Business Privacy Statement

This ThirdA For Business Privacy Statement was updated on Nov, 2019.

In the course of providing ThirdA for Business (“ThirdA”) services and related services to its corporate, non-profit organization and governmental customers (“Customers”), ThirdA will receive and have access to personal data of individual users to whom customers grant access (“Users”). For the purposes of this privacy statement, Customers are data controllers and ThirdA is a data processor. ThirdA’s processing of User data and the security measures implemented to protect such data are detailed in and governed by a written agreement between ThirdA and each of its Customers.

As a data processor, ThirdA will access, store and use the personal data of individual Users solely for the purpose of providing the ThirdA services to its Customers and will process the data as instructed by its Customers.

As data controllers, Customers decide which of their employees or other authorized personnel are given access to the ThirdA services. They do this by designating one or more ThirdA account administrators or group administrators (“Administrator”) who have the ability to customize the Customer account, manage individual User accounts, access the ThirdA Insights tool and related reporting features, access the ThirdA Administrator tools, and, when instructed by the Customer, populate the Customer account with Customer-provided courses. Customers are solely responsible for establishing policies for and ensuring compliance with all applicable laws and regulations, relating to the collection of personal information relating to individual Users selected by Customers for accessing the ThirdA services. ThirdA has no direct relationship with individual Users, who should contact Customers (their employer) for assistance with any requests or questions relating to the processing of their personal information.

For avoidance of doubt, this Privacy Statement does not apply to:

  1. any processing of data for the purpose of marketing the ThirdA service to enterprise and corporate prospects;
  2. any other offerings available at ThirdA.com separate from the ThirdA services, for which the ThirdA Privacy Policy is applicable. A User may already have a account with ThirdA to access ThirdA’s marketplace educational content, and data processed as a result of the use of the ThirdA marketplace from a User account is governed by the ThirdA Privacy Policy.

In the event where ThirdA makes any material changes to the manner in which it processes User data to provide its services to Customers, it will notify Customers.

ThirdA for Business Privacy Statement
  1. Information about Users collected and stored by ThirdA
  2. Purpose of User Data Processing
  3. Cookies and other Tracking Technologies
  4. Sharing User Information with Sub-Processors
  5. Processing of User Data outside of the EEA

