(Effective: 6 / 29 / 2022)
SCOPE OF THIS POLICY
In this document "Personal Data" shall apply to Personal Data of individual Service users who are not child registrants. References to "Children's Personal Data" shall only apply to Personal Data of child users of the Services. General references to "data" or “information” shall apply to all users.
Company gathers Personal Data and Children’s Personal Data when you or your child access the Services and when you or your child use our services. This policy does not apply to the practices of companies that Company does not own or control, or to individuals that Company does not employ or manage.
HOW IS CHILDREN PERSONAL DATA USED
The Children’s Online Privacy Protection Act (“COPPA”) requires that online service providers obtain parental consent before they knowingly collect personally identifiable information online from children who are under 13 years of age. Moreover, the EU General Data Protection Regulation (the “GDPR”) requires that data controllers obtain consent from the holders of parental responsibility over children who are under 16 years of age before such controllers knowingly collect and process Personal Data from such children.
We do not knowingly collect or solicit Personal Data from a child under the age of 13 (if such child is located in the United States) or a child under the age of 16 (if such child is located in the European Economic Area or United Kingdom) (in each case, a “Child under the Age of Consent”) [RHH4] without obtaining verifiable consent from that child’s parent or guardian (such consent, “Parental Consent” and such individual, “Parent or legal guardian”), except for the limited amount of Personal Data we need to collect in order to obtain Parental Consent (“Required Information”). Until we have received Parental Consent, we will only use Required Information for the purpose of obtaining Parental Consent. Parental Consent is further described below in the “Data about Children” section.
If you are a Child under the Age of Consent, you may not register for the Services or otherwise disclose any Personal Data to us before we obtain Parental Consent, except that you may share Required Information solely for the purpose of the Company obtaining Parental Consent. You may only interact with the Services under an account created by your Parent or legal guardian who has provided Parental Consent.
If you believe that a Child under the Age of Consent has provided us with Personal Data (beyond the Required Information) without our obtaining Parental Consent, please contact us at email@example.com. We do not condition participation in our Services on disclosure of more Personal Data from a Child under the Age of Consent than is reasonably necessary for that child’s participation in the Services, and we do not retain Personal Data from Children under the Age of Consent [RHH9] any longer than is reasonably necessary in order to fulfill the purpose for which it was disclosed.
If you are a Parent of a user of our Services who is a Child under the Age of Consent[RHH10] , you may contact us at any time (firstname.lastname@example.org) to ask that (a) we stop collecting Personal Data from such user, (b) we delete any Personal Data already collected from such user (also note that we may further retain and use Anonymized Data as set forth the “Data that is Not Personal Data” section below), or (c) we stop disclosing Personal Data collected from such user to third parties, but continue to allow for collection and use of Personal Data collected from such user in connection with the Services.
WHAT PERSONAL DATA DO COMPANY COLLECT
The Personal Data you provide is used for such purposes as providing you the services, answering questions, sending product updates, and communicating with you about Company's products and services, and payments, including specials and new features. The Children's Personal Data you provide shall only be used for creating your individual account (which will allow you to receive progress reports) You can choose not to provide us with certain data, but then you may not be able to take advantage of many of our special features.
You may review, modify, stop collection of or remove your Personal Data or Children's Personal Data identified below at any time by logging into your account and accessing features to edit your profile and/or account information.
Teacher/ school consent in lieu of a parent
With regard to school-based activities, COPPA allows teachers and school administrators to act in the stead of parents to provide consent for the collection of personal information from children. Schools should always notify parents about these activities. For more information on parental rights with respect to a child’s educational record under the Family Educational Rights and Privacy Act (FERPA), please visit the FERPA site. If you are a teacher or a school, by sharing information about students (“Student Data”) or other data to Progeny, you expressly grant, and you represent and warrant that you have all rights necessary to grant, to Progeny a non-exclusive, royalty-free, worldwide license during the term of the Agreement to use, transmit, distribute, modify, reproduce, display, and store the Student Data solely for the purposes of 1.providing the Services as contemplated by the Agreement, and as otherwise described herein, 2.maintaining, supporting, evaluating, improving and developing our products, applications, and Service, and 3.enforcing our rights under the Agreement.
DATA COLLECTED FROM OUR CUSTOMERS
Data about Children. We collect certain information about children such as screen name, age and gender pronoun directly from Parent(s) when Parent(s) set up an account. For additional information about the data that we collect from children, please see the table further below.
If you are a teacher or a school administrator, you may also provide a full name for each applicable child to be able to track progress and distinguish students. Therefore, you may choose to provide a different identifier instead of a child’s name for this purpose. You may also provide us with a username and a password for each of the student accounts.
When using our program plan(s) (“Plan, Session, or Subscription Plan”), Parent(s) may choose to provide us or the teacher conducting the program (“Teacher or Tutor”) certain information about the student on the basis of helping the Teacher improve their instruction. Note that it is not mandatory to provide any such information and if you provide it, it is completely optional.
