Effective: July 1st, 2021
In this document "Personal Data" shall apply to Personal Data of individual Service users who are not child registrants. References to "Children's Personal Data" shall only apply to Personal Data of child users of the Services. General references to "data" or “information” shall apply to all users.
Company gathers Personal Data and Children’s Personal Data when you or your child access the Services and when you or your child use Company's Services. This policy does not apply to the practices of companies that Company does not own or control, or to individuals that Company does not employ or manage.
How is children's Personal Data treated?
The Children’s Online Privacy Protection Act (“COPPA”) requires that online service providers obtain parental consent before they knowingly collect personally identifiable information online from children who are under 13 years of age. Moreover, the EU General Data Protection Regulation (the “GDPR”) requires that data controllers obtain consent from the holders of parental responsibility over children who are under 16 years of age before such controllers knowingly collect and process Personal Data from such children.
We do not knowingly collect or solicit Personal Data from a child under the age of 13 (if such child is located in the United States) or a child under the age of 16 (if such child is located in the European Economic Area or United Kingdom) (in each case, a “Child under the Age of Consent”) [RHH4] without obtaining verifiable consent from that child’s parent or guardian (such consent, “Parental Consent” and such individual, “Parent ”), except for the limited amount of Personal Data we need to collect in order to obtain Parental Consent (“Required Information”). Until we have received Parental Consent, we will only use Required Information for the purpose of obtaining Parental Consent. Parental Consent is further described below in the “Data about Children” section.
If you are a Child under the Age of Consent , you may not register for the Services or otherwise disclose any Personal Data to us before we obtain Parental Consent, except that you may share Required Information solely for the purpose of the Company obtaining Parental Consent. You may only interact with the Services under an account created by your Parent who has provided Parental Consent.
If you believe that a Child under the Age of Consent has provided us with Personal Data (beyond the Required Information) without our obtaining Parental Consent, please contact us at email@example.com
. We do not condition participation in our Services on disclosure of more Personal Data from a Child under the Age of Consent than is reasonably necessary for that child’s participation in the Services, and we do not retain Personal Data from Children under the Age of Consent [RHH9]
any longer than is reasonably necessary in order to fulfill the purpose for which it was disclosed.
If you are a Parent of a user of our Services who is a Child under the Age of Consent[RHH10]
may contact us at any time (firstname.lastname@example.org
) to ask that (a) we stop collecting Personal Data from such user, (b) we delete any Personal Data already collected from such user (although note that we may further retain and use Anonymized Data as set forth the “Data that is Not Personal Data” section below), or (c) we stop disclosing Personal Data collected from such user to third parties, but continue to allow for collection and use of Personal Data collected from such user in connection with the Services.
If you are a child and your parent has signed up for the Service, you understand that your parent may be able to view all data within or associated with the account, including without limitation progress reports and usage data that tracks your performance on games, assessments and other tests available through the Services.
What Personal Data Does Company Collect?
The Personal Data you provide is used for such purposes as providing you the services, answering questions, sending product updates, and communicating with you about Company's products and services, including specials and new features. The Children's Personal Data you provide shall only be used for creating your individual account (which will allow you to receive progress reports that include tracking your child's performance and progress). You can choose not to provide us with certain data, but then you may not be able to take advantage of many of our special features.
You may review, modify, stop collection of or remove your Personal Data or Children's Personal Data identified below at any time by logging into your account and accessing features to edit your profile and/or account information.
If you are a teacher or a school, by sharing information about students (“Student Data”) or other data to SplashLearn, you expressly grant, and you represent and warrant that you have all rights necessary to grant, to SplashLearn a non-exclusive, royalty-free, worldwide license during the term of the Agreement to use, transmit, distribute, modify, reproduce, display, and store the Student Data solely for the purposes of (i) providing the Services as contemplated by the Agreement, and as otherwise described herein, (ii) maintaining, supporting, evaluating, improving and developing our products, applications, and Service, and (iii) enforcing our rights under the Agreement.
We collect the following types of data from our customers:
Data about Children
We collect certain information about children such as screen name and gender directly from Parents when such Parents set up an account. For additional information about the data that we collect from children, please see the table further below.