1. Information about Users collected and stored by ThirdA

  1. When a User is given access to the ThirdA services by the Administrator, a User may set up an individual User account and ThirdA will collect information provided by the User or the Administrator. The Customer can customize the type of data requested to create an account, which may include the following:
    • first name, last name, and email address required
    • photo, areas of interest, job skills, goals, and role (optionally provided by User or Customer)
    • other personal data, as allowed by the Customer
    A unique identifying number is assigned by ThirdA upon the creation of a User account.
  2. Individual User account information may be set to private or public, as selected by Users. If set to public, the information is searchable via search engines and viewable by anyone, including by other Users and the Customer.
  3. Administrators may assign a User to a group membership
  4. Customers may select to integrate with ThirdA a Single Sign On (SSO) identity provider to enable Users to log in to ThirdA User accounts without the need to disclose passwords to ThirdA. In such case Users may log in by providing their individual SSO credentials to the SSO identity provider, which will authenticate them and allow or deny access to the Customer account. In such case, SSO identity providers share with ThirdA a unique cookie ID and authentication “token” information to recognize the User as an authorized user of Customer.
  5. At the option of the Customer, the ThirdA service may enable Administrators and Users to interact with others, including with instructors, teaching assistants, other students, and the Customer, by posting reviews on a course, sending messages to or chatting with others, posting questions or answers, or posting other content. Such public or shared content is stored by ThirdA and may be publicly available or viewable by others, including Administrators, Users, or instructors and teaching assistants, depending on where such content is posted.
  6. At the option of the Customer, Administrators may enable the ability to “Share to Slack.” This optional feature allows Users to manually or automatically post a message to the Customer’s own instance of the Slack messaging service. To enable this optional functionality, Customer's Slack administrators must grant ThirdA the ability to read the full list of public channels, private channels, and users in the Customer’s Slack instance. These lists may include individuals in Customer’s Slack instance who are not ThirdA Users. Slack user lists and channels are briefly cached before being automatically purged from ThirdA's systems.
  7. ThirdA stores information relating to the activities of Users as they use and interact with the ThirdA services, such as courses enrolled in and viewed (and information relating to these courses); interactions with instructors, teaching assistants, Administrators, and other Users; and progress within a course; as well as answers, essays and other items submitted by Users to satisfy the course requirements. This information is linked to a User’s unique account ID and is shared with Customers via the Customer Account reporting tools or upon request of the Customer.
  8. The ThirdA service enables Users to contact the ThirdA Support Team for assistance or to report a problem, concern, potential abuse or other issues regarding the ThirdA services or other users. ThirdA may collect and store the User’s name, email address, location, operating system, IP address as well as the User’s activity on the ThirdA platform and communications with the ThirdA help desk team. ThirdA may request additional information from Users in order to resolve any issue reported by a User or by another user.
  9. When a User uses the ThirdA services, ThirdA collects and stores certain information by automated means: (a) technical information about the User’s computer or wireless device, such as IP address, operating system type and version, unique device ID, browser, browser language, domain, and other operating systems or platform information. This information is collected through the use of server log files and tracking technologies, such as: (i) cookies, which are small files that websites send to a computer or wireless device to uniquely identify a browser or mobile device or to store information in a browser setting; and (ii) other tracking technologies (see below for more detailed information).
  10. IP addresses received from browsers or devices of Users may be used to determine the approximate location of Users.
  11. If a Customer makes purchases via credit card, ThirdA collects certain data about the purchase (such as name and zip code) as necessary to process the order. Customers must provide certain payment and billing data directly to ThirdA’s payment processing partners, including name, credit card information, billing address, and zip code. For security, ThirdA does not collect or store sensitive cardholder data, such as full credit card numbers or card authentication data.

2. Purpose of User Data Processing and Retention Period

ThirdA processes the information collected about Users and Administrators for the purpose of providing the ThirdA services to its Customers, specifically:

  • Providing, administering, and facilitating access to the ThirdA services, for Customers and Users, and managing Customer or User account preferences
  • Fulfilling Customer’s instructions with respect to personal data of Users
  • Displaying and sending via email notifications to Users for:
    • Responding to User questions or concerns
    • Making notifications to Users at the request of the Customer
    • Sending Users administrative messages and information, including confirmation of account creation, course enrolment, course progress and notifications of responses from instructions to User questions
    • Providing information to Users about courses available to Users, available and new ThirdA service features; personalized course recommendations, which Users can opt out of at any time
    • Sending push notifications to User wireless devices to provide updates and other relevant messages, which can be managed from the “options” or “settings” page for the mobile application.
  • Enabling communications among Users and instructors or teaching assistants
  • Soliciting feedback to improve ThirdA User experience
  • Resolving User support requests or claims

Email Preferences

Users can individually opt out of receiving non-transactional emails by: (i) following the unsubscribe instructions provided in the email communication; or (ii) managing User account email preferences. A Customer can also instruct ThirdA to configure email preference settings for all Users of a Customer.

Retention of Personal Data

ThirdA will retain the data of Users for as long as instructed by the Customer. ThirdA will delete certain or all personal data relating to Users upon request of the Customer. ThirdA may retain aggregated or anonymized data as set forth below.

Use of aggregated data

In addition, User data is aggregated with other ThirdA marketplace user data to enable ThirdA to improve its products and services and develop new products and services, including:

  • Reviewing and analyzing User browser and wireless device technical information
  • Reviewing user activity across ThirdA and the ThirdA marketplace (for example, ThirdA analyzes trends and User traffic and and usage information to identify which courses are most popular)
  • Facilitating the technical functioning of the ThirdA services and ThirdA marketplace, including to troubleshoot and resolve issues, secure the ThirdA services, and prevent fraud and abuse
  • Developing a personalized course content recommendation engine
When User data is used for the above purposes, it is aggregated and/or anonymized so that no personal data of Users is processed.