In addition, children may share information, including Personal Data, about themselves during live sessions. The Progeny Program plans may take place individually or in groups, over online live video in which video images and audio of the children are recorded. The recordings are used for many reasons, one is to make sure we are providing a safe environment for both our students and teachers/tutors, second, for evident-base quality assurance, including feedback/ progress for the parent(s). No information is collected directly from children until they are in the course session. Children cannot post Personal Data publicly anywhere on the Services, however, in group classes, students can share information, including Personal Data, with other students. It is to be expected that either the parent or the learner will provide basic information like the student's name to facilitate the Course Sessions.
Class Recordings. Our policy is to only be able to see and hear the learner that is registered for our program plan during live sessions. Class Video Recordings: As described above, Progeny records videos of students and teacher/tutors during the program Sessions (“Class Recordings”). Please note the Class Recordings may accidentally capture persons (including other children) in the background other than the enrolled children.
The Company makes recordings of all live classes and are made available by Progeny to the Teacher providing that Program Session as a means for quality assurance. Teachers are obliged not to share the recordings with any third party in any scenario, this includes any other teachers/tutors in our program. Enrolling in a program does not guarantee access to class recordings.
Recording of the program Session may also be shared with the learner and their Parent(s)/ guardian(s) (the “Permitted Recipients”) to view, for the purpose of reviewing the lessons. Progeny will make reasonable attempts to ensure that the Session is not further downloaded or shared by the permitted recipients.
Progeny may also use Class Recordings to provide feedback to Teachers, for customer support, and for compliance purposes. Progeny will obtain additional parental consent before we use any Class Recordings for promotional or other purposes. Class Recordings will not be shared with third parties.
Parental Consent. Progeny obtains verifiable parental consent before collecting Personal Data from your child for example, Progeny may obtain parental consent by requiring the parent to provide their credit card information in order to register the child for and pay for a Progeny plan (“Parental Consent”). If the parent does not provide consent, we will not collect, use or disclose any Personal Data about the child, and the child will not be allowed to use the Services in any way.
HOW IS CHILDREN’S PERSONAL DATA USED
High-Level Consent. In the event Progeny collects personal information from a child that will be posted publicly, we will seek a higher level of consent than email consent. Such “high-level” methods of consent include but are not limited to asking for a credit card or other payment method for verification (with a nominal charge involved), speaking to a trained customer service representative by telephone or video chat, or requiring a signed consent form by mail, email attachment, or fax. After providing high-level consent, a parent may have the opportunity to use a pin or password for future communications as a way to confirm the parent’s identity.
Contact and Payment Information. We collect your email address, account password, zip code, phone number, credit card and/or other payment information and any other information necessary for us to provide our services. If you are a teacher or a school administrator we also may collect your school name from you.
We also offer parents and teachers the ability to sign up for the services using their existing Facebook or Google account. If you choose to sign up for the Services using one of these accounts, we will receive your full name from the service provider managing that account.
Additionally, you may also provide us with additional Personal Data when you contact us for product or technical support like an alternate communication method which we will use to answer your queries and process your requests. If you are using the service as an Educational Institution, Student information may be visible during Customer Support and/or Troubleshooting. Personally identifiable information such as Student Name, Parent or Teacher Email Address, login dates and times may be viewed on our service by Product Support.
Push Notifications. Push notifications are notifications on mobile and other devices that are typically associated with downloaded applications, and which can communicate to the device holder even when the application is not in use. This feature is intended for parent(s) or school use only.
Consent to Receive Communication. By signing up for the Services, you agree to receive communications from Progeny Virtual Classroom, including text (SMS), email, and/or push notifications. If a teacher or school administrator adds a Family Member to the Services via phone number, the Family Member will receive an SMS with information about how to subscribe to program plans or promotions and how to opt-out of SMS messages. Progeny Virtual Classroom does not collect phone numbers from or send SMS messages to students. By signing up for the Services and providing your phone number either directly to Progeny Virtual Classroom or to your student’s school or district, you agree to receive communications from Progeny Virtual Classroom, and you represent and warrant that every person whose contact information you provide to us has also consented in advance to receive communications from you and Progeny Virtual Classroom. Progeny Virtual Classroom is not responsible for your receipt of, or failure to receive any messages, or for messages sent erroneously or with incorrect information. Progeny Virtual Classroom is not responsible for your or someone else’s action or failure to take action due to the receipt of any messages. If you make changes to your contact information, you are responsible for updating your Account Settings and informing your student’s school or district.
You can opt-out of notifications at any time. Text "STOP" in reply to any SMS message from Progeny Virtual Classroom to unsubscribe. Text "HELP" for instructions on how to use our service. Message frequency varies. Message and data rates may apply. You can also opt-out of notifications in your Account Settings.
