Last updated: February 2021.
The Site and the Platform are individually and collectively referred to herein as the “Services”.
- “Personal Data” means any information that may be used, either alone or in combination with other information, to personally identify an individual, including, but not limited to, a first and last name, a personal profile, an email address, a home or other physical address, or other contact information as well as health data which may be considered as “Sensitive Data”, “Special Categories of Personal Data”, “Protected Health Information” and/or “Electronic PHI” (“ePHI”) (as such terms are defined in the Applicable Data Protection Laws). (Sensitive Data, Special Categories of Data, PHI and ePHI, collectively “Sensitive Data”).
- We receive, collect, process, use and store the following types of Personal Data: names, addresses or geographic data, email addresses, telephone and fax numbers, log-on credentials, birth date or age, student ID, school district, name of educators/clinicians/interventionists/supervisors, type of treatment, administrative and clinical information regarding treatment plan, clinical and educational measurements and notes, audio recordings, video recordings, IP addresses, cookies (including cookie ID), statistical data, school ID number, health plan beneficiary number, certification/license numbers, web URLs , biometric identifiers of voice prints, full face photographic images and any comparable images.
- We receive, collect, process, use and store Personal Data regarding the following categories of Data Subjects: customer, prospects, students, student caregivers, educators/clinicians/interventionists/supervisors, staff members of schools/school districts/cooperation of school districts/education service centers/federal, state or local education agencies/HMOs, and other users of the Site and the Platform.
Processing Sensitive Data requires specific prior written consent from the individual or its parents and/or guardians. A Data Subject providing directly to us such Sensitive Data is required to sign a specific consent form. Regarding Sensitive Data that we receive by authorized third parties (e.g. Entities and/or Professionals), we are relying on them that they have been granted Data Subject’s prior written consent to collect, create, receive, maintain, process, store, transfer and disclose to us and for our use in connection with the Services.
If you have a reasonable basis to assume or you know that any of the above mentioned is not met, you are required to inform us, without due delay, by e-mailing us at email@example.com.
- How we receive or collect Personal Data. We receive and/or collect Personal Data from you in the ways set forth below:
- From authorized third parties. We provide the Platform to Entities and/or Professionals who are responsible for uploading Personal Data to the Platform and/or transfer Personal Data to us to upload to the Platform. Furthermore, Entities and/or Professionals may add to the Platform assessments records, feedback and notes that may involve Personal Data.
- When you access the Platform. In order to access the Platform, you will be required to create an account. The account may be created directly by you, by us or by an authorized third party (e.g. Entity). Providing Personal Data such as your name (or the name of your guardian), year of birth, country, language, email address and a password, is required for opening the account.
- When you use the Platform. When you use certain features of the Platform that analyze, collect and store Personal Data (such as using our self-training module, session scheduling module and video-audio sessions), we may collect and analyze Personal Data (such as your training, speech patterns recordings, video recordings, clinical notes attendance in sessions, usage and performances).
- When you use the Services. We may make use of log files when you use the Services. The information inside the log files includes internet protocol (IP) addresses, type of browser, Internet Service Provider (ISP), date/time stamp, referring/exit pages, clicked pages and any other information your browser may send to us. We may use such information to analyze trends, administer the Services, track users’ movement around the Services, and gather demographic information.
- When you ask to ‘Contact Us’ and/or submit a registration form. If you send us a “Contact Us” request, or ask to register to the Platform, such as by submitting an online form or by sending an email to an email address that we display, you may be required to provide us with certain information such as your name, telephone number country, region, school, and email address.
- When you purchase. We may include the option to purchase certain products or services from us via the Site or the Platform. If you choose to make a purchase, we may require sufficient information from you to complete the transaction. Such information could include a credit card number and related account and billing information, invoice related information, and other data required to process the order.
