Classe365 Children’s Privacy Policy

Who is responsible for the processing of children’s personal data through Classe365?

We are the company that operates the online platform Classe365, namely, Sprout On Web Pty. Ltd. Our registered business address is 22-28 Edgeworth David Ave, Hornsby NSW 2077, Australia.

When operating Classe 365, we may process personal data collected from children under the age of 13 (“child” and “children”). For example, when an educational organization that uses Classe365 to manage its student educational records (the “Organization”) decides to invite its students to create a student account on Classe365 (the “Student Account”) or creates records about its students, we may process children’s personal data. The processing of children’s personal data is carried out only if it necessary for the provision of our services through Classe365.

What is this Children’s Privacy Policy about?

This Children’s Privacy Policy explains our policies and procedures governing the collection, use, and disclosure of children’s personal data and the parental consent practices. This document is drafted in compliance with the applicable data protection laws, including the U.S. Children’s Online Privacy Protection Act (“COPPA”). This Children’s Privacy Policy is an integral part of Classe365 general privacy policy available at https://www.classe365.com/classe365-privacy-policy/, which explains in detail how we process all personal data through Classe365.

What children’s personal data do we process?

To ensure that the strictest data protection principles are respected, we do not require to disclose more children’s personal data than it is reasonably necessary for registering the Student Account or using Classe365:

•  When a child, child’s parent or legal guardian registers the Student Account, we collect child’s (i) full name, (ii) email address, (iii) phone number, (iv) address, and (v) birth date;

•  When a child uses Classe365, we collect child’s online identifiers, such as IP address or cookie-related data;

•  If the Organization decides to request more personal data, we will process child’s personal data as requested by the Organization;

•  If a child, child’s parent or legal guardian decides to voluntarily provide more of child’s personal data, we will process that personal data.

For what purposes do we use children’s personal data?

We use children’s personal data only for the purposes for which such data is provided, namely:

•  Child’s full name, email address, address, and phone number will be used to create and maintain the Student Account and to provide our services through Classe 365;

•  Child’s birth date will be used to verify child’s age and to maintain the Student Account;

•  Online identifiers (IP address and cookie data) will be used to analyze Classe365;

•  The personal data requested by the Organization will be used to provide our services to the Organization;

•  The personal data provided voluntarily will be used for the purposes for which it is originally provided or as requested by the Organization.

How do we protect children’s personal data?

We put reasonable efforts to maintain the security of children’s personal data and to prevent misuse, loss, unauthorized access, and modification of such data. We employ information security measures to protect all types of personal information collected and processed through Classe 365. Such information security tools include, but are not limited to:

•  Secured networks;

•  Encryption;

•  Strong passwords;

•  Limited access to personal data by our staff; and

•  Anonymisation of personal data (where possible).

Do we disclose children’s personal data?

We share children’s personal data only if it is necessary to ensure the proper operation of Classe365. For example, children’s personal data may be accessed by authorized third parties that perform services on behalf of us (our data processors), such as our:

•   Hosting service provider Amazon Web Services (https://aws.amazon.com);

•   Business analytics service providers Google Analytics (https://analytics.google.com) and Semrush (https://www.semrush.com);

•   Email service providers MailChimp (https://mailchimp.com), Active Campaign (https://www.activecampaign.com), and Intercom (https://www.intercom.com); and

•   Software developing partner Atlassian (https://www.atlassian.com).

If we decide to disclose children’s personal data to third parties that are not necessary for the functioning of Classe365, we will seek a separate consent from respective child’s parents of legal guardians, subject to a possibility to refuse such consent.

We make sure that our data processors maintain the confidentiality and security of children’s personal data and provide an adequate level of protection of personal data that is consistent with our privacy policies.

We do not sell children’s personal data to third parties and we do not intend to so in the future. We do not make children’s personal data pubic.

If necessary, we may respond to lawful requests from public authorities to disclose information about the users of Classe365 to the extent necessary for pursuing a public interest objective, such as national security or law enforcement.

How to review, correct, and delete children’s personal data?

If you are a parent or a legal guardian of a child and you would like to access, modify, delete, or refuse further collection of your child’s personal data that is processed through Classe365, you can review, correct and delete your child’s personal data by:

•  Accessing the Student Account. Some child’s personal data available through the Student Account. The possibility to create and maintain the Student Account is provided by the Organization. Please note that the availability of the personal data is also defined by the Organization. You can consult the Organization to see what information is available to you.

•  Contacting the Organization. You can contact the respective Organization directly and request it to provide you with access to your child’s personal data.

•  Contacting us. In the last instance, you can contact us at clientservice@classe365.com. If we have the right and capacity, we will process your request in accordance with the applicable laws. However, please note that, in some instances (e.g., if we act as a data processor and the GDPR is applicable), we may not be able to directly process your request. If it happens, we will need to contact the respective Organization that acts as a data controller under the GDPR and forward your request to it. The Organization will be responsible for processing your request.

How long do we keep children’s personal data?

Children’s personal data will be kept by us for as long as is necessary for its intended purposes. For instance, if such personal data is collected to register the Student Account, it will be kept until the Student Account is deactivated. When children’s personal data is no longer necessary for its purpose, we will immediately delete such personal data.

Who will consent to the processing of children’s personal data?

Before collecting or processing children’s personal data, we will seek parents’ or legal guardians’ verifiable consent. To ensure that the consent is informed, we will send a direct notice that is available for consultation at https://www.classe365.com/direct-notice-to-parents/

If a child has provided us with personal data without obtaining parental consent in advance, the parent may contact us by email at clientservice@classe365.com and request us to destroy or de-identify that personal data.

What about links?

Classe365 may contain links to third-party websites and services. We are not responsible in any manner for the privacy practices of those websites and services. Please review carefully the applicable privacy policies before visiting the third-party websites and services.

How to contact us?

If you have any questions or concerns about this Privacy Policy, please contact us by email at clientservice@classe365.com or please write to the following address:

Classe365

22-28 Edgeworth David Ave

Hornsby NSW 2077

Australia

In any of your correspondence to us, please include sufficient contact details that would enable us to identify and contact you or your child.

To ensure that children’s privacy and security are properly protected, we will take reasonable steps to verify parent’s or legal guardian’s identity before granting access to his/her child’s personal data.

***