CPM EDUCATIONAL PROGRAM
Last Revised: March 15, 2019
1. IMPORTANT INFORMATION
For purposes of the European Union’s (“EU”) General Data Protection Regulation 2016/679 (“GDPR”), CPM is the data controller and responsible for the Services. In some instances CPM may act as a data processor on behalf of another controller, for example, when CPM’s Services are used by another entity and when another entity determines the data that will be provided to CPM. We have appointed a data privacy manager who is responsible for overseeing questions in relation to this Policy and the GDPR. If you have any questions about this Policy, including any requests to exercise your legal rights, please contact CPM’s data privacy manager at:
CPM Educational Program
ATTN: Data Privacy Manager:
Email Address: email@example.com
Postal/Mailing Address: 9498 Little Rapids Way, Elk Grove, CA 95758
Individuals located in the EU have the right to make a complaint at any time to their EU Country supervisory authority for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority.
d. Third Party Links and Tracking
The Services may include links (and advertisements) to third-party websites, plug-ins, and applications which may include some content or advertisements on our Services that are served by third parties. Clicking on those links or enabling those connections may allow third parties to collect and/or share data about you. CPM does not control these third party websites, plug-ins, or applications, and is not responsible for the third party privacy statements/notices.
If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly. When you leave our Services (including the Website), we encourage you to read the privacy notice of every website you visit and application you download or use.
2. PERSONAL INFORMATION WE COLLECT
“Personal Data” (or personal information) means any information about an individual from which that person can be identified. It does not include data where the person’s identity has been removed.
As described above, we may collect several types of Personal Data from and about users of our Services, including the following categories of data:
- Identity Data: first name and last name
- Contact Data: email address (personal, student, or employer e-mail address), mailing address, phone number.
- Technical Data: internet protocol (IP) addresses, automatically collected usage data, your login data, your internet connection, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and information about the equipment (computer or mobile device) you use to access our Services.
- Transaction Data: details about transactions with you and other details of Services you have purchased from us, but does not include payment or financial data.
- Profile Data: details specific to the user’s profile, such as, employer (or school or school district), job title, grade level, teacher, and class.
- Communications Data: your preferences in receiving marketing communications from us and any third parties, and your communication preferences.
We also use a third party payment processor, Paya Exchange, to handle all payment processing transaction data, and we, therefore, do not have access to any payment or financial data, such as details about billing contact information or debit/credit card information.
When you visit our Website (whether by registering or anonymously), we automatically collect Technical Data regarding your visit to our Website such as your Internet Protocol (IP) address and other information collected through cookies. We do not use automated technologies to collect information about your online activities over time or across third-party websites or other online services (behavioral tracking). We do not maintain or associate the Technical Data we collect with your Personal Data. The Technical Data is statistical in nature and helps us to improve our Services and to deliver a better and more personalized service, including by enabling us to:
- Estimate our audience size and usage patterns.
- Store information about your preferences, allowing us to customize our Services according to your individual interests.
- Speed up your searches.
- Recognize you when you return to our Services.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, or genetic and biometric data). Nor do we collect any information about criminal convictions or offenses.
3. HOW YOUR PERSONAL DATA IS COLLECTED
We use different methods to collect this information from you and about you including:
- Direct interactions. You may give us your Personal Data by filling in forms or by corresponding with us by mail, phone, email or otherwise. This includes Personal Data you provide when you:
- Register and use our Services
- Create an account on our Website or Services;
- Subscribe to our Services;
- Request marketing communications be sent to you; or
- Give us some feedback or report a problem with our Services.
- Automated technologies or interactions. As you interact with our Services, we may automatically collect Technical Data about your equipment, browsing actions and patterns as you navigate through the Services.
- Third parties or publicly available sources. We may receive Personal Data about you from business contractors, various third parties and public sources as set out below:
- Identity Data, Contact Data, and Profile Data from your employer, school, or school district (which may be based inside or outside the EU).
- Technical Data from the following parties:
- Analytics providers (such as, Google, based outside the EU);
- Contact Data and Transaction Data from providers of payment services, such as Paya Exchange based inside or outside the EU submitted by you detailing the transactions you carry out through our Services and for the fulfillment of your orders.
