1. GENERAL INFORMATION
1.1. Applicability of the Privacy Policy. This Privacy Policy governs the processing of personal data collected from individual users and entities (the “user”, “you” and “your”) through the software-as-a-service platform Classe365 available at https://www.classe365.com, the related mobile applications, and services (collectively, “Classe365”). This Privacy Policy does not apply to any third-party applications or software that integrate with Classe365 or any other third-party products, services or businesses.
1.2. About Classe365. Classe365 is student administration and learning management software that assists schools and other educational institutions (the “Organizations”) in administering their records and arranging learning activities.
1.3. Definitions. In this Privacy Policy, you will encounter recurrent terms. For your convenience, we would like to explain what such terms mean:
• “Consent” means a freely given, specific, informed and unambiguous agreement to the processing of personal data;
• “Data controller” means the entity that determines the purposes and means of the processing of personal data;
• “Data processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller;
• “GDPR” means the EU General Data Protection Regulation (Regulation (EU) 216/679);
• “Personal data” means any information relating to a natural person who can be identified, directly or indirectly, by using such information (e.g., name, address, email, phone number, and IP address); and
• “Processing” means the use of personal data in any manner, including, but not limited to, collection, storage, erasure, transfer, and disclosure of personal data.
1.3. Responsible entity (data controller). The entity that is responsible for the processing of your personal data through Classe365 is Sprout On Web Pty. Ltd. having a registered place of business at 22-28 Edgeworth David Ave, Hornsby NSW 2077, Australia, and a business registration number (ABN) 72 138 602 418 (“we”, “us”, and “our”).
1.4. Our role as a data controller and a data processor under the GDPR. When handling personal data, we act as a data controller and a data processor in terms of the GDPR. Our role depends on the specific situation involving personal data as explained in detail below:
• We act in a capacity of a data controller when we ask you to submit your personal data that is necessary to ensure your access and use of Classe365 (e.g., when you register your user account, browse Classe365, or communicate with us). In such instances, we are a data controller because we make decisions about the types of personal data that should be collected from you and the purposes for which such personal data should be used. Therefore, we comply with data controller’s obligations set forth in the GDPR.
• We act in a capacity of a data processor in situations when you upload digital files, create, update, or manage records, send messages, or submit any other content to Classe365 (collectively, the “Records”) and those Records contain personal data (e.g., students’, teachers’, alumni’s, or parents’ personal data). We do not own, control, or make decisions about the personal data included in the Records and such personal data is processed only in accordance with respective Organization’s instructions. In such situations, the Organization uploading the Records acts as a data controller in terms of the GDPR and it is responsible for deciding what personal data should be collected from and how such data should be processed. In the situations when we act in capacity of a data processor, we comply with data processors’ obligations set forth in the GDPR. In order to ensure that personal data is processed in accordance with the strictest data protection standards, we request the Organizations to conclude a data processing agreement which is incorporated by reference into our terms of use and available for a consultation at https://www.classe365.com/classe365-personal-data-processing-agreement-dpa/.
1.5. Cookies. We use cookies on Classe365. For more information on the types and purposes of the cookies used by us, please refer to our cookie policy available at https://www.classe365.com/cookie-policy/.
1.6. Applicable laws. We process personal data in accordance with applicable data protection laws, including, but not limited to, the Australian Privacy and Personal Information Protection Act 1998, the EU General Data Protection Regulation (GDPR), the US Children’s Online Privacy Protection Act of 1998 (COPPA), and the Family Educational Rights and Privacy Act (FERPA).
1.7. Your consent to the Privacy Policy. Your use of Classe365 is subject to this Privacy Policy. We encourage you to review the Privacy Policy before submitting any personal data through Classe365. In some cases, we may seek to obtain your consent for the processing of your personal data. For example, we may seek your prior consent for the following purposes:
• If we are required by law to do so;
• If we intend to collect other types of personal data that are not mentioned in this Privacy Policy;
• If we intend to use your personal data for the purposes that are not indicated in this Privacy Policy;
• If we would like to disclose or transfer your personal data to third parties that are not indicated in this Privacy Policy; or
• If we significantly amend this Privacy Policy.
2. THE TYPES AND PURPOSES OF PERSONAL DATA
2.1. Types of personal data. We comply with data minimization principles and collect only a minimal amount of personal data that is necessary to ensure your proper use of Classe365. The types of personal data that we collect and process are listed in the table below.
