Last updated: February 2023.
- “Personal Data” means:
- Any information that may be used, either alone or in combination with other information, to personally identify an individual, including, but not limited to, a first and last name, a personal profile, an email address, a home or other physical address, or other contact information as well as health data which may be considered as “Sensitive Data”, “Special Categories of Personal Data”, “Protected Health Information” and/or “Electronic PHI” (“ePHI”) (as such terms are defined in the Applicable Data Protection Laws). (Sensitive Data, Special Categories of Data, PHI and ePHI, collectively “Sensitive Data”).
- As it refers to California’s consumers or individuals where their data is collected in the state of California, Information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or California household such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers; and /or that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, their name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information; all as defined by the California Consumer Privacy Act of 2018 (“CCPA”).
- “Personal Data” means:
- TYPES OF PERSONAL DATA. We receive, collect, process, use and store the following types of Personal Data: names, addresses or geographic data, email addresses, telephone and fax numbers, log-on credentials, birth date or age, student ID, school district, name of educators/clinicians/interventionists/supervisors, type of treatment, administrative and clinical information regarding treatment plan, clinical and educational measurements and notes, audio recordings, video recordings, IP addresses, cookies (including cookie ID), statistical data, school ID number, health plan beneficiary number, certification/license numbers, web URLs , biometric identifiers of voice prints, full face photographic images and any comparable images.
- CATEGORIES OF DATA SUBJECT. We receive, collect, process, use and store Personal Data regarding the following categories of Data Subjects: customers, prospects, students, student caregivers, educators, clinicians, interventionists, supervisors, staff members of schools/school districts, cooperation of school districts/education service centers/federal, state or local education agencies/HMOs, and other users of the Site and the Platform.
- LEGAL BASIS AND CONSENT.
- Processing Sensitive Data requires specific prior written consent from the individual or its parents and/or guardians. A Data Subject providing directly to us such Sensitive Data is required to sign a specific consent form. Regarding Sensitive Data that we receive by authorized third parties (e.g. Entities and/or Professionals), we are relying on them that they have been granted Data Subject’s prior written consent to collect, create, receive, maintain, process, store, transfer and disclose to us and for our use in connection with the Services.
- If you have a reasonable basis to assume or you know that any of the above mentioned is not met, you are required to inform us, without due delay, by e-mailing us at firstname.lastname@example.org.
- HOW WE RECEIVE OR COLLECT PERSONAL DATA.
- From authorized third parties. We provide the Platform to Entities and/or Professionals who are responsible for uploading Personal Data to the Platform and/or transfer Personal Data to us to upload to the Platform. Furthermore, Entities and/or Professionals may add to the Platform assessments records, feedback and notes that may involve Personal Data.
- When you access the Platform. In order to access the Platform, you will be required to create an account. The account may be created directly by you, by us or by an authorized third party (e.g. Entity). Providing Personal Data such as your name (or the name of your guardian), year of birth, country, language, email address and a password, is required for opening the account.
- When you use the Platform. When you use certain features of the Platform that analyze, collect and store Personal Data (such as using our self-training module, session scheduling module and video-audio sessions), we may collect and analyze Personal Data (such as your training, speech patterns recordings, video recordings, clinical notes attendance in sessions, usage and performances).
- When you use the Services. We may make use of log files when you use the Services. The information inside the log files includes internet protocol (IP) addresses, type of browser, Internet Service Provider (ISP), date/time stamp, referring/exit pages, clicked pages and any other information your browser may send to us. We may use such information to analyze trends, administer the Services, track users’ movement around the Services, and gather demographic information.
- When you ask to ‘Contact Us’ and/or submit a registration form. If you send us a “Contact Us” request, or ask to register to the Platform, such as by submitting an online form or by sending an email to an email address that we display, you may be required to provide us with certain information such as your name, telephone number country, region, school, and email address.