You can also opt-out of marketing communications from us at any time. You can opt-out from these notifications or modify the frequency of these notifications at any time through the app or device settings. If you opt-out of marketing communications, you may still receive communications that are necessary for the Services or otherwise exempt from anti-spam laws. By opting out of communications from Progeny Virtual Classroom, you acknowledge that this may impact your use of the Services.
Activity Data. We receive and store certain types of information whenever you interact with our Services or use our Services. Company automatically receives and records information on our server logs from your browser including your IP address, cookie information, and the page you requested.
We also record data around children's usage of the Services such as their activities, their performance on games and activities, in order to send you reports and recommend the most appropriate activities including games and videos.
ONLINE TRACKING TECHNOLOGIES:
Examples of online tracking technologies include:
Flash cookies. We may use local shared objects, sometimes known as Flash cookies, to store your preferences or display content based upon what you view on our site to personalize your visit. Our advertisers and third-party service providers also may use Flash cookies to collect and store information. Flash cookies are different from browser cookies because of the amount of, type of, and manner in which data is stored. Cookie management tools provided by your browser will not remove Flash cookies. Learn how to manage privacy and storage settings for Flash cookies. If you disable Flash cookies, you won’t have access to many features that make your guest experience more efficient, and some of our services will not function properly.
Cookies. We use information collected through cookies and usage of the Services for purposes such as to learn more about our user base; analyze trends; authenticate and secure the Services; enhance and personalize your experience; and in general to improve and operate our Services.
Such technology is also used to receive confirmation when you open an email from us. We use this confirmation to help us make emails more interesting and helpful. When you receive emails from us, you can opt out of receiving further emails by following the included instructions to unsubscribe.
The cookies which are initially placed on Progeny website may be categorized as essential cookies: security, anti-fraud, and other purposes related to the specific functionality of your service. (Reminder, cookies may also come from our partners listed under “Third Party Analytics and Advertising Companies“section.
Advertising. We may run advertising campaigns to market our Services and use technology such as cookies to analyze the performance of advertising and improve them. We do not currently display third party advertisements on our Services or use third party cookies to track child users for advertising purposes. We also do not engage in targeted advertising based on Student Data or Children’s Personal Data.
Social Media. We and our social media partners collect information about your online activity when you interact with our sites and applications. How to Opt-Out:
To opt out of social media site ad tracking and analytics, you can use your browser controls to opt out, or go directly to our partners listed below to disable social media tracking and analytics on this device.
Google/YouTube: To opt out of Google ad tracking and analytics, you can choose to block certain ads, or opt out or adjust ad personalization in Google’s ad settings.
Facebook : To opt out of Facebook ad tracking and analytics, follow the Facebook opt out instructions here.
SOURCES THE COMPANY COLLECT INFORMATION FROM
Categories of Sources of Personal Data. We collect Personal Data about you from the following categories of sources:
When you provide such information directly to us
When you create an account or use our interactive tools and Services.
When you voluntarily provide information in free-form text boxes through the Services or through responses to surveys or questionnaires.
When you send us an email or otherwise contact us.
Information Teachers provide to let us run background checks and background check reports we receive from third parties
When you use the Services and such information is collected automatically
Through Cookies (defined in the “Cookies” section).
If you download our mobile application or use a location-enabled browser, we may receive information about your location and mobile device, as applicable
If you download and install certain applications and software we make available, we may receive and collect information transmitted from your computing device for the purpose of providing you the relevant Services, such as information regarding when you are logged on and available to receive updates or alert notices.
From the government or other sources.
Public sources of information such as open government databases and background check services we use for Teachers.
Teacher or School Administration
As noted above, teachers or school administrators may provide a child’s name or other identifier for purposes of tracking progress and distinguishing students. Teachers or school administrators may also provide us with a username and a password for each of the student accounts.
We may use analytics providers to analyze how you interact and engage with the Services, or third parties may help us provide you with customer support.
We may use vendors to obtain information to generate leads and create user profiles.
We receive information about you from some of our joint vendors who assist us with marketing or promotional services related to how you interact with our websites, applications, products, Services, advertisements or communications. Get more info below, in the “Third Party Analytics and Advertising Companies” section
If you provide your social network account credentials to us or otherwise sign in to the Services through a third-party site or service, some content and/or information in those accounts may be transmitted into your account with us.
HOW DOES THE COMPANY USE THE INFORMATION COLLECTED
Our Commercial or Business Purposes for Collecting Personal Data
Providing, Customizing and Improving the Services
Creating and managing your account or other user profiles.
Processing orders or other transactions; accounting, billing.
Providing you with the products, services or information you request.
Meeting or fulfilling the reason you provided the information to us.
Providing support and assistance for the Services.
Improving the Services, including testing, research, internal analytics and product development, site features, content, and pages
Personalizing the Services, website content and communications based on your preferences.
Doing fraud protection, security and debugging.
