R-PAS Privacy Policy

May 25, 2018

  1. Applicability
  2. Purpose
  3. Your Information
  4. Information From or About Children
  5. Data Encryption, Storage, Retention, and Portability
  6. Contact Information
  1. Applicability

    This online Privacy Policy describes how Rorschach Performance Assessment System®, LLC (“R-PAS®” or “we”) maintain and disclose information collected from each user (“you”) at the r-pas.org website. This Privacy Policy applies to the website and to any information collected through the website. It does not apply to other websites that may be linked to our website, for which users will have to refer to those websites’ privacy policies.

    We may update this policy from time to time. When we do, we will change the date at the top of the Privacy Policy text. Revisions are effective upon posting and continued use of the website following posting will indicate your acceptance of these changes. We encourage you to review our Privacy Policy periodically to review how we are using Your Information.

  2. Purpose

    The purpose of the website is to provide information about R-PAS and R-PAS products and services, to permit users to contact us about our products and services, to share research and educational materials about psychological assessment, to permit users who choose to do so to interact with each other using community forum software, and to allow qualified users who choose to become Account holders to purchase and download R-PAS products and services online. Use of this website is subject to your acceptance of this Privacy Policy and to the Terms of Use at www.r-pas.org and of any updates to them.

  3. Your Information

    1. Personally Identifiable Information

      Personally Identifiable Information means any kind of information we collect from you that could be used to identify, contact, or find an individual, such as name, password, organization name, e-mail address, postal address, telephone number, or fax number.

      Except as otherwise stated in this Policy, we will not sell, rent, or lend your personal information to any third party. If a user sends us e-mails or fills out a contact form on the website, we may use personal information from these sources to respond to inquiries, market our products and services in a general or personalized manner, or request feedback.

      1. Account Application and Marketing

        If you apply to become an Account holder, we may use personal information from your application to confirm your qualifications, authenticate your identity, and to contact you. We may collect personal information from you and our affiliates to fulfill orders for products and services, keep track of transactions, respond to requests for assistance, and to assure compliance of the Account holder with applicable contracts and terms. Upon account approval we add your email addresses to a third-party platform that we use to send notifications, updates, and a newsletter. You can opt-out of receiving all notifications by using the unsubscribe feature that is located at the bottom of every emailed message. Opting-out will remove your email address from that platform completely. This means that you cannot selectively receive certain kinds of notifications (e.g., the newsletter) but not others (e.g., notices concerning system updates).

      2. Community Forum

        If you choose to participate in the community forum, you will be using software that we have linked to the website. We share essential contact information (e.g., your username and e-mail address) with our contracted forum software provider, Website Toolbox. The Privacy Policy of the community forum software provider will apply to all user communications to and from the software provider’s website. Please review their privacy policy before using this service.

      3. Ordering and Fulfillment

        We do not collect personal financial information from any visitors to our website, including Account holders. Account holders who wish to place orders for R-PAS products and services from the website are directed to the webpage of our affiliate, PayPro Global (PPG), a Canadian company, in order to place the order, select shipping options, and make payment. In contrast, Account holders who wish to place orders directly from us are handled differently. Checks and ACH or wire transfers are bank to bank transactions. Credit card orders placed by phone or by email are processed by us either through Square, Inc. or PayPal. Please review the specific privacy policies of these vendors before using these services. Links to each can be accessed here: PPG,Square, Inc., and PayPal. These e-commerce providers do not share your financial information with us but they do provide us with relevant data concerning what you purchased.

        We may share your Personally Identifiable Information, including your name, organization name, phone number, e-mail address, and shipping information, with affiliated third parties under contract with us in order to fulfill the orders you placed for our products and services. We will do this without limitation, which means you cannot tell us not to share this information if you wish to receive what you ordered. We also may share your Personally Identifiable Information in order to provide services or other features offered to our website users. For instance, as described more fully in the previous paragraph (3-a-ii), we will share your username and email address with the third party vendor that hosts our community forum and we will share all of your Personally Identifiable Information if you select an alternative broker to manage your account (see next paragraph).

        If you live in one of several countries (e.g., Brazil, Israel, Italy) you will have the option to select a local psychological test publisher to serve as the broker for your account. They will review your account application and provide you with electronic products, in addition to any print products they may offer. When available, such a testing company is a contracted affiliate of R-PAS. We provide them with access to your basic account information, as stored on the R-PAS site, so they can make allocations to your account. This information consists of the information obtained at the time of your application for an account (e.g., name, username), except for your password, which is not shared. These vendors cannot see and do not have access to any of the specific protocols in your account. They can, however, see and modify the electronic resources connected to your account, including the type of account you have, protocol allocations, Interpretive Guides, and the electronic version of the manual. These account brokers may collect payment information from you. That information is never shared with us. However, please be sure to review their privacy policies if you choose to have them manage your account.

      4. Website Hosting, Programming, and Maintenance

        We work with third-party service providers to provide website and application development, hosting, maintenance, backup, storage, virtual infrastructure, and other services. Our contracts with any affiliated third party with which we share user information requires the third party to keep all information concerning Account holders acquired during the contract confidential and secure.

      5. Transferable Assets

        Although we have no plan to do so, in the course of developing our business, we might sell or transfer all or part of our business assets to a third party. In the event of such a sale or transfer, customer information, including Personally Identifiable Information, will be one of the transferable assets to the extent permitted under law.