- When you purchase. We may include the option to purchase certain products or services from us via the Site or the Platform. If you choose to make a purchase, we may require sufficient information from you to complete the transaction. Such information could include a credit card number and related account and billing information, invoice related information, and other data required to process the order.
- Cookies and other tracking technologies. Our Services may utilize “cookies”, anonymous identifiers and other tracking technologies (such as MixPanel) in order to for us to provide our Services and present you with information that is customized for you. A “cookie” is a small text file that may be used, for example, to collect information about activity on the Services. Certain cookies and other technologies may serve to recall Personal Data, such as an IP address, previously indicated by a user. Most browsers allow you to control cookies, including whether or not to accept them and how to remove them. You may set most browsers to notify you if you receive a cookie, or you may choose to block cookies with your browser. However, if you do not accept cookies, you may not be able to use some portions of our Services. Some tracking technologies are not enabled to be blocked and are necessary to perform and provide our Services.
- Data from your device. We may collect limited information from your device in order to provide the Services. Such information may include your device type, device ID, and date and time stamps of Services used. In addition, we may deploy tracking technologies within the Services to help us gather aggregate statistics, but we will not use Personal Data for such purposes.
- THE WAY WE USE PERSONAL DATA. We may use Personal Data for the following purposes:
- Access, use and analysis. Personal Data provided to us by you to obtain access to any functionality of the Platform may be used in order to provide you with access to the needed functionality and to monitor your use of such functionality (for example, to identify and authenticate your access to the parts of the Services that you are authorized to access). We may also analyze Personal Data to provide certain information to its users (for example, to provide decision support information to Professionals based on real measurable and recorded data, to provide feedback to our users and/or guardians regarding performance and progress, and to communicate with different Professionals).
- Business purposes. Personal Data may be used in order to help us improve the functionality of the Services, to better understand our users, to protect against, identify or address wrongdoings, to enforce our T&C, and to generally manage the Services and our business. We also may use Personal Data for our proper management and administration or to carry out our legal responsibilities.
- Contacting you. We will use your contact information to contact you: (a) in connection with the Services and certain programs or offerings; (b) to provide you with system notifications such as scheduling and messaging; (c) for administrative requests (e.g. to change your password); (d) in response to your request to contact you; and (e) to provide you technical support. We may contact you via any communication channel, including e-mail, in-Platform messaging, SMS, phone, cellphone, video and audio sessions, etc.
- Demonstrating compliance. We may collect your Personal Data in order for us to demonstrate compliance, performance and progress to our customers (i.e. Entities).
- Specific reasons. Personal Data provided to us for a specific reason may be used in connection with that specific reason.
- Statistics. Personal Data may be used for statistic reports containing aggregated
- Security and dispute resolution. We may use Personal Data to protect the security of our Services (including by way of example, to detect and prevent fraud, phishing, identity theft, and data leakage), to resolve disputes and to enforce our agreements.
- Transfer, share, or disclosure of Personal Data. We may share, disclose and transfer your Personal Data with our subsidiaries, affiliated companies, partners, suppliers (such as cloud provider services), our employees (such as marketing, sales, developers, technical support teams and Professionals), contractors and service providers who process Personal Data on our behalf to provide our Services and/or perform certain business-related functions (“Third Parties”).
- Direct marketing. Personal Data may be used to contact you for our marketing and advertising purposes, including without limitation to inform you about new services we believe might be of interest to you, and to develop promotional or marketing materials and provide those materials to you. If by mistake you receive direct marketing without your specific consent and/or wish to opt-out, you are required to contact us at email@example.com.
- Compliance with the law. Personal Data may be disclosed as required by law (for example, in response to a subpoena or other request from law enforcement, a court or a government agency, including in response to public authorities to meet national security or law enforcement requirements), or if we have good faith belief that such disclosure is necessary to (a) comply with any legal obligation, (b) protect or defend our rights, interests or property or that of third parties, (c) prevent or investigate possible wrongdoing in connection with the Services, (d) act in urgent circumstances to protect the personal safety of users of the Services or the public, or (e) protect against legal liability.