Carrying out other business purposes stated when collecting your Personal Data or as otherwise set forth in applicable data privacy laws, such as the California Consumer Privacy Act (the “CCPA”).
Marketing the Services
Marketing and selling the Services.
Advertising our products and services; measuring and improving the effectiveness of advertisements
Corresponding with You
Responding to correspondence that we receive from you, contacting you when necessary or requested, and sending you information about Progeny or the Services.
Sending emails and other communications according to your preferences or that display content that we think will interest you including reports, new features and promotional offers.
Meeting Legal Requirements and Enforcing Legal Terms
Fulfilling our legal obligations under applicable law, regulation, court order or other legal process, such as preventing, detecting and investigating security incidents and potentially illegal or prohibited activities.
Conduct background checks if you are a Teacher.
Protecting the rights, property or safety of you, Progeny or another party.
Enforcing any agreements with you.
Responding to claims that any posting or other content violates third-party rights.
We will not collect additional categories of Personal Data or use the Personal Data we collected for materially different, unrelated or incompatible purposes without providing you notice.
WILL WE SHARE ANY OF THE INFORMATION WE RECEIVED
Your Personal Data and Children's Personal Data is an integral part of our business. We neither rent nor sell your Personal Data or Children's Personal Data to anyone. We share your Personal Data and Children's only as described below. We never share that Children's Personal Data with any third party and other service providers. A child's usage data (i.e., “performance on tests, screenings, etc. available in the Services”) is shared through aggregated, anonymous comparisons, but never in a way that could personally identify the child. In addition, we do not offer learner’s chat rooms or community features that allow the sharing or posting of Children's Personal Data in a public forum (in other words, outside the live class session). Chat rooms or community forums are for parent(s)/ guardian(s), teacher or school communication with Progeny teacher/tutor or administration.
We employ APIs of other companies and people to perform tasks on our behalf and may need to share your information with them, including Personal Data or Children's Personal Data, to provide products or services to you. Examples included above in the “Our Commercial or Business Purposes for Collecting Personal Data” section. Unless we tell you differently, these companies do not have any right to use Personal Data or Children's Personal Data we share with them beyond what is necessary to execute tasks at hand. We will also require that these companies agree to protect the security of the information we share with them. For any privacy inquiries related to how these companies may handle your information on our behalf, please use the contact information of Progeny at the bottom of this page, and we will respond to all such inquiries.
We disclose your information to the categories of service providers and other parties listed in this section. Depending on state laws that may be applicable to you, some of these disclosures may constitute a “sale” of your Personal Data. For more information, please refer to the state-specific sections below.
Service Providers: These third parties (as stated in “Sources company collect information from” section above) help us provide the Services or perform business functions on our behalf. They include:
Hosting, technology and communication providers.
Security and fraud prevention consultants.
Support and customer service vendors.
Product fulfillment and delivery providers.
Our payment processing partner PayPal (“PayPal”) collects your voluntarily-provided payment card information necessary to process your payment.
Third Party Analytics and Advertising Companies: Third party analytics and advertising vendors also collect Personal Data through our Site including, general location data, usage data, and inferences associated with identifiers and device information (such as cookie IDs and IP address) as described in the Cookies section of this statement. Except for data collected from Learners on the Services in Learner Space, these third-party vendors may combine this data across multiple sites to improve analytics for their own purpose and others. For example, we use Google Analytics on our Site to help us understand how users interact with our Site; you can learn how Google collects and uses information at www.google.com/policies/privacy/partners.
Please note that our Site includes references or links to or suggestions to engage with third parties whose privacy practices differ from ours. Teachers may also suggest third party resources for Parents and Learners. If you provide Personal Data to any of those third parties, or allow us to share Personal Data with them, that data is governed by their privacy statements.
Analytics Partners: These parties provide analytics on web traffic or usage of the Services. They include:
Companies that track how users found or were referred to the Services.
Companies that track how users interact with the Services.
Advertising Partners: These parties help us market our services and provide you with other offers that may be of interest to you. They include:
Parties You Authorize, Access or Authenticate
Third parties you access through the services.
Social media services.
Here is the list of partners that we work with.
WHEN INFORMATION COLLECTED FROM CHILDREN IS AVAILABLE TO OTHERS
In addition to those rare instances where a child’s personal information is posted publicly (after receiving high-level parental consent), we also may share or disclose personal information collected from children in a limited number of instances, including the following:
We may share information with our service providers if necessary for them to perform a business, professional, or technology support function for us.
We may disclose personal information if permitted or required by law, for example, in response to a court order or a subpoena. To the extent permitted by applicable law, we also may disclose personal information collected from children (i) in response to a law enforcement or public agency’s (including schools or children services) request; (ii) if we believe disclosure may prevent the instigation of a crime, facilitate an investigation related to public safety or protect the safety of a child using our sites or applications; (iii) to protect the security or integrity of our sites, applications, and other technology, as well as the technology of our service providers; or (iv) enable us to take precautions against liability.