If you are a teacher or a school administrator, you may also provide a full name for each applicable child to be able to track progress and distinguish students. Therefore, you may choose to provide a different identifier instead of a child’s name for this purpose. You may also provide us with a username and a password for each of the student accounts.
A child (or parent) can record their voice while reading a digital book and play it back to help them learn to read. This recording stays on your device and is not sent to our servers. The recording is automatically deleted as soon as the child moves to the next page of the book. The record voice feature is optional, and parents can deny microphone access without affecting the child's access to the books.
When using our tutoring program (“SplashLearn Course” ), Parents may choose to provide us or the tutor conducting the program (“Tutor”) certain information about the student to help the Tutor improve their instruction. Note that it is not mandatory to provide any such information and if you provide it, it is completely of your own volition.
In addition, children may share information, including Personal Data, about themselves during tutoring sessions. The SplashLearn Course sessions (“Course Sessions”) may take place over online videos in which video images and audio of the children are recorded. Parents may choose to ask the Tutor to not record the session. No information is collected directly from children until they are in the course session. Children cannot post Personal Data publicly anywhere on the Services, however, in group classes, students can share information, including Personal Data, with other students.
It is reasonable to expect that either the parent or the student will provide basic information like the student's name to facilitate the Course Sessions.
Class Video Recordings: As described above, SplashLearn may record videos of students and tutors during the Course Sessions (“Class Recordings”). Please note the Class Recordings may accidentally capture persons (including other children) in the background other than the enrolled children.
The Class Recordings are made available by SplashLearn to the Tutor providing that Course Session as a means to improve the quality of instruction. Tutors are obliged not to share the recordings with any third party in any scenario.
Class Recordings may also be shared with the entire class (and their Parents) (the “Permitted Recipients”) to view, for the purpose of reviewing the lessons. SplashLearn will make reasonable attempts to ensure that the Class Recordings are not further downloaded or shared by the permitted recipients.
SplashLearn may also use Class Recordings to provide feedback to Tutors, for customer support, and for compliance purposes. SplashLearn will obtain additional parental consent before we use any Class Recordings for promotional or other purposes. Class Recordings will not be shared with third parties.
Parental Consent: SplashLearn obtains verifiable parental consent before collecting Personal Data from your child For example, SplashLearn may obtain parental consent by requiring the parent to provide their credit card information in order to register the child for and pay for a SplashLearn Class (“Parental Consent”). If the parent does not provide consent, we will not collect, use or disclose any Personal Data about the child, and the child will not be allowed to use the Services in any way.
Contact and Payment Information
We collect your email address, account password, zip code, phone number, credit card and/or other payment information and any other information necessary for us to provide our services. If you are a teacher or a school administrator we also collect your school name from you in order to provide you school level features and prevent misuse of our services meant for teachers and schools.
We also offer parents and teachers the ability to sign up for the services using their existing Facebook or Google account. If you choose to sign up for the Services using one of these accounts, we will receive your full name from the service provider managing that account.
Additionally, you may also provide us with additional Personal Data when you contact us for product or technical support like an alternate communication method which we will use to answer your queries and process your requests. If you are using the service as an Educational Institution, Student information may be visible during Customer Support and/or Troubleshooting. Personally identifiable information such as Student Name, Teacher Email Address, login dates and times may be viewed on our service by Product Support Staff.
We may also send parents and teachers practice reminders through our mobile apps. These notifications are intended for grown-ups only and can only be requested through the parent/grown-up sections of our mobile apps. You can opt-out from these notifications or modify the frequency of these notifications at any time through the app or device settings.
We receive and store certain types of information whenever you interact with our Services or use our Services. Company automatically receives and records information on our server logs from your browser including your IP address, cookie information, and the page you requested.
We also record data around children's usage of the Services such as their activities, their performance on games and activities, in order to send you reports and recommend the most appropriate games and activities.
We use information collected through cookies and usage of the Services for purposes such as to learn more about our user base; analyze trends; authenticate and secure the Services; enhance and personalize your experience; and in general to improve and operate our Services.