The Services do not have the functionality for users to submit contributions directly (e.g., a forum), but you may provide information to be published or displayed (hereinafter, “posted”) on public areas of the Services, or transmitted to other users of the Services or third parties, including any form of social media (such as, Twitter or Facebook) (collectively, “User Contributions”). User Contributions will be posted on and transmitted to others at your own risk. Please be aware that no security measures are perfect or impenetrable. Additionally, we cannot control the actions of other users of the Services with whom you may choose to share your User Contributions. Therefore, we cannot and do not guarantee that your User Contributions will not be viewed by unauthorized persons.
We use this Technical Data to understand and save your preferences for future visits and compile Aggregated Data about website traffic and website interaction so that we can offer better website experiences and tools in the future. We may contract with third-party service providers to assist us in better understanding our website visitors. These service providers are not permitted to use the information collected on our behalf except to help us conduct and improve our business.
4. HOW WE USE YOUR PERSONAL DATA
As permitted by law, we use information that we collect about you or that you provide to us, including your Personal Data:
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with legal or regulatory obligations.
We generally do not rely on consent as the legal basis for processing your Personal Data other than in relation to sending direct marketing communications to you via email about our own goods and services that may be of interest to you. You have the right to withdraw consent to such marketing by emailing the address provided in the Contact Information section below.
We strive to provide you with choices regarding certain uses of your Personal Data, particularly around marketing and advertising:
- Promotional Offers from CPM. We may use your Identity Data, Contact Data, Technical Data, and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services, and offers may be relevant for you. You will receive marketing communications from CPM if you have requested information from us or purchased Services from us, and in each case, if you have not opted out of receiving marketing communications.
- Third-Party Marketing. We will get your express opt-in consent before we share your Personal Data with any company outside of CPM for marketing purposes.
- Opting Out. You can request that we or third parties to stop sending you marketing messages at any time by contacting us at the email address provided in the Contact Information section below.
- Change of Purpose. We will only use your Personal Data for the purposes for which we collected it, unless we reasonably determine that we need to use it for another reason compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at the email address provided in the Contact Information section below.
If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your Personal Data without your knowledge or consent, in compliance with the above rules, and where such processing is required or permitted by law.
5. HOW WE PROTECT YOUR PERSONAL DATA
We implement a variety of security measures and provide training to responsible individuals to maintain the safety of your personal information when you enter, submit, or access your personal information and to secure your personal information from accidental loss and from unauthorized access, use, alteration and disclosure. We also limit access to Personal Data to those employees, agents, contractors, and other third parties who have a business need to know. These individuals will only process your Personal Data on our instructions and they are subject to a duty of confidentiality. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted via the Internet to or through our Services. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Services. CPM servers are physically located within the continental United States.
6. DISCLOSURE OF YOUR PERSONAL DATA
We do not sell, trade, or otherwise transfer to outside parties your Personal Data except that we may disclose your Personal Data under the following limited circumstances:
- To trusted third parties, described below, who assist us in operating our Services and supporting our business, so long as those parties agree to keep this information confidential and use such information only for the purpose of providing the contracted-for services, including:
- Professional Development/Workshop Online Scheduling Software Services
- Accounting and Administrative Software
- Printer and Publishing Companies
- To comply with any law, court order or legal process, including responding to any government or regulatory request.
- To enforce our policies, or protect our or other's rights, property, or safety.
- To third parties to market their products or services to you if you have consented to, or not opted out of, these communications.
- To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of CPM’s assets, when such personal information held by CPM about our users is among the assets transferred.
For the avoidance of doubt, CPM will not provide to any third party any personally identifiable information in a Pupil Record (defined below) to engage in targeted marketing.
7. YOUR LEGAL RIGHTS
a. Choices About How We Use and Disclose Your Information
We strive to provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following control over your information:
- Promotional Offers from CPM. If you do not wish to have your Contact Data used by CPM to promote our own or third parties’ products or services, you can opt-out by sending us an e-mail stating your request to the e-mail address provided below in the Contact Information section. If we have sent you a promotional e-mail, you may send us a return e-mail asking to be omitted from future e-mail distributions. This opt out does not apply to communications with CPM as a result of a purchase, product service experience or other transactions.
- We do not control third parties’ collection or use of your information to serve interest-based advertising. However these third parties may provide you with ways to choose not to have your information collected or used in this way. You can opt out of receiving targeted ads from members of the Network Advertising Initiative (“NAI”) on the NAI website.
b. Your Rights Under California Law
California Civil Code Section §1798.83 permits users of our Services that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please e-mail us at the address listed in the Contact Information section below.