In the event that Progeny is involved in a merger, reorganization, dissolution, sale of business or assets or similar event, information disclosed to or collected by may be transferred to Progeny’s successor, or to the purchaser of such assets, as applicable. You will be notified via email and a prominent notice on our Website of any change in ownership or uses of your Personal Data, as well as any choices you may have regarding your Personal Data.
User Dashboard. As a user of our Services, you will have a user profile dashboard “User Dashboard”, that will be publicly available to all registered users of the Services (the “User Dashboard”). Children are not allowed to enter or upload User Submissions. No Children's Personal Data will ever be displayed to any third party through a User Profile other than our service providers. Email addresses are used to add new User Submissions to the user dashboard and to communicate through User Submissions. Users' email addresses will not be directly revealed to other users by Company, except, maybe when the user is "connected" to another user via a shared class group, or an invitation or if the user has chosen to include their email address in their User Dashboard, which the parent can edit for privacy. You are not required to include any Personal Data on your User Dashboard. But you will have the option to include a variety of types of Personal Data in your User Profile, which may include your first name, last name, biographical information, geographical location, and avatar or personal photograph.
Any information published in your User Dashboard becomes available to the public. After publishing, we have no control over how such information is used or its further dissemination. We urge you to think carefully about what, if any, Personal Data you include in your User Dashboard. Teachers/ administration must be able to confirm that all registered learners are in correct class sessions at the beginning of each class. First name and email is suitable for verification purposes.
We may send offers to you on behalf of other businesses. However, when we do so, we do not give the other business your name and address and such communications will not be sent to child users. If you do not wish to receive these offers, please unsubscribe using the instructions provided in the email, the account management tools on the website, or by sending an email with your request to email@example.com
We may share any Personal Data that we collect with third parties in conjunction with any of the activities set forth under “Meeting Legal Requirements and Enforcing Legal Terms” in the “Our Commercial or Business Purposes for Collecting Personal Data” section above.
Protection of Company and Others
We may release Personal Data to protect the rights, property, or safety of the Company, our employees, our users, or others. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction.
We expect everyone to respect the privacy of others and follow our community standards, and other guidelines and restrictions on posting and sharing activities, such as sharing private materials, communications, or information, or sharing other Personal Data about others that may cause harm, embarrassment, or conflict. You should not encourage your Learner(s) or other Learner(s) to reveal any Personal Data about Learners or their families. This could lead to immediate subscription termination without refund. We take having a safe and healthy environment for the learners and our staff very serious and ask that you report this type of conduct at: firstname.lastname@example.org
Data that is Not Personal Data
We may create aggregated, de-identified or anonymized data from the Personal Data we collect, including by removing information that makes the data personally identifiable to a particular user (“Anonymized Data”). We may use such Anonymized Data and share it with third parties for our lawful business purposes, including to analyze, build and improve the Services and promote our business, provided that we will not share such data in a manner that could identify you.
With Your Consent
Except as set forth above, you will be notified when your Personal Data may be shared with third parties, and you will be able to prevent the sharing of this information. (For example, new partners / affiliates not stated above)
HOW WE PROTECT PERSONAL DATA and CHILDREN’S PERSONAL DATA
We value the security of our customers' information, and we do everything in our power to protect it. To prevent unauthorized access, disclosure, or improper use of your information, and to maintain data accuracy, we've established physical, technical, and administrative safeguards to protect the Personal Data we collect. In particular:
We periodically review our information collection, storage and processing practices, including physical security measures, to guard against unauthorized access to systems. to ensure the security of our user information.
We perform regular application security audits and infiltration testing to maintain ISO/PCI security certifications. conduct risk assessments; and monitor compliance with security policies. Any issues that are reported to our security team or raised during security audits are resolved as soon as possible.
Our Partners encrypts databases containing sensitive information, according to PCI standards, to add additional protection of personally identifiable information. The encryption method renders this information unreadable without a cryptographic key.
Our Service Provider has a multiple layer security architecture to help protect against 0-day security issues.
The signup and login services are completed through a secure server. The information provided to our Partners in the signup process is secured via HTTPS/ SSL communication.
Cryptography hash functions are used to protect your information. Your password is stored as a hash digest and, in the event of a security breach, your original password cannot be recovered from our servers.
Progeny's Website and the Service is hosted by third-party service providers at separate facilities, with whom we have a contract providing for enhanced security measures.
We restrict access to Personal Data to authorized Progeny employees, agents or independent contractors who need to know that information in order to process it for us, and who are subject to strict confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.
If you believe you've found a security issue or vulnerability, please contact email@example.com
Company endeavors to protect user information to ensure that user account information is kept private, however, Company cannot guarantee the security of user account information. Your Personal Data or Children's Personal Data is protected by a password for your privacy and security. You need to ensure that there is no unauthorized access to your account and Personal Data or Children's Personal Data by selecting and protecting your password appropriately and limiting access to your computer and browser by signing off after you have finished accessing your account.