Such technology is also used to receive confirmation when you open an email from us. We use this confirmation to help us make emails more interesting and helpful. When you receive emails from us, you can opt out of receiving further emails by following the included instructions to unsubscribe.
We may run advertising campaigns to market our Services and use technology such as cookies to analyze the performance of advertising and improve them. We do not currently display third party advertisements on our Services or use third party cookies to track child users for advertising purposes. We also do not engage in targeted advertising based on Student Data or Children’s Personal Data.
To view summary of the categories of Personal Data that we collect and have collected over the past 12 months, click here.
What Sources does the company collect information from
Categories of Sources of Personal Data
We collect Personal Data about you from the following categories of sources:
When you provide such information directly to us
- When you create an account or use our interactive tools and Services.
- When you voluntarily provide information in free-form text boxes through the Services or through responses to surveys or questionnaires.
- When you send us an email or otherwise contact us.
When you use the Services and such information is collected automatically
- Through Cookies (defined in the “Cookies” section).
- If you download our mobile application or use a location-enabled browser, we may receive information about your location and mobile device, as applicable
- If you download and install certain applications and software we make available, we may receive and collect information transmitted from your computing device for the purpose of providing you the relevant Services, such as information regarding when you are logged on and available to receive updates or alert notices.
- From the government or other sources.
Teacher or School Administrator
As noted above, teachers or school administrators may provide a child’s name or other identifier for purposes of tracking progress and distinguishing students. Teachers or school administrators may also provide us with a username and a password for each of the student accounts.
We may use analytics providers to analyze how you interact and engage with the Services, or third parties may help us provide you with customer support.
We may use vendors to obtain information to generate leads and create user profiles.
We receive information about you from some of our vendors who assist us with marketing or promotional services related to how you interact with our websites, applications, products, Services, advertisements or communications.
If you provide your social network account credentials to us or otherwise sign in to the Services through a third-party site or service, some content and/or information in those accounts may be transmitted into your account with us.
How does the Company Use the Information it Collects
Our Commercial or Business Purposes for Collecting Personal Data
Providing, Customizing and Improving the Services
Creating and managing your account or other user profiles.
Processing orders or other transactions; billing.
Providing you with the products, services or information you request.
Meeting or fulfilling the reason you provided the information to us.
Providing support and assistance for the Services.
Improving the Services, including testing, research, internal analytics and product development.
Personalizing the Services, website content and communications based on your preferences.
Doing fraud protection, security and debugging.
Carrying out other business purposes stated when collecting your Personal Data or as otherwise set forth in applicable data privacy laws, such as the California Consumer Privacy Act (the “CCPA”).
Marketing the Services
Marketing and selling the Services.
Advertising our products and services; measuring and improving the effectiveness of advertisements
Corresponding with You
Responding to correspondence that we receive from you, contacting you when necessary or requested, and sending you information about SplashLearn or the Services.
Sending emails and other communications according to your preferences or that display content that we think will interest you including reports, new features and promotional offers.
Meeting Legal Requirements and Enforcing Legal Terms
Fulfilling our legal obligations under applicable law, regulation, court order or other legal process, such as preventing, detecting and investigating security incidents and potentially illegal or prohibited activities.
Protecting the rights, property or safety of you, SplashLearn or another party.
Enforcing any agreements with you.
Responding to claims that any posting or other content violates third-party rights.
We will not collect additional categories of Personal Data or use the Personal Data we collected for materially different, unrelated or incompatible purposes without providing you notice.
We employ APIs of other companies and people to perform tasks on our behalf and may need to share your information with them, including Personal Data or Children's Personal Data, to provide products or services to you. Examples include sending billing receipts and weekly progress reports and providing user services. Unless we tell you differently, these companies do not have any right to use Personal Data or Children's Personal Data we share with them beyond what is necessary to execute tasks at hand. We will also require that these companies agree to protect the security of the information we share with them. For any privacy inquiries related to how these companies may handle your information on our behalf, please use the contact information of SplashLearn at the bottom of this page, and we will respond to all such inquiries.
