Thank you for choosing to be part of our community at EduBlocks (“Company”, “we”, “us”, or “our”). We are committed to protecting your personal information and your right to privacy. If you have any questions or concerns about our policy, or our practices with regards to your personal information, please contact us at [email protected]. When you visit our website https://edublocks.org, and use our services, you trust us with your personal information. We take your privacy very seriously. In this privacy policy, we seek to explain to you in the clearest way possible what information we collect, how we use it and what rights you have in relation to it. We hope you take some time to read through it carefully, as it is important. If there are any terms in this privacy policy that you do not agree with, please discontinue use of our Sites and our services. This privacy policy applies to all information collected through our website (such as https://edublocks.org), and/or any related services, sales, marketing or events (we refer to them collectively in this privacy policy as the "Services"). Please read this privacy policy carefully as it will help you make informed decisions about sharing your personal information with us.
Table of Contents
- WHAT INFORMATION DO WE COLLECT?
- HOW DO WE USE YOUR INFORMATION?
- WITH WHOM DO WE SHARE YOUR PERSONAL DATA?
- DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
- HOW DO WE STORE AND RETAIN YOUR PERSONAL DATA?
- WHAT ARE YOUR PRIVACY RIGHTS?
- DATA SUBJECT REQUESTS
- DATA BREACH
- CONTROLS FOR DO-NOT-TRACK FEATURES
- DO WE MAKE UPDATES TO THIS POLICY?
- MINORS' USE OF THE EDUBLOCKS PLATFORM
- GENERAL CONSENT
- New E.U.-U.S. Privacy Framework
1. WHAT INFORMATION DO WE COLLECT?
1.1. Categories of Data Subject
Our software may collect and process personal data from various categories of individuals. We want to ensure transparency and provide you with an understanding of how your personal data is handled. The following categories of individuals are included:
- Users: As a user of our software, we collect and process your personal data to provide you with access to our services, customize your experience, and ensure the security of our platform.
- Customers: If you are our customer or client, we may collect and process your personal data to fulfill our contractual obligations, manage your account, and provide you with customer support.
- Website Visitors: When you visit our website, we collect certain personal data to analyze website traffic, improve user experience, and provide you with relevant information about our products and services.
- Partners: If we collaborate with you as a business partner, vendor, or service provider, we may collect and process your personal data to facilitate our business relationship, communicate with you, and ensure the smooth operation of our partnership.
- Subscribers: If you subscribe to our newsletters, marketing communications, or other subscription-based services, we collect and process your personal data to deliver relevant content and keep you informed about our latest updates, promotions, and events.
- Event Attendees: When you attend our events, webinars, conferences, or other related activities, we may collect and process your personal data for event management purposes, including registration, communication, and providing you with a valuable event experience.
1.2 Categories of Data We Collect
At EduBlocks, we value the personal information you choose to share with us, and we are committed to maintaining its confidentiality and protecting your privacy. When you interact with our services, there are various categories of personal data that you may voluntarily provide to us. We collect this information to ensure the smooth functioning of our services and to deliver a personalized experience. The categories of personal data we collect can include, but are not limited to:
- Contact Information: This category encompasses details such as your first name, last name, mailing address, email address, telephone number, and other similar contact information that you provide when registering or contacting us.
- Account Credentials: When you create an account with us, we collect and store your chosen username, password, user location, and other account authentication details to ensure secure access and protect the integrity of your account.
- Communication Data: If you engage in communication with us, either through our platform or via other means, we may collect and retain records of these communications, including email correspondence, support tickets, and any other relevant communication content.
- Usage and Preference Information: We may gather data regarding your usage of our services, including your preferences, settings, interaction patterns, and other information related to your activities within our platform.
- Social Media Information: If you choose to register or log in to our services using your social media accounts, such as Facebook, Twitter, or other similar platforms, we may collect and process certain information associated with your social media profiles in accordance with the relevant permissions granted by you.
1.3 Protection of User Credentials
At EduBlocks, we recognize the importance of safeguarding your user credentials to ensure the security and integrity of your account. While we implement industry-standard security measures to protect your personal information and prevent unauthorized access, it is essential for you, as a customer, to take responsibility for maintaining the confidentiality of your login credentials. You must exercise due diligence in safeguarding your username, password, and any other authentication information associated with your account. It is crucial to keep your login credentials confidential and not disclose them to any unauthorized individuals. By maintaining the confidentiality of your user credentials, you can help prevent unauthorized access and potential impersonation. Please note that EduBlocks cannot be held responsible for any unauthorized access to your account resulting from your failure to keep your login credentials secure. It is your responsibility to promptly notify us of any suspected unauthorized activity or any breach of security. We strongly advise you to choose a strong and unique password, regularly update it, and avoid using the same password across multiple platforms. Additionally, we recommend enabling multi-factor authentication if available to add an extra layer of security to your account.