    2. Non-personally Identifiable Information

      1. Cookies

        Like most commercial websites, our website uses “cookies,” which are small text files that our website transmits to your browser. These files provide our website with non-personally identifiable information, but do identify your device and its internet access point, your browser, and information about your use of the site. Cookies allow you to remain logged in to the site, help ensure smooth transitions between web pages, and ensure your browser is correctly linked to the data you request, such as results output for a case. We will not link your IP information to Personal Data unless we deem it necessary in order to protect the integrity and security of the website or to monitor compliance with the Terms of Use. You may choose to adjust the security settings on your device to refuse cookies, but this may result in a loss of functionality in some parts of the website, including the scoring program.

      2. Web Analytics

        We may use third party web analytic services, including Google Analytics, to collect visitor information, including web browser, IP address, referring pages, and time spent on the website, on an anonymous basis to gather web trend information. We may use this information for marketing and system administration purposes and to identify problems and improve service. For further information about Google’s Privacy Policy, go to https://www.google.com/policies/privacy/.

      3. Research and System Enhancement and Functioning

        From time to time, we may collect anonymous aggregate information from Rorschach protocols entered by Account holders in the scoring system on the website to enhance the system, ensure its functionality, or facilitate the ability of users to administer, code, score, or interpret protocols. If we deem such steps to be necessary, we will not ask for your permission to use the information that is present on the site. On occasion, we may wish to conduct research for publication using protocol data that has been entered into the website by proficient account holders. Prior to doing so, we will contact the user to gain their permission for us to use their protocols in this manner. We will not collect any information from protocols for publication-oriented research purposes unless the user has affirmatively granted permission.

  4. Information From or About Children

    1. This website is not intended for use by children, including anyone under the age of 13. R-PAS will not knowingly collect or process any Personally Identifiable Information from anyone under the age of 13 on this site.

    2. R-PAS Account holders may choose to use the scoring system on the website to score Rorschach protocols obtained from children and adolescents, including children under the age of 13. However, as specified in the Terms of Use, no Protected Health Information (as defined by the Health Insurance Portability and Accountability Act of 1993, a/k/a HIPAA) concerning test takers, including their names, birthdates, addresses, or identification numbers that can be correlated with a list of names may be entered by users when uploading protocols or scoring information, including any children under the age of 13.

  5. Data Encryption, Storage, Retention, and Portability

    We make commercially reasonable efforts to protect all personally identifiable information from misuse, unauthorized access, or accidental loss. However, even though every communication with the R-PAS website once a user has logged into their account is encrypted using https protocol, you should be aware that there is an inherent risk in transmitting any data electronically, because of the presence of online practices such as detection, decryption, tampering, spoofing, phishing, or eavesdropping. You agree to hold us harmless from any harm, financial or otherwise, that results from unauthorized interception, viewing, or use of electronic transmissions or emails. You also are solely responsible for maintaining the security of your private information by using secure passwords and adequate malware protection and preventing unauthorized use of your computer or other web-enabled device.

    Transmission of information to and from our site is secured by Single Socket Layer (SSL) encryption. Through use of our website and transmission of information to us electronically, you consent to cross-border and international transmission of any data you submit. We verify the security of our website using a widely recognized vendor, GeoTrust, and using the highest level of authentication available among SSL certificates, which requires personal verification of our legal identity as a business and ownership of the www.r-pas.org domain. Although the security of transactions with our website are determined in part by your browser, our server provides the highest level of encryption possible with current internet speeds, which is 256-bit SSL encryption for ongoing transactions and a 2048-bit root certificate for initial encryption during connection and calibration. Please see information related to GeoTrust’s True BusinessID with Extended Validation Certification Practices here.

    Our data hosting provider is Cartika, with locations in both the United States (Dallas) and Canada (Toronto). They host, store, and retain system data. System backups are performed 15 times per day, with the site monitored through proactive management to guard against problems, and all data is protected with full and file-specific restore capabilities in the event of system failure. Cartika retains backup files until our storage limits are reached, after which they are purged and cannot be recovered.

    We retain information you enter into the site until you decide to delete it. You may delete all of your protocols, and all the protocols of any sub-users under your account. However, because of its risks, we do not provide a button to delete your whole account. If this is something you wish to do, contact us for assistance. We will honor your wishes and not retain any of the information you formerly possessed. We reserve the right to terminate an account if it has been inactive for a period of three or more years.

    You can change virtually all pieces of information associated with your account and its protocols on your own. Thus, you are readily able to fix any inaccuracies with most information. The exceptions relate to your username and account type (e.g., owner, student or supervisee), protocol-specific information generated by our program (i.e., when it was entered, who entered it, and how many times it has been edited), and the allocation of electronic products in the account. If you believe there are inaccuracies in any of that information, contact us and we will help correct it.

    You may download all the data you have entered into the site at any time using the Export function available when viewing protocols. The export function produces a highly portable comma, tab, or semi-colon separated file that can be readily imported into spreadsheet software. The export function works with protocols; it does not export the information associated with the owner of an account or any subaccounts that may have been created. That information consists of the user’s name, address, email address, phone number, and username. If necessary, we can assist you with exporting this information.

  6. Contact Information

    1. Any requests to access, correct, update, or remove personal information relating to a user, or questions or concerns about this Privacy Policy should be directed via e-mail to info@r-pas.org or via post to Rorschach Performance Assessment System, LLC; P.O. Box 12699; Toledo, OH 43606. You also can contact us using our customer support line by calling 567-316-0056.

    2. You may use the same methods to contact us about making requests to opt out of receiving marketing materials concerning R-PAS products or services. However, as long as you use our services or maintain a business relationship with us, you may not opt of receiving communications from us relating directly to those products and services, or to your business relationship with us.