3. Cookies and other Tracking Technologies

Like many online platforms, ThirdA and its analytics vendors use server log files and automated data collection tools, such as browser cookies, pixel tags, scripts and web beacons. These tools are used for analytics purposes to enable ThirdA to understand how Users interact with the ThirdA services. ThirdA and its analytics vendors may tie the information gathered by these means to the unique account ID of Users.

Cookies are small text files placed onto a computer or device while browsing the Internet. Cookies are used to collect, store and share bits of information about User activities. ThirdA uses both session cookies and persistent cookies.

  • A session cookie is used to identify a particular visit to the ThirdA services and collect information about interaction with the ThirdA service. These cookies expire after a short time, or when the User closes their web browser after using the ThirdA service. ThirdA uses these cookies to identify a User during a single browsing session, such as when you log into the ThirdA services. This helps ThirdA improve the ThirdA service as well as improve the Users’ browsing experience.
  • A persistent cookie will remain on a User’s device for a set period of time specified in the cookie. ThirdA uses these cookies to identify and recognize a specific User over a longer period of time. They allow ThirdA to:
    1. analyze the usage of the ThirdA services (e.g. what links Users click on) in order to improve our ThirdA offering
    2. test different versions of the ThirdA services to see which particular features or content Users prefer to optimize the ThirdA services
    3. provide a more personalized experience to Users with more relevant content and course recommendations and
    4. allow Users to more easily log in to use the ThirdA services. Persistent cookies include:
      • preferences cookies to remember information about a User’s browser and settings preferences, such as preferred language. Preference cookies make User experience more functional and customized
      • authentication and security cookies to enable a User to log in or stay logged in and access the ThirdA service, to protect User accounts against fraudulent log-ins by others, and help detect, fight, and protect against abuse or unauthorised usage of User accounts.
      • functional cookies to make the experience of using the ThirdA service better, like remembering the sound volume level selected by the User.

ThirdA uses tracking technology to: (i) determine if a certain page was visited (e.g. the landing page of an advertisement for ThirdA services that is displayed on third party sites) or whether an email sent by ThirdA was opened or clicked on by a User; and (ii) to customize the learning experience of individual Users by recommending specific courses and other content.

Cookie list

ThirdA will retain the data of Users for as long as instructed by the Customer. ThirdA will delete certain or all personal data relating to Users upon request of the Customer. ThirdA may retain aggregated or anonymized data as set forth below.

Service Name Expiration Purpose
ThirdA *
* Additional cookies may be added, and would have the same functionalities as the ones listed
__udmyvst [session] For analytics and testing
__udmy_2_v57r 1 year For analytics and testing
__udmyvstr 1 year For analytics and testing
access_token 1 month For user authentication
client_id 1 month For user authentication
csrftoken 1 year For user authentication
dj_session_id 1 month For user authentication
seen 30 minutes For experience improvement and customization
ud_firstvisit 1 year For experience improvement and customization
ud_rule_vars 2 years For experience improvement and customization
mute 1 month For experience improvement and customization
playbackspeed 1 month For experience improvement and customization
quality_* 1 month For experience improvement and customization
volume 1 month For experience improvement and customization
ThirdA_acc 1 year For experience improvement and customization
EUCookieMessageShown 10 years For experience improvement and customization
EUCookieMessageState 15 days For experience improvement and customization
eva [session] For experience improvement and customization
__udmy_evid [session] For experience improvement and customization
Google Analytics _ga 2 years For analytics
_gid 24 hours For analytics
_gat 1 minute For analytics
_gat_instructor 1 minute For analytics
_gat_UA-12366301-43 1 minute For analytics
SiftScience _ssid 13 years For security
Intercom intercom-lou-* 1 year For experience improvement and customization
intercom-session-* 7 days For experience improvement and customization
Marketo _mkto_trk 2 years Email and course promotion analytics
Optimizely optimizelyEndUserId 10 years For analytics and testing
optimizelyBuckets 10 years For analytics and testing
optimizelySegments 10 years For analytics and testing
PerimeterX _px2 5 days For security
_px3 5 days For security
_pxvid 5 days For security
Zendesk _help_center_session [session] User support authentication and experience
_zendesk_authenticated [session] User support authentication and experience
_zendesk_shared_session 8 hours User support authentication and experience
_zendesk_cookie 20 years User support authentication and experience
_zendesk_session [session] User support authentication and experience