- Use of non-Personal Data, de-identification and anonymous information. We may de-identify or anonymize the Personal data in a way that it does not enable identification of an individual. Since Non-Personal Data cannot be used to identify you in person, we may use such data in any way
permitted by law.
- HOW WE STORE YOUR PERSONAL DATA, TRANSFER YOUR PERSONAL DATA TO THIRD PARTIES AND TO THIRD COUNTRIES.
- We aim to store Personal Data in the same region where it was collected. However, if permitted by Applicable Data Protection Laws and/or by our customers, Personal Data may be transferred to other countries. In such case and/or when Personal Data is transferred to our Third Parties, we will implement reasonable information security techniques & technical measures accepted in our industry and/or Third Parties contractual obligations to maintain their information security level adequate to our level.
- As a cloud-based Platform, We use third parties’ cloud services such as:
- The Amazon Cloud Services which comply with the GDPR and is ISO 27001, 27017,27018 certified (for AWS full statement see https://aws.amazon.com/blogs/security/all-aws-services-gdpr-ready/). As related to the Services provided in the US, we store the Personal Data including its backups at AWS US.
- Talent LMS – we use Talent Learning Management System (LMS) for our e-learning platform. For Talent LMS’s statement on how it complies with privacy and security obligations refer to https://www.talentlms.com/security or https://www.talentlms.com/privacy.
- SECURITY. We are strongly committed to protecting your Personal Data and information, and we will take reasonable technical steps, accepted in our industry, to keep your information secure and protect it against loss, misuse or modification. However, no network, server, database or internet or email transmission is ever fully secure or error-free. If you notice any security risks or violations, we advise you to report them to us at firstname.lastname@example.org
- YOUR RIGHTS IN RESPECT OF YOUR PERSONAL DATA. In accordance with Applicable Data Protection Laws and our internal policies and procedures, you have the following rights in respect of your Personal Data that we hold:
- Right of access. You have the right to obtain (i) confirmation of whether, and where, we are processing your Personal Data; (ii) information about the categories of Personal Data we are processing, the purposes for which we process your Personal Data and information as to how we determine retention periods; (iii) information about the categories of recipients with whom we may share your Personal Data; and (iv) a copy of the Personal Data we hold about you.
- Right of portability. You have the right, in certain circumstances, to receive a copy of the Personal Data in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your Personal Data to another person.
- Right to rectification. You have the right to obtain rectification of any inaccurate or incomplete Personal Data we hold about you without undue delay.
- Right to erasure. You have the right, in certain circumstances, to require us to erase your Personal Data without undue delay if the continued processing of that Personal Data is not justified.
- Right to restriction. You have the right, in certain circumstances, to require us to limit the purposes for which we process your Personal Data if the continued processing of the Personal Data in this way is not justified, such as where the accuracy of the Personal Data is contested by you.
- Right to object. You have a right to object to any processing based on our legitimate interests where there are grounds relating to your particular situation. There may be compelling reasons for continuing to process your Personal Data, and we will assess and inform you if that is the case. You can object to marketing activities for any reason.
If you wish to exercise one of these rights, please contact us at email@example.com. If your account permissions allow, you may also review and edit the Personal Data you have submitted to us by logging into your account on the Platform.
You also have the right to lodge a complaint to your national data protection authority. However, prior to doing so, you are welcome to contact us by email as set forth above to resolve the issue for the benefit of all parties.
- DURATION OF STORAGE OF PERSONAL DATA. Your Personal Data will be deleted immediately as soon as you withdraw your consent – via email to firstname.lastname@example.org – or as soon as our purposes for storing your data have expired, unless we are legally bound to further store data according to Applicable Data Protection Laws, other applicable laws and/or for defending of legal claims and/or as required to meet contractual obligations. Such cases are pre-defined by contract with our customer. In addition, if we delete your Personal Data it may remain stored on backup or archival media for an additional period of time due to technical issues.