If Progeny becomes aware of a systems security breach by an unauthorized party or that any user data was used for an unauthorized purpose, we will comply with relevant state and other data breach laws. We will notify users of any breach resulting in unauthorized release of data electronically, at minimum, and without unreasonable delay so that you can take appropriate steps. The notification will include date of the breach, the types of information that were subject to the breach, general description of what occurred, and steps Progeny is taking to address the breach.
DATA DELETION & RETENTION
We store your Personal Data for as long as it is necessary to provide products and Services to you and others, including those described above. Personal Data associated with your account will be kept until your account is deleted unless we no longer need the data to provide products and services.
Please note that we may have to retain some information after your account is deleted, to comply with legal obligations, to protect the safety and security of our community or our Service, or to prevent abuse of our Terms.
Deleting Your Account
You have the right to ask us to delete your account at any time. You can do so by contacting us at firstname.lastname@example.org. In case a parent wants to get a child's classroom account deleted, please contact the child's school.
Student Data Protection Policy
We will not retain a student's Personal Data for any longer than is necessary for educational purposes, legal or contractual obligations, or to provide the Service for which we receive or collect the child's Personal Data. Additionally, we only keep a child's Personal Data for as long as his or her student account is active, unless we are required by law or the child's school to retain it, need it to ensure the security of our community or our Service or to enforce our Terms.
Please see the following section on information about data deletion due to account inactivity:
Home Accounts: For accounts created by parents, if neither the student, nor the student's parent(s) or any of the other student accounts associated with the parents' accounts have logged into their account in 2 years, Progeny Virtual Classroom will automatically delete or de-identify the Personal Data tied to the student account that is not necessary for educational purposes or legal obligations, including device tokens, device identifiers and IP addresses. In effect, the student account will be anonymized and de-linked from the parent account and the data will be non-recoverable. We will make reasonable attempts to inform parents about the account modification a few days in advance. We may retain some Personal Data about the parents for reasons outlined earlier, but these will not be tied to any Personal Data about the student. Parents can always request deletion of their accounts as outlined in the "Deleting your account" section.
Classroom Account: If neither the teacher, nor any of the students associated with the teacher account have logged into their account in 2 years or performed any activity, Progeny automatically deletes or de-identifies any Personal Data tied to the student accounts that is not necessary for educational purposes or legal obligations, including device tokens, device identifiers and IP addresses.
Please note that some content will not be deleted given various compliance and record-keeping obligations schools have. Please contact your (or your learner's) school if you would like this content deleted. If the school determines that the request should be implemented, they may submit a request to us.
What happens when an account is deleted
Progeny de-identifies or deletes any Personal Data tied to the accounts, including emails, usernames. device token, device identifiers, IP addresses. Some information may persist in backups that we maintain, for a reasonable amount of time. Progeny retains de-identified usage information about the accounts unless we contractually obligated to delete such information.
When a teacher or school administrator deletes an account from within their Progeny dashboard, the deleted accounts are kept in a recoverable state for 14 days before the deletion actually takes place. This is done so that any erroneous deletions on the user's part can be recovered, and accounts may be restored.
Please note that after an account is deleted from our systems, it is not possible for us to restore the account, or any Personal Data associated with it.
Deleting Communication Choices
During the time that you use your services, you will receive emails from us, which includes emails around new features and updates, practice reports and reminders, promotional offers and account related emails.
You may opt-out from receiving emails from within your Progeny account, or by using unsubscribe links included in the emails themselves. Opting out from certain types of emails may prevent us from providing you key portions of the services, such as providing progress reports that explain your child’s performance and progress using the Services. Please see “CONSENT TO RECEIVE COMMUNICATIONS” section above for SMS communication.
Please note even if you subscribe, we will still need to send certain essential emails till the time you have an account with us. These may include payment related emails, important legal or security related updates.
CALIFORNIA RESIDENT RIGHTS
Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to contact us to prevent disclosure of Personal Data to third parties for such third parties’ direct marketing purposes; in order to submit such a request, please contact us at email@example.com.
If you are a California resident, you have the rights set forth in this section. Please see the “Exercising Your Rights” section below for instructions regarding how to exercise these rights. Please note that we may process Personal Data of our customers’ end users or employees in connection with our provision of certain services to our customers. If we are processing your Personal Data as a service provider, you should contact the entity that collected your Personal Data in the first instance to address your rights with respect to such data. (i.g, links you interacted with other than our partners listed)
You have the right to request certain information about our collection and use of your Personal Data over the past 12 months. In response, we will provide you with the following information:
The categories of Personal Data that we have collected about you.
The categories of sources from which that Personal Data was collected.
The business or commercial purpose for collecting or selling your Personal Data.
The categories of third parties with whom we have shared your Personal Data.
The specific pieces of Personal Data that we have collected about you.