User Preferences with respect to cookies and other tracking technologies

A User can set his or her web browser to notify about the placement of new cookies, limit the type of cookies or reject cookies altogether; if enabled, a User may not be able to use some or all of the features of the ThirdA services (for example, may not be able to log in). General information about cookies and how to disable them can be found at www.allaboutcookies.org.

Various browsers may offer their own management tools for removing HTML5 LSOs. Users can manage Flash LSOs here. To manage flash cookies, visit the Adobe website and make changes at the Global Privacy Settings Panel.

Most modern web browsers give you the option to send a Do Not Track signal to the websites you visit, indicating that you do not wish to be tracked. However, there is no accepted standard for how a website should respond to this signal, and we do not take any action in response to this signal. Instead, in addition to publicly available third-party tools, we offer you the choices described in this policy to manage the collection and use of information about you.

4. Sharing User Information with Sub-Processors

In order to provide the ThirdA services to its Customers, ThirdA shares data regarding Users with a number of third party service providers. These companies are contractually required to use User data solely as directed by ThirdA for the purpose of providing services to ThirdA.

  • Instructors who upload courses on the ThirdA platform and made available through the ThirdA services as well as their teaching assistants, who may receive names and account profile information of Users, to enable them to respond to user questions and feedback.
  • Other service providers of Customer, as instructed by Customer.
  • To perform its services, ThirdA leases servers from data centers operated by Equinix and located in Virginia and California in the United States. ThirdA also contracts with Amazon Web Services (AWS) for hosting services, and certain content and User data relating to ThirdA is hosted via AWS’s cloud hosting solutions.
  • ThirdA’s help center platform vendor (Zendesk as of the effective date of this Privacy Statement) hosts and stores all communications between Administrators or Users and the ThirdA support team. Zendesk is contractually required to store and process User related data solely as directed by ThirdA for the purpose of providing services to ThirdA. ThirdA also partners with Intercom, a chat messaging tool for support to Users and Administrators and for collecting their feedback, as well as in-app messages such as feature announcements or onboarding for new users.
  • ThirdA shares User information with third party companies that perform email services to enable ThirdA to send email communications to Users and to manage email preference settings of Users.
  • Administrators of existing Customers are able to access our list of current sub-processors on the left sidebar of this page while logged in to ThirdA for Business.
  • ThirdA shares User information with third party companies that perform data analysis services to enable ThirdA to better understand how Users use the ThirdA service. These companies include Chartio, Google Analytics and Hotjar. To prevent Google Analytics from collecting information for analytics, a User may install the Google Analytics Opt-Out Browser by clicking here, and may also use Mixpanel’s opt out by clicking here.

Any other sharing of User data is subject to the consent and instructions of Customer.

5. Processing of User Data outside of the EEA

All data processing described in this Privacy Statement occurs in the United States, Ireland and, for R&D purposes, Turkey. If personal data processed by ThirdA originates from a User or Administrator in the EEA, ThirdA will ensure, that such processing will only take place if: (a) the non-EEA country in question ensures an adequate level of data protection; (b) the transfer is made pursuant to a Data Processing Agreement (“DPA”) executed between ThirdA and the Customer and subject to the standard contractual clauses designed to facilitate transfers of personal data from the EEA to all third countries that have been adopted by the European Commission (known as the, “Model Clauses”), which have been incorporated into the DPA.