We disclose your information to the categories of service providers and other parties listed in this section. Depending on state laws that may be applicable to you, some of these disclosures may constitute a “sale” of your Personal Data. For more information, please refer to the state-specific sections below.
Service Providers: These parties help us provide the Services or perform business functions on our behalf. They include:
- Hosting, technology and communication providers.
- Security and fraud prevention consultants.
- Support and customer service vendors.
- Product fulfillment and delivery providers.
- Payment processors.
Our payment processing partner Stripe, Inc. (“Stripe”) collects your voluntarily-provided payment card information necessary to process your payment.
Analytics Partners: These parties provide analytics on web traffic or usage of the Services. They include:
- Companies that track how users found or were referred to the Services.
- Companies that track how users interact with the Services.
Advertising Partners: These parties help us market our services and provide you with other offers that may be of interest to you. They include:
- Ad networks.
- Marketing Providers
Parties You Authorize, Access or Authenticate
- Third parties you access through the services.
- Social media services.
- Other users.
is the list of partners that we work with.
Sharing with Affiliated Businesses
In the event that SplashLearn is involved in a merger, reorganization, dissolution, sale of business or assets or similar event, information disclosed to or collected by may be transferred to SplashLearn’s successor, or to the purchaser of such assets, as applicable. You will be notified via email and a prominent notice on our Website of any change in ownership or uses of your Personal Data, as well as any choices you may have regarding your Personal Data.
Children are not allowed to enter or upload User Submissions. No Children's Personal Data will ever be displayed to any third party through a User Profile. Email addresses are used to add new User Submissions to user profiles and to communicate through User Submissions. Users' email addresses will not be directly revealed to other users by Company, except, when the user is "connected" to another user via a shared group membership, or an invitation, or if the user has chosen to include their email address in their User Profile.
We may send offers to you on behalf of other businesses. However, when we do so, we do not give the other business your name and address and such communications will not be sent to child users. If you do not wish to receive these offers, please unsubscribe using the instructions provided in the email, the account management tools on the website, or by sending an email with your request to email@example.com
We may share any Personal Data that we collect with third parties in conjunction with any of the activities set forth under “Meeting Legal Requirements and Enforcing Legal Terms” in the “Our Commercial or Business Purposes for Collecting Personal Data” section above.
Protection of Company and Others
We may release Personal Data to protect the rights, property, or safety of the Company, our employees, our users, or others. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction.
Data that is Not Personal Data
We may create aggregated, de-identified or anonymized data from the Personal Data we collect, including by removing information that makes the data personally identifiable to a particular user (“Anonymized Data”). We may use such Anonymized Data and share it with third parties for our lawful business purposes, including to analyze, build and improve the Services and promote our business, provided that we will not share such data in a manner that could identify you.
With Your Consent
Except as set forth above, you will be notified when your Personal Data may be shared with third parties, and you will be able to prevent the sharing of this information.
Is Personal Data and Children’s Personal Data Secure?
The security of your Personal Data is important to us. To prevent unauthorized access, disclosure, or improper use of your information, and to maintain data accuracy, we've established physical, technical, and administrative safeguards to protect the Personal Data we collect. In particular:
- We periodically review our information collection, storage and processing practices, including physical security measures, to guard against unauthorized access to systems.
- We perform application security testing; penetration testing; conduct risk assessments; and monitor compliance with security policies.
- When you enter any information anywhere on the Service, we encrypt the transmission of that information using secure socket layer technology (SSL) by default.
- SplashLearn's database where we store your Personal Data is encrypted at rest, which converts all Personal Data stored in the database to an unintelligible form.
- We ensure passwords are stored and transferred securely using encryption and salted hashing.
- SplashLearn's Website and the Service is hosted by third-party service providers at separate facilities, with whom we have a contract providing for enhanced security measures.
- We restrict access to Personal Data to authorized SplashLearn employees, agents or independent contractors who need to know that information in order to process it for us, and who are subject to strict confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.