1.4 How do we handle your social logins?
We want to assure you that we will only use the information we receive from your social media provider for the purposes stated in our privacy policy or as explicitly communicated to you on our services. We have implemented security measures to protect the confidentiality and integrity of this data and will handle it in accordance with applicable privacy laws and regulations. It is important to note that while we strive to safeguard your personal data, we have no control over how your social media provider handles and processes your information. We recommend reviewing their privacy policy to understand their data collection, use, and sharing practices, as well as the options available to you for managing your privacy settings on their platform. If you have any concerns or require further information regarding the handling of your personal data obtained through social media login, please feel free to reach out to us at [email protected]. Our team will be happy to assist you and provide the necessary clarifications.
2. HOW DO WE USE YOUR INFORMATION?
We process your information for various purposes, which are based on legitimate business interests, the fulfillment of our contractual obligations to you, compliance with legal requirements, and/or your consent. Each purpose for processing your personal information is supported by specific legal grounds, as indicated below:
- Account Creation and Logon Process: To provide you with seamless account creation and logon experience, we may process the personal information you have allowed us to collect from third-party accounts, such as Google or Facebook. This processing is necessary for the performance of the contract between us. For further information on how we handle your social logins, please refer to the section titled "HOW DO WE HANDLE YOUR SOCIAL LOGINS."
- User Account Management: We may use your personal information to manage and maintain your user account, ensuring its proper functioning and security. This processing is necessary to fulfill our contractual obligations and maintain our legitimate business interests in managing user accounts effectively.
- Responding to User Inquiries and Offering Support: Your personal information may be used to address your inquiries and provide support related to the use of our services. We process this information to fulfill our legitimate business interests in offering timely and effective customer support.
3. WITH WHOM DO WE SHARE YOUR PERSONAL DATA?
We only share information with your consent, to comply with laws, to provide you with services, to protect your rights, or to fulfill business obligations. We may process or share data based on the following legal basis:
- Consent: We may process your data if you have given us specific consent to use your personal information in a specific purpose.
- Legitimate Interests: We may process your data when it is reasonably necessary to achieve our legitimate business interests.
- Performance of a Contract: Where we have entered into a contract with you, we may process your personal information to fulfill the terms of our contract.
- Legal Obligations: We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements).
- Vital Interests: We may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved.
- Vendors or Service Providers: We may engage trusted third-party service providers who assist us in delivering our software services. These providers include hosting providers, payment processors, customer support providers, and data analytics providers. These service providers are authorized to process your personal data solely for the purposes outlined in our agreements with them, and they are bound by strict confidentiality and data protection obligations.
- Business Partners: In some instances, we may collaborate with business partners to offer integrated services or joint promotions. We may share your personal data with these partners to facilitate the delivery of the agreed-upon services or promotions. However, we ensure that these partners adhere to appropriate privacy and security measures to protect your personal information.
- Legal and Regulatory Authorities: We may disclose your personal data if required by law, legal process, or governmental request. This includes responding to lawful requests from public and government authorities, as well as protecting our rights, privacy, safety, and property, or that of our users and the general public.
- Affiliates and Subsidiaries: We may share your personal data with our acquiring company and subsidiaries for internal administrative purposes, including data consolidation, storage, and analysis. These entities will process your personal data in accordance with this Privacy Policy.
- Consent or Instruction: We may share your personal data with third parties if we have obtained your explicit consent to do so or if you have provided specific instructions to share your personal data.
3.1 Our Sub-processors
As part of our commitment to protecting your privacy and ensuring the security of your personal data, we may engage the services of trusted third-party sub-processors. These sub-processors assist us in delivering our software services and may have access to your personal data for specific purposes.