- Cookies and other tracking technologies. Our Services may utilize “cookies”, anonymous identifiers and other tracking technologies (such as MixPanel) in order to for us to provide our Services and present you with information that is customized for you. A “cookie” is a small text file that may be used, for example, to collect information about activity on the Services. Certain cookies and other technologies may serve to recall Personal Data, such as an IP address, previously indicated by a user. Most browsers allow you to control cookies, including whether or not to accept them and how to remove them. You may set most browsers to notify you if you receive a cookie, or you may choose to block cookies with your browser. However, if you do not accept cookies, you may not be able to use some portions of our Services. Some tracking technologies are not enabled to be blocked and are necessary to perform and provide our Services.
- Data from your device. We may collect limited information from your device in order to provide the Services. Such information may include your device type, device ID, and date and time stamps of Services used. In addition, we may deploy tracking technologies within the Services to help us gather aggregate statistics, but we will not use Personal Data for such purposes.
- The way we use Personal Data. We may use Personal Data for the following purposes:
- Access, use and analysis. Personal Data provided to us by you to obtain access to any functionality of the Platform may be used in order to provide you with access to the needed functionality and to monitor your use of such functionality (for example, to identify and authenticate your access to the parts of the Services that you are authorized to access). We may also analyze Personal Data to provide certain information to its users (for example, to provide decision support information to Professionals based on real measurable and recorded data, to provide feedback to our users and/or guardians regarding performance and progress, and to communicate with different Professionals).
- Business purposes. Personal Data may be used in order to help us improve the functionality of the Services, to better understand our users, to protect against, identify or address wrongdoings, to enforce our T&C, and to generally manage the Services and our business. We also may use Personal Data for our proper management and administration or to carry out our legal responsibilities.
- Contacting you. We will use your contact information to contact you: (a) in connection with the Services and certain programs or offerings; (b) to provide you with system notifications such as scheduling and messaging; (c) for administrative requests (e.g. to change your password); (d) in response to your request to contact you; and (e) to provide you technical support. We may contact you via any communication channel, including e-mail, in-Platform messaging, SMS, phone, cellphone, video and audio sessions, etc.
- Demonstrating compliance. We may collect your Personal Data in order for us to demonstrate compliance, performance and progress to our customers (i.e. Entities).
- Specific reasons. Personal Data provided to us for a specific reason may be used in connection with that specific reason.
- Statistics. Personal Data may be used for statistic reports containing aggregated
- Security and dispute resolution. We may use Personal Data to protect the security of our Services (including by way of example, to detect and prevent fraud, phishing, identity theft, and data leakage), to resolve disputes and to enforce our agreements.
- Transfer, share, or disclosure of Personal Data. We may share, disclose and transfer your Personal Data with our subsidiaries, affiliated companies, partners, suppliers (such as cloud provider services), our employees (such as marketing, sales, developers, technical support teams and Professionals), contractors and service providers who process Personal Data on our behalf to provide our Services and/or perform certain business-related functions (“Third Parties”).
- Direct marketing. Personal Data may be used to contact you for our marketing and advertising purposes, including without limitation to inform you about new services we believe might be of interest to you, and to develop promotional or marketing materials and provide those materials to you. If by mistake you receive direct marketing without your specific consent and/or wish to opt-out, you are required to contact us at firstname.lastname@example.org.
- Compliance with the law. Personal Data may be disclosed as required by law (for example, in response to a subpoena or other request from law enforcement, a court or a government agency, including in response to public authorities to meet national security or law enforcement requirements), or if we have good faith belief that such disclosure is necessary to (a) comply with any legal obligation, (b) protect or defend our rights, interests or property or that of third parties, (c) prevent or investigate possible wrongdoing in connection with the Services, (d) act in urgent circumstances to protect the personal safety of users of the Services or the public, or (e) protect against legal liability.
- Use of non-Personal Data, de-identification and anonymous information. We may de-identify or anonymize the Personal data in a way that it does not enable identification of an individual. Since Non-Personal Data cannot be used to identify you in person, we may use such data in any way
permitted by law.