Company endeavors to protect user information to ensure that user account information is kept private, however, Company cannot guarantee the security of user account information. Your Personal Data or Children's Personal Data is protected by a password for your privacy and security. You need to ensure that there is no unauthorized access to your account and Personal Data or Children's Personal Data by selecting and protecting your password appropriately and limiting access to your computer and browser by signing off after you have finished accessing your account.
If SplashLearn becomes aware of a systems security breach by an unauthorized party or that any user data was used for an unauthorized purpose, we will comply with relevant state and other data breach laws. We will notify users of any breach resulting in unauthorized release of data electronically, at minimum, and without unreasonable delay so that you can take appropriate steps. The notification will include: date of the breach, the types of information that were subject to the breach, general description of what occurred and steps SplashLearn is taking to address the breach.
Data Deletion & Retention
We store your Personal Data for as long as it is necessary to provide products and Services to you and others, including those described above. Personal Data associated with your account will be kept until your account is deleted unless we no longer need the data to provide products and services.
Please note that we may have to retain some information after your account is deleted, to comply with legal obligations, to protect the safety and security of our community or our Service, or to prevent abuse of our Terms.
Deleting Your Account
You have the right to ask us to delete your account at any time. You can do so by contacting us at firstname.lastname@example.org
. In case a parent wants to get a child's classroom account deleted, please contact the child's school.
Student Data Protection Policy: We will not retain a student's Personal Data for any longer than is necessary for educational purposes, legal or contractual obligations, or to provide the Service for which we receive or collect the child's Personal Data. Additionally, we only keep a child's Personal Data for as long as his or her student account is active, unless we are required by law or the child's school to retain it, need it to ensure the security of our community or our Service or to enforce our Terms.
Please see the following section on information about data deletion due to account inactivity:
Home Accounts: For accounts created by parents, if neither the student, nor the student's parent(s) or any of the other student accounts associated with the parents' accounts have logged into their account in 2 years, SplashLearn will automatically delete or de-identify the Personal Data tied to the student account that is not necessary for educational purposes or legal obligations, including device tokens, device identifiers and IP addresses. In effect, the student account will be anonymized and de-linked from the parent account and the data will be non-recoverable. We will make reasonable attempts to inform parents about the account modification a few days in advance. We may retain some Personal Data about the parents for reasons outlined earlier, but these will not be tied to any Personal Data about the student. Parents can always request deletion of their accounts as outlined in the "Deleting your account" section.
Classroom Account: If neither the teacher, nor any of the students associated with the teacher account have logged into their account in 2 years or performed any activity, SplashLearn automatically deletes or de-identifies any Personal Data tied to the student accounts that is not necessary for educational purposes or legal obligations, including device tokens, device identifiers and IP addresses.
Please note that some content will not be deleted given various compliance and record-keeping obligations schools have. Please contact your (or your child's ) school if you would like this content deleted. If the school determines that the request should be implemented, they may submit a request to us.
What happens when an account is deleted: SplashLearn de-identifies or deletes any Personal Data tied to the accounts, including emails, usernames. device token, device identifiers, IP addresses. Some information may persist in backups that we maintain, for a reasonable amount of time. SplashLearn retains de-identified usage information about the accounts unless we contractually obligated to delete such information.
When a teacher or school administrator deletes an account from within their SplashLearn dashboard, the deleted accounts are kept in a recoverable state for 14 days before the deletion actually takes place. This is done so that any erroneous deletions on the user's part can be recovered and accounts may be restored.
Please note that after an account is deleted from our systems, it is not possible for us to restore the account or any Personal Data associated with it.
During the time that you use your services, you will receive emails from us, which includes emails around new features and updates, practice reports and reminders, promotional offers and account related emails.
You may opt-out from receiving emails from within your SplashLearn account, or by using unsubscribe links included in the emails themselves. Opting out from certain types of emails may prevent us from providing you key portions of the services, such as providing progress reports that explain your child’s performance and progress using the Services.
Please note even if you subscribe, we will still need to send certain essential emails till the time you have an account with us. These may include payment related emails, important legal or security related updates.
