Last updated: November 26, 2019
General Overview of Our Data Collection Activities
When you use our Services, you provide contact information (e.g., your name, your organization, your address, your phone number, your credit card information, your email address, your Internet Protocol (IP) address, IP ports, and so on) (collectively, “Personal Data”). Personal Data is information which is related to an identified or identifiable natural person, including information that directly or indirectly identifies a natural person. On this Site, for example, we may collect and retain contact and other Personal Data from you in a number of ways, such as when you place an order, request email updates or other information, complete customer surveys, or submit a feedback or contact form. When you contact us by phone, e-mail, or postal mail, we may also receive and process your personal data.
Personal Data Collection and Processing
Under the General Data Protection Regulation (EU) 2016/679 (known as, “GDPR”), we function as a “data controller” for individuals who access Pevan & Sarah through an account (“Account,” as defined in our Terms of Service https://www.pevanandsarah.com/terms.
In some cases, we will ask for your consent so that we may process your Personal Data. For example, we will ask for your consent to send you marketing information. However, in certain situations, applicable data protection law allows us to process your Personal Data without needing to obtain your consent. For example:
- To perform our contractual obligations to you, including fulfilling your orders or requests you have made, contacting you in relation to any issues with your use of the Services, or where we need to provide your Personal Data to our service providers who help us operate the Services.
- To comply with laws, regulators, court orders, or other legal obligations.
Information We Collect
Users of our Services
Automatic Information Collection
If you are an educator and you choose to register to create an Account, we collect your first name, last name, e-mail address, state, Country (if international), password, credit card information, and school name. We use this information to, for example, create the Account, to associate your Account with the correct school, and to better understand the geographic distribution of our user base.
Note that students do not create Accounts or access the Services directly, and so we do not collect Personal Data from or about students. Instead, the educator or school Account is created and the Services are displayed by the educator to the class.
If you are a parent or legal guardian and you choose to register to create an Account, we collect your first name, last name, e-mail address, state, Country (if international), password, credit card information and school name. We use the e-mail address to send a verification email for the Account and to send updates about how the Services are being used.
If you make a purchase through the Pevan & Sarah store, you will be asked to provide your first and last name, e-mail address, shipping address, billing address, and credit card information. This information is collected by the third-party partner that manages our store and is used to fulfill the purchase.
Children Under Age 13
Children access the Services using the Account credentials created by the parent or legal guardian. If a parent or legal guardian does not share his/her access credentials with his/her child, the child may only be able to access a limited experience in the Services. We collect Non-Personal Data, automatically and directly from all Account users, as described below, but we do not knowingly collect Personal Data directly from children.
Additional Note About Children Under 13
In accordance with the U.S. Children’s Online Privacy Protection Act (“COPPA”), we do not knowingly request or solicit Personal Data from anyone under the age of thirteen (13) without verifiable parental consent. In the event that we receive actual knowledge that we have collected such Personal Data without the requisite and verifiable parental consent, we will delete that information from our database as quickly as is practical. We reserve the right to request proof of age at any stage so that we can verify that minors are not using the Services.
Parents and educators may also choose to subscribe to email newsletter communications from Pevan & Sarah. Users may opt out of these communications at any time via the “Opt-Out Policy” as described below.
In addition, users may provide us with additional information when they fill out the feedback or contact forms or when they connect with us through our customer support forums. We use the information provided to respond to their concern.
A Note About Third-Party Tracking and Our Services
For more information about third-party advertisers and how to prevent them from using your information, visit the NAI’s consumer website athttp://www.networkadvertising.org/choices orhttp://www.aboutads.info/choices/. If you do want to opt out using these tools, you need to opt out separately for each of your devices and for each web browser (such as Internet Explorer, Firefox or Safari) that you use on each device.
How We Use the Information We Collect
We will use your Personal Data as described above and for other purposes, including the following:
- Provide Services, communicate with you, and provide user support;
- Customize your experience;
- Measure and improve our services;
- Send you relevant emails and communications that may be of interest to you when you have opted in to receive such communications;
- Enforce our agreements, terms, conditions, and policies;
- To investigate a suspected violation of our Terms of Service, suspected fraud or other unlawful activity;
- As may be required by law or by a court order, in which case we shall attempt to notify you and work with you to seek to limit the scope of the required disclosure;
- To our third party service providers to allow them to provide features on our behalf as described below;
- With your consent and as permissible under applicable laws and regulations.
Information Shared with Third-Party Service Providers
We engage third-party service providers that help us administer and provide the Services (for example, a web hosting company whose services we use to host our application). In some cases, these third parties need access to your Personal Data, and so we may share your Personal Data to the extent necessary in order for them to be able to perform those services for us.
Aggregated Information Shared with Other Third Parties
We create aggregated, de-identified data and use it to inform improvements to our Services, to demonstrate the efficacy of our Services, and to develop new educational services. We share aggregated, de-identified information with our sponsors to let them know how many users viewed and interacted with their materials. This information does not identify any individual or educational institution.
We may also provide aggregated information about educators’ use of Pevan & Sarah to their education institution administrator.
