1. DATA PROCESSING AND STORAGE
1.1 Processor. We are a processor of Data (“Processor”) provided to us by you or collected by us from you or a third party you have authorized.
1.2 Subprocessors. We use third party service providers to help operate, support and improve our Services (“Subprocessors”). In the course of providing their services, they may access or process data.We only utilize Subprocessors that meet industry standard data privacy and security requirements and best practices.
2. LAWFUL BASIS
We only collect and process your Data where we have lawful basis. Our lawful basis includes consent (where you have given it), where necessary for us to operate our Services, and for our legitimate interests, including (i) complying with applicable law, (ii) protecting against security or other threats, (iii) improving our Services, and (iv) addressing customer relationship issues.
3. DATA USE
We may use your Data to:
- operate our Services;
- deliver our Services to you;
- manage our relationship with you;
- perform analysis of your use of our Services;
- communicate with you about your Plan options;
- enforce our Terms and any applicable Other Agreements.
4. PERSONALLY IDENTIFIABLE INFORMATION
4.1 Definition. Data includes personally identifiable information about you such as your username, name and email address (“PII”).
4.2 Accessing and Using Services. You can choose what information to share with us. If you choose to withhold PII requested by us, it may not be possible to access or use our Services or portions thereof.
4.3 Collecting PII. We may collect PII from you:
- when we correspond with you;
- when you register for an Account;
- when you complete a survey;
- when you contact us for help;
- when our Services send us error or application data reports.
5. DATA RETENTION
We may retain records of Data related to your use of our Services, including usage and activity logs. We retain PII you give us only for (i) as long as your account is open or (ii) otherwise for a limited period of time as long as we need to fulfill the purposes for which it was collected, unless otherwise required by law.
6. DATA REMOVAL
You may request that we delete your Data. To do so, please email us at firstname.lastname@example.org Complying with your request may require termination of your Account. Selective or partial deletion of your Data may not be possible without hindering your ability to access or use our Services and may require we suspend, limit access to or terminate your Account. Note that we may not be able to delete any de-identified PII about you.
7. DATA SHARING
7.1 Selling PII. We will not sell your PII to any third party without your permission.
7.2 Disclosure by You. Any Data you choose to make publicly available via our Services (such as posting comments, reviewing items, etc.) will be available to others.
We do not display advertising in our Services.
10. PRIVACY OF CHILDREN AND COPPA
We respect the privacy of children. Our Services are compliant with the Children’s Online Privacy Protection Act (“COPPA”). We do not knowingly or directly collect PII from anyone who we know to be under the age of 13. We do not email any such person. We do not share Data about any such person with Subprocessors or third parties. If we discover that a person under the age of 13 has provided us with any PII, we will use commercially reasonable efforts to remove it from our Services.
11. STUDENT DATA PRIVACY
We are concerned about student data privacy and make privacy and security safeguards and commitments specifically to protect student Data.
11.1 Authorized Use. We do not collect or use student Data for any purpose other than to operate and provide our Services to students as described herein and in our Terms.
11.2 FERPA. Our Services are compliant with the Federal Educational and Privacy rights Act (“FERPA”).
11.3 Data Ownership. Consistent with our Terms, we do not claim ownership of student Data. If a student Account is on an individual Plan, the associated student Data is owned by the student. If a student Account is on a Group Plan, the student Data is owned by the Group Plan Owner, which may be the student’s teacher or educational institution (e.g. school, school district, college or university). If allowed by the Group Plan, the student may associate a personal email address with their Account in order to continue accessing and using their Account and Content if and when their Account is no longer on the Group Plan. Once that occurs, the student Data is owned by the student and the student Account becomes a separate, personal account (“Personal Account”).
11.4 Parent Access. The parent or legal guardian of a student may access, correct, update, change or delete the student’s PII at any time via the student’s Account settings.
11.5 Third Party Disclosure. Unless legally prohibited, if law enforcement contacts us with a request for student Data, we will redirect them to request the data directly from the owner of the student Data, which may be the student (or their parent or legal guardian) or their educational institution, depending on which Plan the student’s Account is on.
12. DATA SECURITY AND PROTECTION
We are concerned about protecting your Data.
12.1 Secure Service. Our Services have security measures in place designed to prevent the loss and unauthorized use or disclosure of your Data. We make best efforts to secure usernames, passwords and other means of gaining access to our Services via your Account.