If we have disclosed your Personal Data to any third parties for a business purpose over the past 12 months, we will identify the categories of Personal Data shared with each category of third-party recipient. If we have sold your Personal Data over the past 12 months, we will identify the categories of Personal Data sold to each category of third-party recipient.
You have the right to request that we delete the Personal Data that we have collected about you. Under the CCPA, this right is subject to certain exceptions: for example, we may need to retain your Personal Data to provide you with the Services or complete a transaction or other action you have requested. If your deletion request is subject to one of these exceptions, we may deny your deletion request.
Exercising Your Rights
To exercise the rights described above, you or your Authorized Agent (defined below) must send us a request that (1) provides sufficient information to allow us to verify that you are the person about whom we have collected Personal Data, and (2) describes your request in sufficient detail to allow us to understand, evaluate and respond to it. Each request that meets both of these criteria will be considered a “Valid Request.” We may not respond to requests that do not meet these criteria. We will only use Personal Data provided in a Valid Request to verify your identity and complete your request. You do not need an account to submit a Valid Request.
We will work to respond to your valid Request within 30-45 days of receipt. We will not charge you a fee for making a Valid Request unless your Valid Request(s) is excessive, repetitive or manifestly unfounded. If we determine that your Valid Request warrants a fee, we will notify you of the fee and explain that decision before completing your request.
You may submit a Valid Request using the following methods:
Call us at: 484-841-9094
Email us at: firstname.lastname@example.org
You may also authorize an agent (an “Authorized Agent”) to exercise your rights on your behalf. To do this, you must provide your Authorized Agent with written permission to exercise your rights on your behalf, and we may request a copy of this written permission from your Authorized Agent when they make a request on your behalf.
Personal Data Sales Opt-Out and Opt-In
We will not sell your Personal Data. To our knowledge, we do not sell the Personal Data of children under 16 years of age.
We Will Not Discriminate Against You for Exercising Your Rights Under the CCPA
We will not discriminate against you for exercising your rights under the CCPA. We will not deny you our goods or services, charge you different prices or rates, or provide you a lower quality of goods and services if you exercise your rights under the CCPA. However, we may offer different tiers of our Services as allowed by applicable data privacy laws (including the CCPA) with varying prices, rates or levels of quality of the goods or services you receive related to the value of Personal Data that we receive from you.
OTHER STATE LAW & PRIVACY RIGHTS
Legislation such as the California Consumer Protection Act (CCPA) and the EU's General Data Protection Regulation (GDPR) and Brazil's Lei Geral de Proteção de Dados (LGPD) are designed to secure the personal data of those regions' citizens.
The CCPA gives consumers, who are defined as residents of California, rights over their personal information and how businesses may use that data. The GDPR is a regulation intended to strengthen and unify data protection for all individuals within the European Union (EU). This may affect businesses or websites that interact with EU citizens. Similarly, the LGPD provides data protection rights for Brazilian citizens.
The CCPA, LGPD and the GDPR grant customers the right to access data that site-owners have collected, as well as the right to have that data deleted.
Nevada Resident Rights
If you are a resident of Nevada, you have the right to opt-out of the sale of certain Personal Data to third parties who intend to license or sell that Personal Data. You can exercise this right by contacting us at email@example.com with the subject line “Nevada Do Not Sell Request” and providing us with your name and the email address associated with your account. Please note that we do not currently sell your Personal Data as sales are defined in Nevada Revised Statutes Chapter 603A.
EUROPEAN UNION DATA SUBJECT RIGHTS
The Sites are controlled, operated, and administered by the Company from its offices within the United States of America. The Company makes no representation that materials on the Sites are appropriate or available for use at other locations outside of the United States and access to them from territories where the contents or products available through the Sites are illegal is prohibited. You may not use the Sites or export the content or products in violation of U.S. export laws and regulations. If you access Sites from a location outside of the United States, you are responsible for compliance with all local laws.
If you are a resident of the European Union (“EU”), United Kingdom, Lichtenstein, Norway or Iceland, you may have additional rights under the EU General Data Protection Regulation (the “GDPR”) with respect to your Personal Data, as outlined below.
For this section, we use the terms “Personal Data” and “processing” as they are defined in the GDPR, but “Personal Data” generally means information that can be used to individually identify a person, and “processing” generally covers actions that can be performed in connection with data such as collection, use, storage and disclosure.
Progeny Virtual Classroom will be the controller of your Personal Data processed in connection with the Services. Note that we may also process Personal Data of our customers’ end users or employees in connection with our provision of certain services to customers (e.g., educational institutions), in which case we are the processor of Personal Data. If we are the processor of your Personal Data (i.e., not the controller), please contact the controller party in the first instance to address your rights with respect to such data.
Personal Data We Collect
The “What Personal Data Does Company Collect” section above details the Personal Data that we collect from you.