Accessing And Correcting Your Information Under California Business and Professions Code §22575 et seq. At any time, you may review your personally identifiable information maintained by CPM, require the correction or deletion of your personal information and/or refuse to permit us from the further collection or use of your information. Please submit an e-mail to the address below in the “Contact Information” section. To protect your privacy and security, we may require you to take certain steps or provide additional information to verify your identity before we provide any information or make any corrections.
Student (or Pupil) Records Pursuant to California Education Code §49073.1 (AB 1584)
- Control of Pupil Records. Student (or pupil) records obtained by CPM from a “local education agency” (as defined in Cal. Education Code §49073.1, and referred to as “agency” in this section regarding AB 1584) are, and will continue to be, property of and under the control of the agency. Such “Pupil Records” include any information directly related to a pupil that is maintained by the agency or acquired directly from the pupil through the use of instructional software or applications assigned to the pupil by a teacher or other agency employees. Pupil Records do not include de-identified information (i.e., information that cannot be used to identify an individual student) collected or used by CPM: (1) to improve educational products for adaptive learning purposes and for customized pupil learning; (2) to demonstrate the effectiveness of CPM’s products in the marketing of those products; or (3) to develop and improve CPM’s educational websites, services, or applications.
- Control and Transfer of Pupil-Generated Pupil Records. Pupils currently cannot generate any Pupil Records through the use of CPM’s Licensed Content or Services, therefore there are no pupil-generated Pupil Records that may be retained, controlled, or transferred by pupils.
- Ability to Correct or Access Pupil Records
- How CPM Ensures Security and Confidentiality of Pupil Records. Please see the “How We Protect Your Personal Data” section above.
- Notice of Unauthorized Access or Disclosure of Pupil Records. Please see the “How We Protect Your Personal Data” section above.
- CPM’s Use of Pupil RecordsPlease see the “How We Use Your Personal Data” section above.
- Use or Disclosure of Pupil Records for Targeted Marketing. Please see the “How We Use Your Personal Data” and “Disclosure of Your Personal Data” sections above.
- Retention of Pupil Records. CPM certifies that Pupil Records shall not be retained or available to CPM upon completion of the terms of the applicable license agreement or Purchase Agreement with the agency. Such certification will be enforced through the following procedure: within one (1) week following the expiration of the class covered by the applicable license agreement or Purchase Agreement, all data related to that class, including but not limited to personal information of a pupil, shall be deleted from CPM’s servers using industry best practices.
- Compliance with the Family Educational Rights and Privacy Act (“FERPA”). A pupil’s agency will work with CPM to ensure compliance with FERPA by the following procedure: prior to the transmission of any Pupil Records, the parties will execute a license agreement or Purchase Agreement in accordance with FERPA unless the agency demonstrates that the information to be provided to CPM has been designated by the agency as “directory information” under FERPA.
c. Your Rights Under the European Union’s GDPR for residents of the EU
Under certain circumstances, you have rights under the EU’s GDPR regarding your Personal Data which are summarized below:
- Request Access to Your Personal Data You have the right to be informed of the Personal Data we hold about you, and why and how we have it.
- Request Correction of Your Personal Data. You have the right to request correction of inaccurate or incomplete Personal Data although we will need to verify the accuracy of the new data you provide to us. We may not be able to accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
- Request Erasure of Your Personal Data. You have the right to have your Personal Data erased if there is no good reason for us to continue to process it. You also have the right to ask us to delete/erase your Personal Data where you have successfully exercised your right to object to its processing (see below), where we may have processed your information unlawfully or where we are required to erase your Personal Data to comply with local law. Note, however, that we may not always be able to comply with your request of erase for specific legal reasons which will be provided to you, if applicable, when evaluating your request. By requesting that we delete your Personal Data, we may keep the statistical data, however such data will not be connected to your name or other Personal Data.
- Object to the Processing of Your Personal Data. You have the right to object to the processing of your Personal Data where we have justified the data processing on the basis of our legitimate interests and there is something about your particular situation which makes you feel the processing impacts your fundamental rights and freedoms. You also have the right to object where we are processing your Personal Data for direct marketing purposes.