Purpose | Processed Data | Location |
---|---|---|
Third-party accounts users can login with | ||
Contact information, user credentials, user’s location | USA | |
Microsoft | USA | |
Authentication, Database & Storage Providers | ||
Ory | Contact information and user credentials | Europe |
Firebase | Contact information, user credentials, user’s location and User generated data | USA & Europe |
Analytics | ||
Google Analytics | Contact information, user credentials, user’s location, usage and preference information | USA |
Microsoft Application Insights | USA | |
Heap | USA | |
Code-execution service | ||
Trinket.io | User-generated data | USA |
Support Services | ||
ZenDesk | User Credentials from Customer Admin account, User-generated data | USA |
UserReport | Denmark |
4. WHAT COOKIES AND OTHER TRACKING TECHNOLOGIES DO WE USE?
We may use cookies and similar tracking technologies (like web beacons and pixels) to access or store information. Specific information about how we use such technologies and how you can refuse certain cookies is set out in our Cookie Policy. Most Web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features or services of our Services. To opt-out of interest-based advertising by advertisers on our Services visit http://www.aboutads.info/choices/.
4.1 Use of Heap for Analytics
In order to enhance and improve our services, we may utilize a third-party analytics tool called Heap. Heap helps us analyze user interactions and behavior within our software and provides valuable insights to optimize the user experience. When you access or use our services, Heap may collect and process certain information about your interactions, such as clicks, page views, and user flows. This information is collected using cookies and similar tracking technologies. We use the analytics provided by Heap to understand user preferences, measure engagement, and make data-driven decisions to enhance our services. By using our services, you consent to the collection and processing of your data by Heap for the aforementioned purposes. If you wish to opt-out of Heap's data collection, you can do so by adjusting your browser settings or utilizing the opt-out mechanisms provided by Heap. However, please be aware that opting out may impact your experience and the functionality of our services.
5. HOW DO WE STORE AND RETAIN YOUR PERSONAL DATA?
In accordance with applicable data protection laws and regulations, we store Personal Data or Information in combination with non-personal information. In such cases, we consider the resulting combination as personal information and will handle it in accordance with our Privacy Policy and applicable data protection laws and regulations. When collecting, storing and processing your data, we aim to protect your personal information through a system of organizational and technical security measures. We have implemented appropriate technical and organizational security measures designed to protect the security of any personal information we process. Nonetheless, we want to make it clear that our servers and databases are located in the United States, and we do not offer or provide storage options in data centers located in other territories. Therefore, by using our services, you agree and acknowledge that your personal information may be transferred and stored in the United States, which may have different data protection laws than the country in which you reside. Once stored, we retain the minimum amount of Personal Data necessary for the above-mentioned purposes, and will not use or disclose it for any other purpose without your consent. We will retain your personal data only for so long as a legitimate business or human resources purpose exists or until you have requested us to delete your personal data contacting us to [email protected]. We might delete the personal data of Customer, whenever the following conditions are met:
- The data subject has submitted a Data Deletion Request or has invoked his right to be forgotten.
- It is no longer necessary for the fulfillment of the EduBlocks's legal basis. In this case, in compliance with the principles of storage limitation and data minimization, we regularly carry out a Periodic Data Deletion Process to clean our database of the personal information we no longer need, especially of those Customers or Users who have become inactive or who haven’t interacted for a period of twenty-four (24) months with EduBlocks products and Services.
- EduBlocks has detected a security threat that can put at risk the Company's systems or the EduBlocks user community. In such cases, EduBlocks shall take the necessary measures to delete the personal data of the data subject in a timely and secure manner, ensuring that the data is properly disposed of and cannot be accessed or used by unauthorized third parties.
6. WHAT ARE YOUR PRIVACY RIGHTS?
6.1 If you are in Europe, EEA or the United Kingdom
As a data subject, you have certain rights with respect to the personal information that we collect and process. These rights include:
- Right of Access (Art. 15 GDPR): You have the right to request a copy of the personal information we hold about you and to know how that information is used. In accordance with this right, our organization will provide you with a copy of your personal data upon request, free of charge. You can request access to your personal data by request contacting us at [email protected]. It is important to note that in some cases, we may not be able to provide you with access to your personal data if it interferes with the rights and freedoms of others or if it is protected by legal privilege.
- Right to Rectification (Art. 16 GDPR): You have the right to request that we correct any inaccuracies in the personal information we hold about you. In accordance with this right, our organization allows individuals to request the correction of their personal data if they believe it to be incorrect or outdated. If we have disclosed incorrect information to third parties, we will take reasonable steps to inform them of the correction where appropriate.