Community and Social Network Features
You may read, comment and share blog posts available on our Site. Any comments you post may be read, collected and used by others. You may also log onto third party social networking websites via social network sharing widgets to share, comment or recommend blog posts or to visit the Pevan & Sarah pages on those sites. The social network sharing widgets may provide information to their associated social networks or third-parties about your interactions with our web pages that you visit, even if you do not click on or otherwise interact with the plug-in or widget. Information is transmitted from your browser and may include an identifier assigned by the social network or third party, information about your browser type, operating system, device type, IP address, and the URL of the web page where widget appears. If you use social network tools or visit social networking sites, you should read their privacy policies to learn what information they collect, use, and share.
Links to Other Websites
Our Site contains links to third party websites. These links are provided for your convenience and do not represent an endorsement or an affiliation with that third party. Those websites have their own data collection and privacy policies that differ from ours, and we encourage you to read them.
We are committed to protecting the security, integrity and confidentiality of the data through the use of commercially reasonable physical, technical and administrative safeguards. Pevan & Sarah stores data in secure cloud-based environments and uses server authentication and industry-standard firewalls in an effort to prevent interference or access from outside intruders. We also require unique account identifiers, user names, and passwords that must be entered each time users access the Services.
Nonetheless, it is common knowledge that transmission of information via the internet is not wholly secure, and we cannot guarantee the security of your Personal Data transmitted to or through any of our Services. Any transmission of Personal Data is at your own risk. By using our Services, you acknowledge and accept these risks. As a result, we cannot guarantee or warrant the security of any information you disclose or transmit to us or that are otherwise provided to us and we cannot be responsible for the theft, destruction, or inadvertent disclosure of information. It is your responsibility to safeguard any passwords, ID numbers, or other special access features associated with your use of the Services. Any transmission of information is at your own risk. By using our Services, you acknowledge and accept these risks.
You are responsible for maintaining the confidentiality of your user name and password, as well as the credentials of any other users operating under your Account. If you become aware of or suspect any unauthorized use of an Account or loss of your or your users’ Account credentials or suspect any other security incident related to Pevan & Sarah, notify us immediately at email@example.com.
We retain data for as long as an Account is active, and for a period of time afterwards to retain account continuity for educators. Within twenty-four (24) months of inactivity on any Account, we will delete the Account and the associated Personal Data. However, at any time, you may request deletion of your Account by emailing firstname.lastname@example.org We will honor those requests, deleting the Account and the associated Personal Data, within thirty (30) days.
When you delete your Account, it cannot be recovered.
If you have provided your consent for our processing of your Personal Data, you may revoke that consent at any time. That withdrawal will not impact the lawfulness of the processing prior to your revocation of consent.
We do not send marketing messaging to children.
We do send emails to parents and teachers with information about our Services that we believe may be of interest when these users have opted in to receive those messages. Users may opt out of receiving email messages by contacting us at email@example.com or by clicking on the “unsubscribe” link found at the bottom of every email that we send.
International Data Transfers
However, this does not change our commitments to safeguard your privacy and we will comply with all applicable laws relating to the cross-border data disclosure of your Personal Data. Where required, we implement Standard Contractual Clauses with our third parties pursuant to the requirements of the GDPR, and you may request a copy of the Standard Contractual Clauses by emailing us at firstname.lastname@example.org
EU Residents: Your Data Rights
When we are operating as a Controller as described above, you are provided with certain rights related to your Personal Data. Note that in circumstances where we are operating as a Processor, you may have similar rights with the controller. In those circumstances, please contact your controller to exercise your rights. We will work with them and with you to address any requests you may have related to exercising your rights as described below.
Please note that the rules in your country may provide you with additional rights or may limit the rights noted below. In all cases, we will adhere to the requirements of the applicable laws.
- Right of access. You may have the right to obtain confirmation about whether Personal Data concerning you is processed, and to request access to the Personal Data, including the purposes of the processing, the categories of Personal Data concerned, a copy of the Personal Data, and the recipients or categories of recipients to whom the Personal Data have been or will be disclosed. However, this is not an absolute right and the interests of other individuals may restrict your right of access.
- Right to rectification. You may have the right to have inaccurate Personal Data concerning you corrected. Depending on the purposes of the processing, you may have the right to have incomplete Personal Data completed, including by providing a supplementary statement.
- Right to erasure (“right to be forgotten”). Under certain circumstances, you may have the right to erasure of Personal Data concerning you.
- Right to restriction of processing. Under certain circumstances, you may have the right to restrict us from processing your Personal Data. In this case, the respective data may only be processed by us for certain purposes.
- Right to data portability. Under certain circumstances, you may have the right to receive the Personal Data concerning you in a structured, commonly used, machine-readable format, and you may have the right to transmit those data to another entity without hindrance from us.
- Right to object. Under certain circumstances, you may have the right to object, on grounds relating to your particular situation, or at any time where Personal Data are processed for direct marketing purposes to the processing of your Personal Data by us, and we can be required to no longer process your Personal Data.
If Personal Data concerning you is processed for direct marketing purposes, you also have the right to object at any time to the processing of that Personal Data for that marketing, including profiling to the extent that it is related to the direct marketing. In this case your Personal Data will no longer be processed for such purposes by us.
By email: email@example.com