GDPR Compliance Update
The EU’s General Data Protection Regulations (GDPR) take effect May 25, 2018, and we are fully behind the spirit of these regulations for a safe and secure Internet. We aspire to embrace privacy by design and, whenever possible, to not collect and store personally-identifiable information.
Overall, we aim for privacy by default: if data collection is not integral to the way our product works, then we won’t collect it. We are proud of our existing attitude towards data, because it means that we only need to make a few tweaks here and there to ensure we are compliant with the GDPR. Below is a summary of what we are doing to be GDPR compliant, and what it will mean for you as a Plickers customer.
Updated: June 12, 2018
1. Information We Collect
- Analytics information: We automatically collect the Internet Protocol (“IP”) address and Device Identifier associated with a user’s device. A Device Identifier is a unique string of letters, numbers and/or other characters that is automatically assigned to your device by the device manufacturer. We may also collect additional information such as the time and date when you logged in, the browser type and version, the operating system of the device, the make and model of your device, installed plug-ins, the number of clicks you make and the actions you take within the Services, the pages you visit and the referring/exit pages and URLs (“Analytics information”). We use third-party service providers to assist us in collecting and understanding Analytics information.
- Location information: When you access the Services, we also may access, collect, monitor and/or remotely store location data regarding the location of your device. This location data may be derived from your IP address or collected from the GPS features of your mobile device. Location data allows us to understand the geographic distribution of individuals who use our Services, and we may pair that with your personal information in order to understand how our Services are used. When we do so, the combined information will be treated as Personal Information. Some features of the Services, particularly location-based services, may not function properly if use or availability of location data is impaired or disabled. To manage location services, check the settings on your mobile device or contact your mobile service provider or device manufacturer. Specific mobile applications may include additional terms that relate only to those apps.
- Aggregated de-identified Information: We may aggregate and de-identify information (by removing all Personal Information) collected from users and students. We store and use aggregated, de-identified information and Analytics information to demonstrate the effectiveness of our Services, including in the marketing of those Services, to develop and improve our educational products and Services, and for customized, adaptive learning purposes.
2. How We Use Information
We use the information we collect through the Services to: (a) create your account; (b) provide and communicate with you about the Services; (c) operate, maintain, enhance, and provide to you the features and functionality of the Services; (d) personalize content and remember your preferences; (e) monitor the effectiveness of our Services; (f) monitor aggregate metrics such as total number of visitors, traffic, and demographic patterns; (g) diagnose or fix issues with the Services; (h) update or improve the Services; (i) and for other legitimate interests disclosed at the time we collect the information or with your consent.
3. Technologies Used
To collect Analytics information, we use a variety of technologies:
- Cookies: Cookies are small data files containing a string of alphanumeric characters sent by a website and stored on the computer or device at the request of that site. Cookies store information related to the browser to enable us to recognize the browser on return visits to the Services and to remember your preferences. Most browsers can be set to detect browser cookies and to let you reject them, but refusing cookies may make it difficult to use the Services, as some areas of our website may not work properly when cookies are disabled. To learn more about browser cookies, including how to manage or delete them, refer to the Tools, Help or similar section of your Web browser.
- Pixel tags: A pixel tag (also referred to as a “clear gif” or “web beacon”) allows us to anonymously track the online usage patterns of the Services and to understand which emails are opened and which links are clicked. This information allows for more accurate analysis and improvement of the Services.
- HTML5 local storage: HTML5 local storage is another way that browsers can distinguish your device from others as well as remember data that may be important for the functioning of the website. Typically HTML5 local storage is only deleted if all Internet history, cache, and cookies are deleted. You should check your browser software for how to delete HTML5 local storage in your particular case.
- E-tags: E-tags are used to prevent duplicative downloading of content to your browser, which can enhance browser performance. E-tags use unique identifiers for content that can also be used to distinguish your browser in certain instances from others. Typically e-tags are only deleted if all Internet history, cache, and cookies are deleted. You should check your browser software for how to delete e-tags in your particular case.
4. How we disclose your information
- Third Party Service Providers: We may share personal information with third-party service providers for the purpose of providing the Services. For example, we may disclose information to third parties that provide data storage and support features, customer communication and support, online hosting, data analytics, and other services. Those service providers are given access to information only as is reasonably necessary to deliver, maintain, and improve the Services. We require these contractors to maintain the privacy and security of the information, and they are subject to applicable laws.
- Compliance with law and protection of rights: Regardless of any choices you make regarding your information, we may share your information (this may include information about students only if permitted by applicable law and any applicable School Agreement) where we believe in good faith that disclosure is necessary to (a) comply with laws or the reasonable requests of law enforcement or to respond to subpoenas or judicial orders; (b) enforce our Terms of Service or to protect the security or integrity of our Services; and/or (c) exercise or protect the rights, property, or safety of Plickers, you, or other third parties.