California Resident Rights
If you are a California resident, you have the rights set forth in this section. Please see the “Exercising Your Rights” section below for instructions regarding how to exercise these rights. Please note that we may process Personal Data of our customers’ end users or employees in connection with our provision of certain services to our customers. If we are processing your Personal Data as a service provider, you should contact the entity that collected your Personal Data in the first instance to address your rights with respect to such data.
You have the right to request certain information about our collection and use of your Personal Data over the past 12 months. In response, we will provide you with the following information:
- The categories of Personal Data that we have collected about you.
- The categories of sources from which that Personal Data was collected.
- The business or commercial purpose for collecting or selling your Personal Data.
- The categories of third parties with whom we have shared your Personal Data.
- The specific pieces of Personal Data that we have collected about you.
If we have disclosed your Personal Data to any third parties for a business purpose over the past 12 months, we will identify the categories of Personal Data shared with each category of third party recipient. If we have sold your Personal Data over the past 12 months, we will identify the categories of Personal Data sold to each category of third party recipient.
You have the right to request that we delete the Personal Data that we have collected about you. Under the CCPA, this right is subject to certain exceptions: for example, we may need to retain your Personal Data to provide you with the Services or complete a transaction or other action you have requested. If your deletion request is subject to one of these exceptions, we may deny your deletion request.
Exercising Your Rights
To exercise the rights described above, you or your Authorized Agent (defined below) must send us a request that (1) provides sufficient information to allow us to verify that you are the person about whom we have collected Personal Data, and (2) describes your request in sufficient detail to allow us to understand, evaluate and respond to it. Each request that meets both of these criteria will be considered a “Valid Request.” We may not respond to requests that do not meet these criteria. We will only use Personal Data provided in a Valid Request to verify your identity and complete your request. You do not need an account to submit a Valid Request.
We will work to respond to your Valid Request within 45 days of receipt. We will not charge you a fee for making a Valid Request unless your Valid Request(s) is excessive, repetitive or manifestly unfounded. If we determine that your Valid Request warrants a fee, we will notify you of the fee and explain that decision before completing your request.
You may submit a Valid Request using the following methods:
You may also authorize an agent (an “Authorized Agent”) to exercise your rights on your behalf. To do this, you must provide your Authorized Agent with written permission to exercise your rights on your behalf, and we may request a copy of this written permission from your Authorized Agent when they make a request on your behalf.
Personal Data Sales Opt-Out and Opt-In
We will not sell your Personal Data, and have not done so over the last 12 months. To our knowledge, we do not sell the Personal Data of children under 16 years of age.
We Will Not Discriminate Against You for Exercising Your Rights Under the CCPA
We will not discriminate against you for exercising your rights under the CCPA. We will not deny you our goods or services, charge you different prices or rates, or provide you a lower quality of goods and services if you exercise your rights under the CCPA. However, we may offer different tiers of our Services as allowed by applicable data privacy laws (including the CCPA) with varying prices, rates or levels of quality of the goods or services you receive related to the value of Personal Data that we receive from you.
Other State Law Privacy Rights
California Resident Rights
Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to contact us to prevent disclosure of Personal Data to third parties for such third parties’ direct marketing purposes; in order to submit such a request, please contact us at email@example.com
Nevada Resident Rights
If you are a resident of Nevada, you have the right to opt-out of the sale of certain Personal Data to third parties who intend to license or sell that Personal Data. You can exercise this right by contacting us at firstname.lastname@example.org
with the subject line “Nevada Do Not Sell Request” and providing us with your name and the email address associated with your account. Please note that we do not currently sell your Personal Data as sales are defined in Nevada Revised Statutes Chapter 603A.
European Union Data Subject Rights
If you are a resident of the European Union (“EU”), United Kingdom, Lichtenstein, Norway or Iceland, you may have additional rights under the EU General Data Protection Regulation (the “GDPR”) with respect to your Personal Data, as outlined below.
For this section, we use the terms “Personal Data” and “processing” as they are defined in the GDPR, but “Personal Data” generally means information that can be used to individually identify a person, and “processing” generally covers actions that can be performed in connection with data such as collection, use, storage and disclosure.
