they are aware and can monitor the response. 

  1. Data Protection Officers

The directors of the company are ultimately responsible for your data, and have nominated a named Data Protection Officer for TopSM (“DPO”). The DPO is are responsible for assisting the organisation in monitoring and maintaining compliance with data protection legislation. 

  1. Access requests

Users across the world may have certain statutory rights in relation to their personal data. Subject to any exemptions provided by law, you may have the right to request access to Information, as well as to seek to update, delete or correct this Information.  Your TopSM User Account provides the settings and self-service tools needed for these requests.  Please contact TopSM  Customer Services if you wish to get a complete copy of all your electronic data held about you as a User.  If a User opts to delete their User account, TopSM will delete all PII, Profile and Resumé data, and will irreversibly anonymise their learner record. 

There is no charge to use TopSM’s User account self-service tools.  However the company reserves the right to charge a fee to process any further Subject Access Request. The organisation will, in most circumstances, provide this data within one month. In some cases, due to the complexity of the request or the number of requests being handled by the organisation, the organisation may require a further two months to provide this data. 

Users are only entitled to access data about themselves and will not be provided with data relating to other users or third parties.  However some user data may have been disclosed publicly on TopSM forums for example.  It may be possible to block out User data relating to a third party or conceal the User’s identity, and where this is possible the organisation will endeavour to do so.  

  1. Right to object

Users may have the right to object to data processing that is causing them distress and/or to make corrections to personal data which is inaccurate. Where such objection is justified, the organisation will cease processing the data unless it has a legitimate interest that prevents this. TopSM will make every effort to alleviate the distress caused to the individual. An objection should be made in writing to the Data Protection Officer, outlining the data in question and the harm being caused.

  1. International transmission of data

Based in the Republic of Estonia, TopSM operates on a global basis and it may be necessary in the course of business to collect or transfer User personal data across state boundaries, to share data with other group companies in countries outside the European Economic Area, and to share information with third party service providers.  The transfer of such data is deemed necessary for the management and administration of your User Account and delivery of TopSM Services. Some states do not have comparable data protection laws to Estonia or the EU.  When data transfer is necessary, TopSM will take steps to ensure that the data has an equal level of protection as it would in Estonia or as expected within other leading international jurisdictions. Furthermore TopSM will only transmit data to companies that agree to guarantee the same level of protection. For more information, please contact TopSM’s Data Protection Officers.

  1. Policy review and modification

TopSM has completed a Data Protection Impact Assessment and put the necessary policy and procedures in place to minimise risks to users data privacy and maximise data protection. This policy will be reviewed from time to time to take into account changes in the law and the experience of the policy in practice. Updates will be posted to the website when available. Material updates will be circulated to each User via the registered User email on the User Account. Continued usage of the TopSM Service is deemed to be User acceptance of this policy as permitted by applicable law.

Changes to this Policy

We will notify you of any changes by posting the new Policy on TopSM with a new effective date. If we make a material change to this Policy, we will take reasonable steps to notify you in advance of the planned change.