2.2. Purposes of personal data. We respect strictest data protection principles. Thus, we process your personal data only for specified and legitimate purposes explicitly mentioned in this Privacy Policy. In short, we will use your personal data only for the purposes of enabling you to use the full functionality of Classe365, maintaining and improving Classe365, conducting research about our business activities, administrative purposes, and replying to your enquiries. The detailed description of the purposes and legal basis for processing of your personal data is provided in the table below.
| DIRECTLY OBTAINED PERSONAL DATA | ||
| Situation/Personal data | Purpose | Legal basis |
| When the Organization signs up and creates a user account, we collect:
|
|
|
| When the Organization updates its user account, we collect:
Moreover, some personal data may be included in:
Such personal data is optional and you can decide whether to provide it. |
|
|
| When you contact us by email:
|
|
|
| When you use Classe365:
|
|
|
| When the Organization makes payments through Classe365, we collect:
|
|
|
| PROCESSED PERSONAL DATA | ||
| Situation/Personal data | Purpose | Legal basis |
| When the Organization creates, imports, or submits class’, students’, teachers’, parents’, or alumni’s data via the Records, we process any personal data that the Organization makes available in those Records. |
|
|
| When students make payments through Classe365 to the Organization, we may have access to the payment details provided by the students through the chosen payment service provider (PayPal, GoCardless, Fidelity, Stripe, SSL Commerz, and other). |
|
|
| When the Organization manages students’ Records, we process students’:
|
|
|
| When the Organization manages alumni Records, we process alumni’s:
|
|
|
| When the Organization manages teachers’ Records, we process teachers’:
|
|
|
| When the Organization manages parents’ Records, we process parents’:
|
|
|
| When the Organization invites students to create a student account, we process students’:
|
|
|
1.2. Payment processing. When the Organizations make payments through Classe365, the payments are processed by our third-party payment processors Stripe, PayPal, GoCardless, Fidelity, Stripe, SSL Commerz, and other (the “Payment Processors”). The Payment Processors are solely responsible for handling Organizations’ payments. You agree not to hold us liable for payments that do not reach us because you have quoted incorrect payment information or the Payment Processors refused the payment for any other reason. Please note that the Payment Processors may collect some personal data, which allows them to process the payments (e.g., credit card details). The Payment Processors handle all the steps in the payment process on their websites, including data collection and data processing.
1.3. Additional data. We may receive certain additional data when submitted through Classe365 if you participate in a focus group, contest, activity or event, request support, interact with our social media accounts, submit your feedback and reviews or otherwise communicate with us. Please note that the provision of such data is optional and you may choose what personal data you would like to share with us. We kindly request you to exercise your due diligence when making your personal data publicly available. We will use such personal data to reply to you, provide you with the requested services, or for pursuing our legitimate business interests (i.e., to analyze and improve our business).
1.4. Personal data obtained from third parties. When using Classe365, you can choose to permit or restrict services, functionalities, and integrations provided by third parties, including, but not limited to, payment gateways (the “Third-Party Services”). Once enabled, the providers of the Third-Party Services may share certain information with us, subject to the privacy policy of the Third-Party Services. You are strongly encouraged to check carefully the privacy settings and notices of the Third-Party Services to understand what information may be disclosed to us.
1.5. Sensitive data. We do not intentionally collect special categories of personal data (“sensitive data”), such as opinions about your religious and political beliefs, racial origins, membership of a professional or trade association, or information about sexual orientation. However, we may process students’ health-related information, if such data is submitted by the Organization as a part of the Records.
1.6. Failure to provide personal data. If you fail to provide us with the personal data when requested, we may not be able to perform the requested operation and you may not be able to use the full functionality of Classe365, receive the services provided through Classe365, or get our response.
4. NON-PERSONAL DATA
4.1. Types of non-personal data. When you use Classe365, we may automatically collect certain non-personal data about your use of Classe365 and your device for analytics purposes. Such non-personal data does not allow us to identify you in any manner. The non-personal data collected by us includes information about:
• The type of your device;
• Operating systems and browsers used by you;
• Your timezone;
• You language;
• Your browsing patterns; and
• URL addresses of websites accessed from Classe365.
4.2. Your feedback. If you contact us, we may keep records of any questions, complaints or compliments made by you and the response, if any. Where possible, we will de-identify your personal data. Please note that de-identified personal data is also considered to be non-personal data.
4.3. Purposes of non-personal data. We will use non-personal data in furtherance of our legitimate interests in operating Classe365, conducting our business activities, and developing new products and services. More specifically, we collect the non-personal data for the following purposes:
• To analyse what kind of users visit and use Classe365;
• To identify the channels through which Classe365 is accessed and used;
• To examine the relevance, popularity, and engagement rate of the content available on Classe365;
• To identify and fix errors;
• To investigate and help prevent security issues and abuse;
• To develop and provide additional features to Classe365; and
• To personalise Classe365 for your specific needs.