SplashLearn will be the controller of your Personal Data processed in connection with the Services. Note that we may also process Personal Data of our customers’ end users or employees in connection with our provision of certain services to customers (e.g. educational institutions) , in which case we are the processor of Personal Data. If we are the processor of your Personal Data (i.e., not the controller), please contact the controller party in the first instance to address your rights with respect to such data.
Personal Data We Collect
The “What Personal Data Does Company Collect” section above details the Personal Data that we collect from you.
Personal Data Use and Processing Grounds
The “How does the Company Use the Information it Collects” section above explains how we use your Personal Data.
Sharing Personal Data
The “Will Company Share any of the Information it Receives” section above details how we share your Personal Data with third parties.
EU Data Subject Rights
You have certain rights with respect to your Personal Data, including those set forth below. For more information about these rights, or to submit a request, please email us at email@example.com
If any request made under this section is clearly unfounded or excessive, we may reject the request or require a reasonable fee to honor the request. Additionally, we may not be able fully comply with your request if it jeopardizes the rights of others, or if it is not required by law, If we decide to reject your request, we will inform you of the reasons for not taking action and provide information on other possible remedies. If we decide that a reasonable fee is necessary, we will promptly inform you and will comply with the request upon receipt of this fee.
In some cases, we may also need you to provide us with additional information, which may include Personal Data, if necessary to verify your identity and the nature of your request.
We will respond to all requests within a reasonable timeframe. If our full response will ever take more than a month due to complexity or scope, we will notify you of this and keep you updated.
Review and update your data:
You have the right to access and update any personal data that we have collected. Some personal data, such as the account holder's name and email address can be found and updated using the account management tools on our website at https://www.splashlearn.com/profile
. For any personal data beyond this, please submit a request using the contact information at the end of this section.
Delete your data: You also have the right to get your personal data deleted. This is sometimes known as the ‘right to be forgotten’. To request that we delete all personal data about you, please submit a request using the contact information at the end of this section.
For more information on our data deletion and retention practice from the section on "Data Deletion and Retention"
Restrict Processing: You have the right to restrict how we process your personal data in certain circumstances. This is an alternative to requesting the deletion of your data. Rather than requesting we delete all of your personal data, you may request that we limit our uses of your personal data to specific purposes. You may wish to request we restrict our processing if you contest the accuracy of your personal data and we are working to verify this information, or if you want us to retain your personal data in connection to a legal claim but cease processing it.
Withdrawal of Consent: If we are processing your personal data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such use or disclosure is necessary to enable you to utilize some or all of our Services.
Data Portability: You have the right to obtain copies of your information in a structured, commonly used format so that you can move your data between our service and the services of others. We may request more information to confirm your identity before providing any personal data.
Right to Object: You have the right to object to the processing of your personal data for direct marketing purposes or when our processing of your data is based on legitimate interests. You may request that we stop processing your personal data for direct marketing purposes. This is an absolute right and we cannot refuse this request. Beyond direct marketing, if you wish to exercise this right, you must give specific reasons as to why you object to our processing of your data, based on your particular situation. Even after receiving such a request, we may continue processing if it is necessary for the exercise/defense of a legal claim or if we can demonstrate a compelling legitimate ground for the processing.
Right to File Complaint:
You have the right to lodge a complaint about SplashLearn's practices with respect to your Personal Data with the supervisory authority of your country or EU Member State. A list of Supervisory Authorities is available here:
Lawful Bases for Processing Personal Data
If you are an individual in the European Union (EU) or an EU citizen, we collect and process data about you only where we have legal bases for doing so under applicable EU laws. This means we collect and process your data only when:
- It is necessary for a legitimate interest (which is not overridden by your individual privacy interests), such as preventing fraud, improving the Services, and increasing the security of the Services and network infrastructure;
- You have consented to this collection and processing for a specific purpose;
- It is necessary to fulfil our contractual obligations; or
- It is necessary to comply with a legal obligation.