- OUR POLICY ON CHILDREN. Our Service is also directed to children but we do not knowingly collect Personal Data from children under 13 without the specific written consent of a parent/legal guardian. If your child is under the age of 13, and you become aware that your child has provided us with Personal Data, without your consent, then please contact us using the details below so that we can take steps to remove such information and terminate any account your child has created with us. As the child’s parent/legal guardian, please be advised that:
- We will not require a child to disclose more information than is reasonably necessary to participate in an activity;
- You can review your child’s Personal Data, direct us to delete it, and refuse to allow any further collection or use of the child’s information;
- You can agree to the collection and use of your child’s information, but still not allow disclosure to third parties that are not part of the service providers; and
FOR CALIFORNIA RESIDENTS
- INDIVIDUAL/CALIFORNIA CONSUMER RIGHTS.
The rights – Accessing, Updating, Correcting, and Deleting Information, Restricting Information Processing.
- The rights – Accessing, Updating, Correcting, and Deleting Information, Restricting Information Processing.
- You may have the right to request access to some of your Personal Data being stored by us. California consumers have the right to request that we disclose certain information to them about our collection and use of their personal information over the past 12 months.
- Once we receive and confirm your verifiable consumer or individual request, we will disclose to you, inter alia:
- The categories of personal information we collected about you;
- Our business or commercial purpose for collecting such personal information;
- The categories of third parties with whom we share such personal information;
- Certain copies of personal information we collected about you.
- You can also request to correct and update any inaccurate Personal Data or ask to delete Personal Data that we process about you. The foregoing is subject to our policies and the applicable laws and regulations. Once we receive and confirm your verifiable consumer/individual request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
- According to the CCPA, we may deny California consumer’s deletion request if retaining the information is necessary for us or our service providers to:
- Complete the transaction for which we collected the personal information, provide our services that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with any legal obligation and make other internal and lawful uses of that information that are compatible with the context in which you provided it.
- In order to exercise these rights, you can contact us at: email@example.com. Only you, someone you authorize to act on your behalf, a California resident or a person registered with the California Secretary of State that a California resident authorized to act on its behalf, may make a verifiable individual or consumer request related to their Personal Data. California residents may only make a verifiable consumer request for access or data portability twice within a 12-month period.
- The verifiable consumer or individual request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
- We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We will only use personal information provided in a verifiable consumer/Individual request to verify the requestor’s identity or authority to make the request.
- Response Timing and Format. We endeavor to respond to a verifiable consumer request within 45 days (by the CCPA) or 30 days of its receipt. If we require more time, we will inform you of the reason and extension period in writing. We will deliver our written response via email. For California residents, any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance.
- We do not charge a fee to process or respond to your verifiable consumer or iIndividual request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
- Non-Discrimination. We will not discriminate against you for exercising any of your Privacy rights. Unless permitted by the Applicable Data Protection Law, we will not: dDeny you use of our Services and /or Pprovide you a different level or quality of Services.
- We may retain your Personal Data for any period permitted or required under applicable laws. Even if we delete your Personal Data it may remain stored on backup or archival media for an additional period of time due to technical issues or for legal, tax or regulatory reasons, or for legitimate and lawful business purposes.
- You may have the right to restrict processing if one of the following applies:
- The accuracy of the Personal Data is contested by the data owner;
- The processing is unlawful, and the data owner objects to having their Personal Data erased, instead requesting that its use be restricted;
- Your service provider no longer needs the Personal Data for the purposes of the original processing, but the data is required by the data owner for establishing, exercising or defending legal claims;
- The data owner has objected to processing pending verification of whether the legitimate grounds of your service provider override those of the data owner.
If you wish to object to processing, you are required to contact us at firstname.lastname@example.org.