- Request Restriction of Processing Your Personal Data. You have the right to restrict the processing of your Personal Data if: the accuracy of the data is being contested for as long as it takes to verify that accuracy; the processing is unlawful and you request restriction of processing (rather than erasure of the data); we no longer need the data for its original purpose but you would like us to hold the data because you need it to establish, exercise, or defend legal rights; or you have objected to our use of your Personal Data but we need to verify whether we have overriding legitimate interests to use it.
- Request Transfer of Your Personal Data. You have the right to request the transfer of your Personal Data to you or to a third party. We will provide to you, or a third party you designate, your Personal Data in a structured, commonly used, machine-readable format. This right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Right to Withdraw Consent. You have the right to withdraw your consent to the processing of your Personal Data where we were are relying on consent to process your Personal Data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case when reviewing your request to withdraw your consent.
You may exercise any of these rights by e-mailing us at the address listed in the Contact Information section below. You will not have to pay a fee to access your Personal Data or to exercise any of the other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in such circumstances. Also, the exercise of some rights will prevent our ability to provide Services to you, and if this is the case, we will explain this to when you submit your request to us.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data or to exercise any of your other rights. This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month after the request is received. Occasionally it may take us longer than a month if your request is particularly complex or you have submitted several requests. In this case, we will notify you and keep you updated.
8. DATA RETENTION
CPM will securely maintain your personal information, other than Pupil Records, for only as long as required to fulfill the purpose(s) we collected it for, or to satisfy applicable legal, accounting, and reporting requirements. Upon the expiration of such period of time requiring retention, the data will be securely de-identified or destroyed. In some circumstances you may ask us to delete your Personal Data and in some circumstances we may anonymize your Personal Data so that it can no longer be associated with you for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Financial/payment data is collected and maintained by our third party payment processor and is subject to the third party payment processor’s data retention policy.
9. USE OF SERVICES BY CHILDREN UNDER THE AGE OF 13
This section hereby notifies parents of: (1) the types of information we may collect from and about children; (2) how we use the information we collect; (3) our practices for disclosing that information; (4) our practices for notifying and obtaining parental consent when we collect personal information from children, including how parents may revoke consent; and (5) all operators that collect or maintain children’s information through this Website.
- Information We Collect From Children. Children can access many parts of our Services and its content and use many of its features without providing us with personal information. However, some Licensed Content and features are available only to registered users (which may include children) which requires us to collect certain information, including personal information, from them or their school/school district. In addition, we use certain technologies, such as cookies (described above), to automatically collect information from users (including children) when they visit or use the Services. We only collect as much information about a child as is reasonably necessary for the child to access the Licensed Content, and we do not condition a child’s participation on the disclosure of more personal information than is reasonably necessary.
- Information We Collect Directly. If a school or school district contracts with CPM to make CPM’s Licensed Content available to its students, the school or school district will provide CPM with certain Pupil Records (defined above). CPM creates usernames and passwords for the pupils and provides this information to the school or school district for distribution.
- How We Use Your Child’s Information. We may use the personal information we collect from, or about, your child to register the child for the Licensed Content for his/her grade level or class.
- Our Practices for Disclosing Children’s Information. Please see the “Disclosure of Your Personal Data” section above.
- Accessing and Correcting Your Child’s Personal Information. Please see the “Your Legal Rights” section above for more information on how to request access and corrections to your child’s Personal Data.
- Operators that Collect or Maintain Information from Children. CPM does not use any third party providers who collect or maintain any information from children.
10. INTERNATIONAL USERS
If you are located in a province, country, or other government jurisdiction outside of the United States, and if you choose to provide your personal information to CPM through our Services, please be aware that your personal information will be transferred to and maintained on computers located in the United States and the applicable US privacy laws may not be as protective as those in your jurisdiction. If you are located outside the United States and choose to provide your personal information to CPM, you are aware and hereby agree that CPM may transfer your personal information to the United States and process it there.
For users located within the European Union, whenever we transfer your personal data to countries outside of the European Economic Area (“EEA”), we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- Where we use certain service providers who will access Personal Data, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
- Where we use providers based in the US who will access Personal Data, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the EU and the US.
Please contact us if you would like further information on the specific mechanism used by us when transferring your personal data out of the EEA.
11. CPM CONTACT INFORMATION