4.4. Aggregated data. In case your non-personal data is combined with certain elements of your personal data in a way that allows us to identify you, we will handle such aggregated data as personal data. If your personal data is aggregated or de-identified in a way that it can no longer be associated with an identified or identifiable natural person, it will not be considered personal data and we may use it for any business purpose.
5. THE RECORDS AND COMMUNICATION DATA
5.1. Information provided in the Records. The Organizations can publish and share various information via the Records created or uploaded via Classe365. Depending on their type, the Records may become visible to the users of Classe365 (e.g., to parents or students). Thus, we request the Organizations to exercise their due diligence when making available any personal data or other sensitive information in their Records. The Organizations are not allowed to submit the Records that contain personal data obtained in an illegitimate manner (e.g., without the consent of persons whose personal data is featured in the Records).
5.2. Communication data. We provide the Organizations with a possibility to communicate with parents, students, and teachers via SMS, email, notice boards, and events. We put reasonable efforts to ensure that the communication data transmitted through Classe365 remains confidential and properly protected. Moreover, we do not intentionally and directly access, manage, correct, delete, share, or disclose communication data, unless it is strictly necessary for provision of Classe365 or we are requested by law enforcement agencies to do so. The users are solely responsible for any communication carried through Classe365 and the content of such communication.
6. MARKETING COMMUNICATION
6.1. Marketing messages. After an Organization signs up to receive our newsletter, we will, from time to time, send it marketing messages, such as newsletters, brochures, promotions and advertisements, informing the Organization about our new services or new features of Classe365. We do not send direct marketing messages to teachers, parents, or students whose contact details are submitted by the Organization through Classe365, unless students, parents, and teachers provide their express (“opt-in”) consent to receive such marketing messages.
6.2. Opting-out. You can opt-out from receiving marketing messages at any time free of charge by clicking on the “unsubscribe” link contained in any of the messages sent to you or by contacting us directly.
6.3. Informational notices. From time to time, we may send you informational notices, such as service-related, technical or administrative emails, information about Classe365, your privacy and security, and other important matters. Please note that we will send such notices on an “if-needed” basis and they do not fall within the scope of direct marketing communication that requires your prior consent.
7. RETENTION PERIOD
7.1. Retention of personal data. We will store personal data in our systems only: (i) as long as such personal data is required for the purposes described in this Privacy Policy, (ii) if we are obliged by law to store such data for certain period of time, or (iii) until a user requests us to delete personal data – whichever comes first. After the personal data is no longer necessary for its purposes and there is no other legal basis for storing it, we will immediately delete such personal data from our systems.
7.2. Retention of non-personal data. We may retain non-personal data pertaining to the users for as long as necessary for the purposes described in this Privacy Policy. This may include keeping non-personal data for the period that is necessary to pursue our legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements.
7.3. Retention as required by law. Please note that, in some cases, we may be obliged by law to store personal data for a certain period of time (e.g., we have to keep our accountancy records for the time period prescribed by law). In such cases, we will store personal data for the time period stipulated by the applicable law and delete the personal data as soon as the required retention period expires.
8. SHARING AND DISCLOSING DATA
8.1. Do we share your personal data? If necessary, we may disclose your personal data to the service providers with whom we cooperate and other third parties (our data processors). For example, we may share your personal and non-personal data with entities that provide certain technical support services to us, such as web analytics, data processing, advertising, and email distribution services, or if you explicitly request us to disclose the personal data.
8.2. When do we share your personal data? The disclosure of your personal data is limited to the situations when such data is required for the following purposes:
• Ensuring the operation of Classe365;
• Ensuring the delivery of the services requested by you;
• Providing you with local implementation assistance through our implementation partners;
• Providing you with the requested information;
• Pursuing our legitimate business interests;
• Enforcing our rights, preventing fraud, and security purposes;
• Carrying out our contractual obligations;
• Law enforcement purposes; or
• If you provide your prior consent to such a disclosure.