5. How We Store and Protect Your Information
- Storage and Processing: Your information (or information about students) collected through the Services may be stored and processed in the United States or any other country in which Plickers or its third party service providers maintain facilities, to the extent permitted by any applicable School Agreement.
- Keeping your information safe: Plickers cares about the security of Personal Information and uses commercially reasonable safeguards to preserve the integrity and security of all information collected through the Services. The Internet, however, is not perfectly secure, and we cannot fully eliminate security risks associated with the storage and transmission of your information.
- In the event of a security breach, we will send a notification to the relevant supervisory authorities, no later than 72 hours of becoming aware of them.
- Data Retention: Following termination or deactivation of your account, Plickers will retain Personal Information about teachers and students for a limited time period, but no longer than 120 days or as permitted by an applicable School Agreement and in accordance with applicable law, after which time we delete and destroy your Personal Information, as well as any Personal Information about students. We also delete Personal Information and other data when required by a School Agreement.
- However, Plickers may maintain aggregated, de-identified or other non-personal data, including curriculum or other content you may have provided when using the Services as long as needed for our business purposes.
- If you would like to download a copy of your information prior to deletion, please email us at firstname.lastname@example.org.
6. Your Choices about Your Information
- Access to or removal of your information: You may access and amend your account information, as well as information about your students, at any time by accessing your account page within the Services. If you would like to access and amend or correct Personal Information about students, please email us at email@example.com. In addition, at any time, you may send a written request to have the information you provided to Plickers deleted, and we will comply with the request within a reasonable time frame, unless prohibited by law or our contract with an applicable School Agreement through which you have set up your account. If you have any questions about reviewing or modifying your account information, you can contact us directly at firstname.lastname@example.org.
- Communication Settings: You can stop receiving promotional email communications from us by clicking on the “unsubscribe link” provided in all such communications. We make every effort to promptly process all unsubscribe requests, but please note that you may continue to receive emails for a time while our system updates your request. You may not opt out of Service-related communications (e.g., account verification, changes/updates to features of the Services, technical and security notices, communications regarding your account). If you have any questions about promotional email communications, you can contact us directly at email@example.com.
- How We Respond to "Do Not Track" Signals: Some Internet browsers may be configured to send "Do Not Track" to the online services that you visit. There is no consensus among industry participants as to what "Do Not Track" means in this context. Like many websites and online services, the Services does not alter their practices when they receive a "Do Not Track" signal from a visitor’s browser. To find out more about "Do Not Track", please visit https://www.allaboutdnt.com.
7. EU – U.S. Privacy Shield and Swiss – U.S. Privacy Shield
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Plickers is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Plickers may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Plickers’ accountability for personal data that it receives under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, Plickers remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless Plickers proves that it is not responsible for the event giving rise to the damage.
If you have questions or concerns regarding our privacy practices please contact us at firstname.lastname@example.org.
If you have contacted Plickers support and your privacy or data concern has not been satisfactorily addressed, please contact our U.S.-based third-party dispute resolution provider, free of charge here: https://www.jamsadr.com/eu-us-privacy-shield.
Finally, under limited circumstances, you may invoke binding arbitration when other dispute resolution procedures have been exhausted. More information can be found on the Privacy Shield website.
8. Other Websites and Services
9. Social Network Widgets
Our website may include social network sharing widgets that may provide information to their associated social networks or third-parties about your interactions with our web pages that you visit. Information may be transmitted from your browser and may include an identifier assigned by the social network or third party, information about your browser type, operating system, device type, IP address, and the URL of the web page where widget appears. If you use social network tools or visit social networking sites, you should read their privacy disclosures, to learn how they collect, use, and share information.
10. Information Collected About Students
Plickers does not collect Personal Information from students directly. However, teachers and schools may share Personal Information about their students when using the Services in the classroom. Plickers uses Personal Information about students to provide the Services only. For example, Plickers may use de-identified information about students to allow the Services to adapt to individual students and recommend materials that can help them learn. We disclose Personal Information about students to third parties only for the purposes of providing the Services, as required by a School Agreement, as directed by a school official, or as otherwise required or permitted by applicable law. Third party service providers are not permitted to use Personal Information about students for their own purposes.
Plickers accounts are not intended for use by children under the age of 16. If you are the parent or guardian of a minor under 16, and would like to delete personal information associated with an account, please contact us at email@example.com.
11. Contacting us
To reach our Data Protection Officer, please email us at firstname.lastname@example.org.
If you are a resident of the EEA and you want to raise a question to Plickers Inc., or otherwise exercise your rights in respect of your personal data, please contact our European Representative “DPR Group”. You can send an email to DPR Group at email@example.com or contact them on our online webform at www.dpr.eu.com/plickers.