Personal Data Use and Processing Grounds
The “How does the Company Use the Information it Collects” section above explains how we use your Personal Data.
Sharing Personal Data
The “Will Company Share any of the Information it Receives” section above details how we share your Personal Data with third parties.
EU Data Subject Rights
You have certain rights with respect to your Personal Data, including those set forth below. For more information about these rights, or to submit a request, please email us at firstname.lastname@example.org.
If any request made under this section is clearly unfounded or excessive, we may reject the request or require a reasonable fee to honor the request. Additionally, we may not be able fully comply with your request if it jeopardizes the rights of others, or if it is not required by law. If we decide to reject your request, we will inform you of the reasons for not taking action and provide information on other possible remedies. If we decide that a reasonable fee is necessary, we will promptly inform you and will comply with the request upon receipt of this fee.
In some cases, we may also need you to provide us with additional information, which may include Personal Data, if necessary to verify your identity and the nature of your request.
We will respond to all requests within a reasonable timeframe. If our full response will ever take more than a month due to complexity or scope, we will notify you of this and keep you updated.
Review and update your data: You have the right to access and update any personal data that we have collected. Some personal data, such as the account holder's name and email address can be found and updated using the account management tools on our website at https://www.progenyvirtualprogeny.com. For any personal data beyond this, please submit a request using the contact information at the end of this section.
DELETING YOUR DATA
You also have the right to get your personal data deleted. This is sometimes known as the ‘right to be forgotten’. To request that we delete all personal data about you, please submit a request using the contact information at the end of this section.
For more information on our data deletion and retention practice from the section on "Data Deletion and Retention"
Restrict Processing: You have the right to restrict how we process your personal data in certain circumstances. This is an alternative to requesting the deletion of your data. Rather than requesting we delete all of your personal data, you may request that we limit our uses of your personal data to specific purposes. You may wish to request we restrict our processing if you contest the accuracy of your personal data and we are working to verify this information, or if you want us to retain your personal data in connection to a legal claim but cease processing it.
Withdrawal of Consent: If we are processing your personal data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such use or disclosure is necessary to enable you to utilize some or all of our Services.
Data Portability: You have the right to obtain copies of your information in a structured, commonly used format so that you can move your data between our service and the services of others. We may request more information to confirm your identity before providing any personal data.
Right to Object: You have the right to object to the processing of your personal data for direct marketing purposes or when our processing of your data is based on legitimate interests. You may request that we stop processing your personal data for direct marketing purposes. This is an absolute right and we cannot refuse this request. Beyond direct marketing, if you wish to exercise this right, you must give specific reasons as to why you object to our processing of your data, based on your particular situation. Even after receiving such a request, we may continue processing if it is necessary for the exercise/defense of a legal claim or if we can demonstrate a compelling legitimate ground for the processing.
Right to File Complaint: You have the right to lodge a complaint about Progeny practices with respect to your Personal Data with the supervisory authority of your country or EU Member State. A list of Supervisory Authorities is available here:
Lawful Bases for Processing Personal Data
If you are an individual in the European Union (EU) or an EU citizen, we collect and process data about you only where we have legal bases for doing so under applicable EU laws. This means we collect and process your data only when:
It is necessary for a legitimate interest (which is not overridden by your individual privacy interests), such as preventing fraud, improving the Services, and increasing the security of the Services and network infrastructure;
You have consented to this collection and processing for a specific purpose;
It is necessary to fulfill our contractual obligations; or
It is necessary to comply with a legal obligation.
Some examples of our legitimate interests and the data being processed include:
Network and information security (password, IP address, Device ID)
Customer Support, and fraud prevention (name, email address)
Improving our products and services (device hardware information, activity logs)
Where we rely on your consent to process your personal data, you have the right to withdraw or decline consent at any time. If you wish to withdraw your consent, please contact us using the information in the Contact for Individual Rights Requests section.
Where we rely on our legitimate interests to process your personal data, you have the right to object. More information on exercising this right can be found in the EU Data Subject Rights section.
If you have any questions about or need further information concerning the legal basis on which we collect and use your personal data, please contact us at email@example.com
Contact for Individual Rights Requests
Please email us below when submitting a request to exercise any of the above rights. Please do not submit requests across multiple communication channels. We will make all efforts to respond to your request within a reasonable timeframe.
Please add the following subject to all correspondence: GDPR
International / Cross Border Data Transfers
If we make material changes in the way we use Personal Data or Children's Personal Data, we will notify you by posting an announcement on our Services, or by email and, if necessary, obtain prior verifiable parental consent.
Schools signed up for a program plan or other services will be notified in advance of any material changes to privacy policies, including practices around new or additional data collection, or new ways of using the data that may lessen your privacy and rights.
QUESTIONS OR CONCERNS
If you have any questions or concerns regarding privacy on our Services, please send us a detailed email at firstname.lastname@example.org. We will make every effort to resolve your concerns.
Progeny Virtual Classroom