8.3. List of data processors. We will share your personal data only with the third parties that agree to ensure an adequate level of protection of personal data that is consistent with this Privacy Policy and the applicable data protection laws. The third parties (data processors) that may have access to your personal data are listed below.
| Service | Name | Location | More information |
| Hosting and cloud storage service provider | Amazon Web Services | United States | |
| Business analytics service provider | Google Analytics | United States | https://analytics.google.com |
| Semrush | United States | https://www.semrush.com | |
| Email service providers | Mailchimp | United States | https://mailchimp.com |
| ActiveCampaign | United States | https://www.activecampaign.com | |
| Intercom | United States | https://www.intercom.com | |
| Marketing service providers | Active Campaign | United States | https://www.activecampaign.com |
| PromoRepublic | United States | https://promorepublic.com/en/ | |
| GoogleAds | United States | https://ads.google.com | |
| AdRoll | United States | ||
| BingAds | United States | https://bingads.microsoft.com | |
| Software developing partner | Atlassian | Australia | https://www.atlassian.com |
| Payment processing partners | Stripe | United States | https://stripe.com |
| PayPal | United States | https://www.paypal.com | |
| Fidelity Payment | United Kingdom | https://fidelitypayment.co.uk | |
| GoCardless | United Kingdom | https://gocardless.com | |
| SSL Commerz | Bangladesh | https://www.sslcommerz.com | |
| Implementation, resale, customer support, and technical support partners that are updated from time to time | |||
8.4. Sharing of non-personal data. We may disclose non-personal data and de-identified data for any purpose. For example, we may share it with prospects or partners for business or research purposes, for improving Classe365, responding to lawful requests from public authorities or developing new products and services.
8.5. Legal requests. If necessary, we will to disclose information about the users of Classe365, if requested by a public authority, to the extent necessary for pursuing a public interest objective, such as national security or law enforcement.
8.6. Successors. In case our business is sold partly or fully, we will provide your personal data to a purchaser or successor entity and request the successor to handle your personal data in line with this Privacy Policy.
9. TRANSFER OF PERSONAL DATA OUTSIDE THE EEA
9.1. We and our data processors listed in Section 8 of this Privacy Policy are located outside the European Economic Area (EEA) and, if you reside in the EEA, we may need to transfer your personal data to jurisdictions outside the EEA. In case it is necessary to make such a transfer, we will make sure that the jurisdiction in which the recipient third party is located guarantees an adequate level of protection for your personal data (e.g., the country in which the recipient is located is white-listed by the European Commission or the recipient is a Privacy-Shield certified entity) or we conclude an agreement with the respective third party that ensures such protection (e.g., a data processing agreement based on the Standard Contractual Clauses provided by the European Commission).
10. SECURITY
10.1. Our security measures. We put our best efforts to keep your personal data safe and secure. We implement Organizational and technical information security measures to protect your personal data from loss, misuse, unauthorised access, and disclosure. The security measures taken by us include secured networks (we use SSL encryption), strong passwords, DDOS mitigation, limited access to your personal data by our staff, and anonymisation of personal data (when possible). For more information on the security measures implemented by us, please refer to http://docs.classe365.com/en/articles/457792-classe365-cloud-security-compliance. In order to ensure the security of your personal data, we kindly ask you to use Classe365 through a secure network only.
10.2. Handling security breaches. Although we put our best efforts to protect your personal data, given the nature of communications and information processing technology and the Internet, we cannot be liable for any unlawful destruction, loss, use, copying, modification, leakage, and falsification of your personal data caused by circumstances that are beyond our reasonable control. In case a personal data breach occurs, we will immediately take reasonable measures to mitigate the breach, as required by the applicable law. Our liability for any security breach will be limited to the highest extent permitted by the applicable law.
11. CHILDREN’S PRIVACY
11.1. We do not target persons under the age of 18. However, in some instances, we may collect and process personal data of minors, including persons under the age of 13. For example, we may collect and process children’s personal data when the Organization invites its students who are below the age of 13 (the “Children”) to create a student account on Classe365 (the “Student Account”) and asks them to submit their name, email address, phone number, and other information. Before registering the Student Account, we will ask students to verify their age. If student’s age is below 13, we will ask student’s parents or legal guardians to provide verifiable consent. The collection and processing of Children’s personal data will be carried out in accordance with the applicable data protection laws, including the the U.S. Children’s Online Privacy Protection Act (“COPPA”).
11.2. To ensure that Children’s personal data is processed in a lawful manner, we will ask Children’s parents or legal guardians to provide verifiable, informed, and explicit consent to the processing of Children’s personal data through the Student Account before processing such data. The direct notice to parents (the “Notice”) is available for consultation at https://www.classe365.com/direct-notice-to-parents/. If you believe that, as a parent or legal guardian, you have not received the Notice, please contact us immediately at clientservice@classe365.com.
11.3. Children’s online privacy policy is available for consultation at https://www.classe365.com/classe365-childrens-privacy-policy. Children’ online privacy policy explains in a clear manner how we handle Children’s personal data and it will provided for a review to the Children before registering the Student Account.