We aim to store Personal Data in the same region where it was collected. However, if permitted by Applicable Data Protection Laws and/or by our customers, Personal Data may be transferred to other countries. In such case and/or when Personal Data is transferred to our Third Parties, we will implement reasonable information security techniques & technical measures accepted in our industry and/or Third Parties contractual obligations to maintain their information security level adequate to our level. As a cloud-based Platform, we use the Amazon Cloud Services which complies with the GDPR and is ISO 27001, 27017,27018 certified (for AWS full statement see https://aws.amazon.com/blogs/security/all-aws-services-gdpr-ready/). As related to the Services provided in the US, we store the Personal Data including its backups at AWS US.
- Security. We are strongly committed to protecting your Personal Data and information, and we will take reasonable technical steps, accepted in our industry, to keep your information secure and protect it against loss, misuse or modification. However, no network, server, database or internet or email transmission is ever fully secure or error-free. If you notice any security risks or violations, we advise you to report them to us at email@example.com.
- Your rights in respect of your Personal Data. In accordance with Applicable Data Protection Laws and our internal policies and procedures, you have the following rights in respect of your Personal Data that we hold:
- Right of access. You have the right to obtain (i) confirmation of whether, and where, we are processing your Personal Data; (ii) information about the categories of Personal Data we are processing, the purposes for which we process your Personal Data and information as to how we determine retention periods; (iii) information about the categories of recipients with whom we may share your Personal Data; and (iv) a copy of the Personal Data we hold about you.
- Right of portability. You have the right, in certain circumstances, to receive a copy of the Personal Data in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your Personal Data to another person.
- Right to rectification. You have the right to obtain rectification of any inaccurate or incomplete Personal Data we hold about you without undue delay.
- Right to erasure. You have the right, in some circumstances, to require us to erase your Personal Data without undue delay if the continued processing of that Personal Data is not justified.
- Right to restriction. You have the right, in some circumstances, to require us to limit the purposes for which we process your Personal Data if the continued processing of the Personal Data in this way is not justified, such as where the accuracy of the Personal Data is contested by you.
- Right to object. You have a right to object to any processing based on our legitimate interests where there are grounds relating to your particular situation. There may be compelling reasons for continuing to process your Personal Data, and we will assess and inform you if that is the case. You can object to marketing activities for any reason.
- If you wish to exercise one of these rights, please contact us at firstname.lastname@example.org. If your account permissions allow, you may also review and edit the Personal Data you have submitted to us by logging into your account on the Platform.
- You also have the right to lodge a complaint to your national data protection authority. However, prior to doing so, you are welcome to contact us by email as set forth above in order to resolve the issue for the benefit of all parties.
- Duration of storage of Personal Data. Your Personal Data will be deleted immediately as soon as you withdraw your consent – via email to email@example.com – or as soon as our purposes for storing your data have expired, unless we are legally bound to further store data according to Applicable Data Protection Laws, other applicable laws and/or for defending of legal claims and/or as required to meet contractual obligations. Such cases are pre-defined by contract with our customer. In addition, if we delete your Personal Data it may remain stored on backup or archival media for an additional period of time due to technical issues.
- Our policy on children. Our Service is also directed to children but we do not knowingly collect Personal Data from children under 13 without the specific written consent of a parent/legal guardian. If your child is under the age of 13, and you become aware that your child has provided us with Personal Data, without your consent, then please contact us using the details below so that we can take steps to remove such information and terminate any account your child has created with us. As the child’s parent/legal guardian, please be advised that:
- We will not require a child to disclose more information than is reasonably necessary to participate in an activity;
- You can review your child’s Personal Data, direct us to delete it, and refuse to allow any further collection or use of the child’s information;
- You can agree to the collection and use of your child’s information, but still not allow disclosure to third parties that are not part of the service providers; and
- If you wish to exercise any of your rights, please contact us at: firstname.lastname@example.org.