- Right to Erasure (Art. 17 GDPR): You have the right to request that we delete your personal information in certain circumstances. In accordance with this right, our organization will erase your personal data upon request, provided that there are no overriding legitimate grounds for retaining it. It is important to note that in some cases, we may not be able to fulfill your request for erasure if your personal data is required for legal reasons or to perform our contractual obligations.
- Right to Restrict Processing (Art. 18 GDPR): You have the right to request that we restrict the processing of your personal information in certain circumstances. In accordance with this right, our organization will restrict the processing of your personal data upon request, provided that there are no overriding legitimate grounds for continuing the processing. This means that we will only store your personal data and not use it for any other purposes, unless you give us your consent.
- Right to Object (Art. 21 GDPR): You have the right to object to the processing of your personal information in certain circumstances, including for the purpose of direct marketing or profiling. In accordance with this right, our organization will stop processing your personal data upon request, provided that there are no compelling legitimate grounds for continuing the processing.
- Right to Lodge a Complaint (Art. 77 GDPR): You have the right to lodge a complaint with the relevant supervisory authority if you believe we have violated your rights. We encourage all Customers and Users to bring any concerns to our attention by contacting us at ([email protected]). If you are not satisfied with our response, you have the right to file the complaint with the relevant Supervisory Authority.
6.2 If you are a California Citizen
As a user, you have certain rights under the California Privacy Rights Act (CPRA) (CA CIV code 1798.100 C) concerning your personal information. These rights include:
- Right to delete Personal Information: You have the right to request that we delete any personal information collected about you. If we receive such request, we will not only delete your personal information from our records but also notify and demand to our service providers, contractors, and third parties to whom we have sold or shared your personal information to delete your information unless it is impossible or involves a disproportionate effort. We may maintain certain personal information despite your request for a number of stated legal purposes.
- Right to Correct Inaccurate Personal Information: You have the right to request that we correct any inaccurate personal information that we maintain about you.
- Right to Know What Personal Information has been Collected: You have the right to request that we disclose to you the categories of personal information we have collected about you, the sources from which we collect the personal information, the business purpose for collecting, selling or sharing your personal information, the categories of third parties to whom we disclose your personal information, and the specific pieces of personal information we collected about you.
- Right to Opt-Out of Sale of Personal Information: You have the right to opt out of the sale of your personal information to third parties.
- Right to Limit Use and Disclosure of Sensitive Personal Information: You have the right to direct us to limit the use of sensitive personal information that we collect about you.
- Non-Retaliation: We will not discriminate against you because you exercised any of your rights under the CPRA.
Do not Share or Sell Information Clause
We do not sell or share your personal information with third parties for monetary or other valuable consideration, but your information might be shared for other reasons. Nonetheless, under the CPRA, we are required to provide notice to California residents if their personal information may be sold or shared and to provide them with the right to opt out of the sale or sharing of their personal information. If you are a California resident, you have the right to direct us not to sell or share your personal information with third parties. As part of your privacy choices, when you enter our webpage, you can decide not to accept the cookies that involve sharing your personal information using our Consent Manager. If you are already opted-in, you can always opt out of the share or sale of your personal information to third parties using your browser setting. If you opt-out in compliance with the CPRA, we commit not to ask for consent to share your information until at least twelve (12) months after the initial opt-out. In case you are a minor under the age of 16, we will not sell or share your personal information without your affirmative consent or the affirmative consent of your parents or guardian if you are under the age of 13.
Pre-Action Notice-and-Cure Requirement
If you believe that we have violated your rights under the CPRA, you may have the right to bring legal action against us. Before doing so, you must provide us with 30 days written notice identifying the specific provisions of the CPRA that you allege we have violated. If we cure the noticed violation within the 30-day period and provide you with an express written statement that the violations have been cured and that no further violations shall occur, you may not initiate any legal action. However, if we continue to violate the CPRA after providing you with an express written statement, you may bring an action against us to enforce the statement and pursue statutory damages for each breach of the statement, as well as any other violation of the CPRA that postdates said statement. The Californian Competent Authority is the California Privacy Protection Agency, 2101 Arena Blvd, Sacramento, CA 95834. Phone: +1 (279) 895-1412, Email: [email protected]
6.3 If you are a Canadian Citizen
We comply with the Canadian Consumer Privacy Protection Act (Bill C-27) amending the Personal Information Protection and Electronic Documents Act (PIPEDA) and Personal Information and Data Protection Tribunal Act (PIDPT). If you are Canadian Citizen, we guarantee that we collect personal information on a lawful basis, and we share it under the provision of the Data Mobility Framework with other organizations that provide the required security standards, requirements for format, and transfer mechanism. When we process your data we do not use automated decision-making. In case we do, you will be informed, and we will comply with the Algorithmic Transparency Principle, informing you (without risking our intellectual property) how we implement said tools. Once we process your personal information, you will have the right to know what personal information is being collected, used, or disclosed. Also, you will have the option to withdraw consent, the right to be forgotten, and the right to data portability. In alignment with the Bill, we have created a Privacy Management Program that includes the policies, practices, and procedures to facilitate the way your exercise your rights.