11.4. In compliance with the COPPA, we will not collect or process more of Children’s personal data than is reasonably necessary for the registration and maintenance of the Student Account. However, please keep in mind that, in most cases, the Organization is responsible for the collection of Children’s personal data through Classe365 and we act as a data processor with regard to such personal data.
11.5. We will not access, disseminate, or use in any other manner Children’s personal data. We will use such data only for the purposes of ensuring Children’s access to Classe365, providing our services to the Organization, and analysing and improving Classe365. We will disclose Children’s personal data to third parties only if it is required to ensure the operation of Classe365.
11.6. The Organizations may also submit us Children’s personal data contained in the Records. The Organizations are solely responsible for ensuring that such personal data was obtained in a legitimate manner. If submitted, we will process Children’s personal data only in accordance with Organization’s instructions.
11.7. To protect Children’s privacy, we encourage parents and legal guardians to monitor their Children’s Internet usage and instruct their children not to submit any personal data through Classe365.
12. YOUR RIGHTS REGARDING PERSONAL DATA
12.1. What rights do you have? Individuals located in certain countries, including the EU, have certain statutory rights in relation to their personal data. You may ask us to:
• Get a copy of your personal data that we store;
• Get a list of purposes for which your personal data is processed;
• Rectify inaccurate personal data;
• Move your personal data to another processor;
• Delete your personal data from our systems;
• Object and restrict processing of your personal data;
• Withdraw your consent; or
• Process your complaint regarding your personal data.
12.2. How to exercise your rights? If you would like to exercise your rights, please contact us by email at clientservice@classe365.com and explain in detail your request. In order verify the legitimacy of your request, we may ask you to provide us with an identifying piece of information, so that we would be able to locate you in our system. We will answer your request within a reasonable timeframe but no later than 2 weeks. Your requests can be submitted free of charge once per calendar year. If you submit your requests more than once per year, we reserve the right to charge a small administrative fee for providing the requested information.
12.3. Requests received from students, parents, alumni, and teachers. We act in the capacity of a data processor with regard to students’, parents’, alumni’s, and teachers’ personal data submitted by the Organizations via the Records. Therefore, we do not accommodate their requests related to access, rectification, and deletion of personal data and other rights the students, parents, alumni, or teachers may have. The persons that would like to exercise their rights with regard to the personal data processed by us through Classe365 are requested to contact the respective data controller (i.e., the Organization that uses Classe365 to collect personal data). In case we receive such requests directly from such persons, we will not take action and inform the respective Organization without undue delay so that the Organization could act accordingly.
12.4. How to launch a complaint? If you would like to launch a complaint about the way in which we handle your personal data, we kindly ask you to contact us first and express your concerns. After you contact us, we will investigate your complaint and provide you with our response as soon as possible (no later than 2 weeks). If you are not satisfied with the outcome of your complaint, you have the right to lodge a complaint with your local data protection authority.
13. THIRD-PARTY LINKS
13.1. Classe365 contains links to websites and services that are owned, operated and controlled by third-party service providers. Please be aware that we are not responsible for the privacy and security practices employed by such third parties. We encourage you to be aware when you leave Classe365 and read carefully the privacy statements of each and every website or service that you access.
13.2. We advise you to carefully scan every link before clicking on it to ensure the link is not infected and free of any kind of virus or malware that can damage your operating system or device. Even if you did scan the links you should take extra safety and security precautions before accessing those links and carefully assess the security of the website or service that you intend to use.
14. TERM, TERMINATION AND AMENDMENTS
14.1. Term and termination. This Privacy Policy enters into force on the effective date indicated at the top of the Privacy Policy and remains valid until terminated or updated by us.
14.2. Amendments. We may change this Privacy Policy from time to time to address the changes in laws, regulations, and industry standards. The amended version of the Privacy Policy will be posted on this page with a new effective date and, if we have your email address, we will send you a notice about all the changes implemented by us. We encourage you to review our Privacy Policy to stay informed.
14.3. Consent to amendments. For significant material changes in the Privacy Policy or, where required by the applicable law, we may seek your consent. If you disagree with the changes to the Privacy Policy, you should cease using Classe365.
15. CONTACT
15.1. Please feel free to contact us if you have any questions about the Privacy Policy, our privacy and security practices, or would like to exercise your rights listed in Section 12 of the Privacy Policy. You may contact us by using the following contact details:
Email: clientservice@classe365.com
Postal address: Classe365, 22-28 Edgeworth David Ave, Hornsby NSW 2077, Australia
Phone: +61 2 9472 5000
Pre-admissions & enrolment
Customer Relationship Management
Student Information System
Learning Management System
Finance & Accounting
Analytics
Alumni Module
White Label module
E-Commerce Module
Fee & donation module
Apps & Integrations