Some examples of our legitimate interests and the data being processed include:
- Network and information security (password, IP address, Device ID)
- Customer Support, and fraud prevention (name, email address)
- Improving our products and services (device hardware information, activity logs)
Where we rely on your consent to process your personal data, you have the right to withdraw or decline consent at any time. If you wish to withdraw your consent, please contact us using the information in the Contact for Individual Rights Requests section.
Where we rely on our legitimate interests to process your personal data, you have the right to object. More information on exercising this right can be found in the EU Data Subject Rights section.
If you have any questions about or need further information concerning the legal basis on which we collect and use your personal data, please contact us at firstname.lastname@example.org
Contact for Individual Rights Requests
Please use the below information when submitting a request to exercise any of the above rights. Please do not submit requests across multiple communication channels. We will make all efforts to respond to your request within a reasonable timeframe.
Attn: Joy Deep Nath
201 Spear Street, Suite 1100
San Francisco, California 94105
EU Representative: We have appointed GDPR-Rep.eu as representative according to Art 27 GDPR and to provide you with an easy way to submit us privacy related request. If you want to make use of your data subject rights, please visit: https://gdpr-rep.eu/q/17025404
Maetzler Rechtsanwalts GmbH & Co KG Attorneys at Law c/o StudyPad, Inc Schellinggasse 3/10, 1010 Vienna, Austria
Please add the following subject to all correspondence: GDPR-REP ID: 17025404
International / Cross Border Data Transfers
EU-U.S and Swiss-U.S. Privacy Shield
While Privacy Shield is no longer a valid lawful basis on which SplashLearn may rely to transfer personal data from the EU to the United States pursuant to Regulation (EU) 2016/679 (General Data Protection Regulation or GDPR), SplashLearn continues to comply with both the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework, as administered by the U.S. Department of Commerce, regarding the collection, use, and retention of personal data from the European Union (the “EU”), the United Kingdom (the “UK”) and Switzerland, respectively, to the United States. SplashLearn has certified that it adheres to the Privacy Shield Principles with respect to such data.
Pursuant to the Privacy Shield Frameworks, EU, UK, and Swiss individuals have the right to obtain our confirmation of whether we maintain Personal Data relating to you in the United States. Upon request, we will provide you with access to the Personal Data that we hold about you. You may also correct, amend, or delete the Personal Data we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to email@example.com
. If requested to remove data, we will respond within a reasonable timeframe.
We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your Personal Data, please submit a written request to firstname.lastname@example.org
SplashLearn’s accountability for personal data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, SplashLearn remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process personal data on its behalf do so in a manner inconsistent with the Principles, unless SplashLearn proves that it is not responsible for the event giving rise to the damage.
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, SplashLearn is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, SplashLearn may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In compliance with the Privacy Shield Principles, SplashLearn commits to resolve complaints about your privacy and our collection or use of your Personal Data transferred to the United States pursuant to Privacy Shield. European Union, United Kingdom, and Swiss individuals with Privacy Shield inquiries or complaints should first contact SplashLearn at: email@example.com
SplashLearn has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/privacy-shield-complaints/
for more information and to file a complaint. This service is provided free of charge to you.
Cross-Border Transfers other than to the United States
Personal data may be accessed by our personnel in India for the purpose of providing services. In such instances, we use Standard Contract Clauses approved by the European Commission to protect personal data. If you have queries, please contact us using the contact information mentioned at the end of the document.
If we make material changes in the way we use Personal Data or Children's Personal Data, we will notify you by posting an announcement on our Services, or by email and, if necessary, obtain prior verifiable parental consent.
Schools signed up for a membership will be notified in advance of any material changes to privacy policies, including practices around new or additional data collection, or new ways of using the data that may lessen your privacy and rights.
Questions or Concerns
If you have any questions or concerns regarding privacy on our Services, please send us a detailed email at firstname.lastname@example.org. We will make every effort to resolve your concerns.
StudyPad, Inc. 201 Spear, Street, Suite 1100
San Francisco California - 94105
Phone: +1 855 979 8948
For data subjects in the EU, GDPR-Rep.eu has been nominated as our representative in the European Union. If you want to make use of your data privacy rights, please visit: Our GDPR-Rep.eu landing page