7. DATA SUBJECT REQUESTS
As a data subject, you have certain rights regarding the processing of your personal data. These rights may include the right to access your personal data, the right to rectify any inaccurate or incomplete information, the right to erasure of your personal data under certain circumstances, the right to restrict the processing of your data, the right to data portability, and the right to object to the processing of your personal data. To exercise your rights, you can submit a written request to us indicating the specific right you wish to exercise. We will carefully review and consider your request in accordance with applicable data protection laws. Please note that there may be certain legal limitations or exceptions to these rights, which will be explained to you if applicable. We are committed to responding to your data subject requests in a timely manner. We will endeavor to provide a response within 30 days of receiving your request. However, if your request is complex or if we receive a large volume of requests, it may take longer to provide a comprehensive response. If this is the case, we will inform you of any necessary extensions and keep you updated on the progress of your request. To ensure the security and confidentiality of your personal data, we may require you to provide sufficient information to verify your identity before processing your request. This may include providing your user credentials, name, and email address. If you have any questions, concerns, or would like to exercise your data subject rights, please do not hesitate to contact us at [email protected]. Our team is here to assist you and provide the necessary support in relation to your personal data.
8. DATA BREACH
A privacy breach occurs when there is unauthorized access to or collection, use, disclosure or disposal of personal information. You will be notified about data breaches when EduBlocks believes you are likely to be at risk or serious harm. For example, a data breach may be likely to result in serious financial harm or harm to your mental or physical well-being. In the event that EduBlocks becomes aware of a security breach which has resulted or may result in unauthorized access, use or disclosure of personal information EduBlocks will promptly investigate the matter and notify the applicable Supervisory Authority not later than 72 hours after having become aware of it, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.
9. CONTROLS FOR DO-NOT-TRACK FEATURES
Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. No uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy policy.
10. DO WE MAKE UPDATES TO THIS POLICY?
We may update this privacy policy from time to time. The updated version will be indicated by an updated “Revised” date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy policy, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy policy frequently to be informed of how we are protecting your information.
11. MINORS' USE OF THE EDUBLOCKS PLATFORM
The EduBlocks platform is designed to provide an educational environment for users, including minors. We recognize the importance of protecting the privacy and safety of minors online. As such, we allow the supervised use of the platform by individuals aged 13 and above. However, access to the platform by minors below the age of 13 is at their own risk and should only be done under the guidance and supervision of a parent or legal guardian.
11.1 Compliance with Applicable Legislation
We are committed to complying with all applicable laws and regulations concerning the privacy and protection of minors. In the United States, we adhere to the requirements of the Children's Online Privacy Protection Act (COPPA), which imposes certain obligations on website operators regarding the collection and processing of personal information from children under 13 years of age. In the United Kingdom, we comply with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018, which provide additional safeguards for the processing of personal data, including that of minors.
11.2 Parental Consent
If you are a parent or legal guardian and become aware that your child has provided personal information to us without your consent, please contact us immediately using the contact information provided in this Privacy Policy. We will take prompt steps to delete such information from our systems. We strongly encourage parents and legal guardians to actively supervise their children's use of the EduBlocks platform and to educate them about online safety and responsible use of personal information.
12. GENERAL CONSENT
By agreeing to this Privacy Policy, you explicitly give EduBlocks permission to process your personal data for the purposes stated above. If you wish to withdraw your consent, you can contact our Privacy Compliance Team through at [email protected]. By providing us with your personal data, you acknowledge that it may be stored or processed in the United States and subject to US laws, including those allowing government agencies, courts, and law enforcement to access personal data.
12. New E.U.-U.S. Privacy Framework
We comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. We have certified to the U.S. Department of Commerce our adherence to the EU-U.S. DPF Principles with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and to the Swiss-U.S. DPF Principles with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.