Last Updated: March 21, 2022
Definitions. For purposes of this policy, we introduce the definitions of how we characterize Learner’s information:
Personally identifiable information (“PII”) is information that can identify a user of the Services, including his or her email, name and address. Anonymous Information is information that does not enable identification of an individual user. De-identified information is information from which personally identifiable components have been removed. Aggregated or de-identified information that is no longer reasonably associate with an identified or identifiable natural person.
Information We Collect.
- Information You Provide to Us.
Registration and Profile Information. When you sign up for an account, we ask you for your email address and password. Once you create an account, you will be able to create one or multiple Learner accounts associated with your account. When you create a Learner account, we ask you to insert a text identifier that will be used to identify the Learner, as well as the Learner’s birth month and year. We do not request PII information for Learners using the accounts. We do NOT collect Learner emails or addresses.
Payment Information. If you sign up for a subscription, your payment information, such as any credit or debit card information you provide, may be collected and stored by us and/or the payment processors with which we work.
Communications. If you contact us directly, we may receive additional information about you. For example, when you contact customer support, we may receive your name, email address, phone number, the contents of the message and/or attachments you may send us, and any other information you may choose to provide. If you subscribe to our newsletter, we will collect certain information from you, such as your email address. When we send you emails, we may track whether you open them to learn how to deliver a better customer experience and improve our Services. Certain features we offer include an option to provide us with feedback. The feedback feature does identify the customer account email but does not identify the specific Learner submitting it. The feedback option is voluntary and the information a Learner submits to us will only be used for improving these features. If we receive PII through a feedback form we take steps to immediately delete that information.
- Information We Collect When You Use Our Services.
Floreo Mobile App Subscription. Your website subscription may also provide access to the Full Access level of our mobile apps. If you choose to download any such app and log into it with your website subscription username and password, we collect limited usage information in connection with user logins in order to monitor subscription compliance. This information is maintained in accordance to this policy. We do not collect Personally Identifiable Information from users of the various Floreo applications. If you have purchased your subscription in-app, we do not collect any user information.
Push notifications on mobile apps: We may send Floreo mobile app push notifications from time to time in order to update you on news, events, or promotions. You may turn these notifications off at the device level if you no longer wish to receive them. If you choose to receive push notifications, we will need to collect certain information about your device - such as operating system and user identification information - in order to ensure they are delivered properly. We also collect the user time zone, which is set on the device, to ensure that we send notifications at an appropriate time of the day. We do not combine this information with other PII.
Mobile analytics on mobile apps: We use mobile analytics software to allow us to better understand the functionality of our mobile apps' software on your phone. This software may record information such as how often you use the apps, events that occur within the apps, aggregated usage, performance data, and from where the apps were downloaded. While this information does link to the customer email address, we do not link this information to any Learner PII you submit within the mobile apps.
Device Information. We receive information from Learners’ devices, including IP address, web browser type, mobile operating system version, phone carrier and manufacturer, application installations, device identifiers, mobile advertising identifiers, and push notification tokens.
- Usage Information and Recording Sessions. To help us understand how you use our Services and to help us improve them, we automatically receive information about your interactions with our Services, like the account you use, the lessons you view, the progress you make on those lessons, the tasks completed within those lessons, task scores, progress on certain skills, pages or other content you view, searches you conduct, any content you post, and the dates and times of use.
Please review your web browser’s “Help” file to learn the proper way to modify your cookie settings. Please note that if you delete, or choose not to accept, cookies from our Services, you may not be able to utilize the features of our Services to their fullest potential.
We use Google Analytics and other analytics providers to collect and process certain analytics data. Google provides some additional privacy options described at www.google.com/policies/privacy/partners/ regarding Google Analytics’ cookies.
We do not collect customer’s web search history across third party websites or search engines. However, if a customer navigates to our website via a web search, their web browser may automatically provide us with the web search term they used in order to find us. Our website does not honor "do not track" signals transmitted by users' web browsers, so we encourage you to visit the following link if you would like to opt out of certain tracking: http://www.networkadvertising.org/choices or http://www.aboutads.info/choices/. Note that if you wish to opt out, you will need to do so separately for each of your devices and for each web browser you use (such as Internet Explorer®, Firefox®, Safari®).
Third Parties. We may use a variety of third-party service providers, such as analytics companies, to understand usage of our Services. We may allow those providers to place and read their own cookies, electronic images known as web beacons or single-pixel gifs and similar technologies, to help us measure how users interact with our services. This technical information is collected directly and automatically by these third parties. If you wish to opt out of third-party cookies, you may do so through your browser as mentioned above.
How We Use the Information We Collect.
We use the information we collect from customers and Learners to:
- Provide, improve, expand, personalize, and promote our Services;
- Understand and analyze how our Services are used;
- Assess Learner progress and compare it to other Learners;
- Develop new products, services, features, and functionality;
- Communicate with you, either directly or through one of our partners, including for customer service, to provide you with updates and other information relating to the Service, and for marketing and promotional purposes;
- Send you text messages and push notifications;
- Facilitate transactions and payments;
- Find and prevent fraud; and
How We Share the Information We Collect.
Vendors and Service Providers. We may share any information we receive with vendors and service providers retained in connection with the provision of our Services. In addition, we use third party analytics vendors to evaluate and provide us with information about your use of our Services and third-party advertising partners to show ads that we think may interest you. These analytics service providers may set and access their own cookies, pixel tags and similar technologies on our Services and they may otherwise collect or have access to information about you which they may collect over time and across different online services.
Learner Content. We may provide you the ability share content, such as Learner-driven curriculum or recorded sessions, at your direction. If you choose to share your information and/or content with other Learners, your profile information, such as your profile photo, may be visible to those Learners.
Aggregate Data. Where legally permissible, we may share information about Learners with our partners in aggregated or de-identified form that can’t reasonably be used to identify you or your Learners.
As Required By Law and Similar Disclosures. We may access, preserve, and disclose your information if we believe doing so is required or appropriate to (a) comply with law enforcement requests and legal process, such as a court order or subpoena; (b) respond to your requests; or (c) protect your, our or others’ rights, property, or safety. For the avoidance of doubt, the disclosure of your information may occur if you post any objectionable content on or through our Services.
Consent. We may also disclose your information with your permission.
Information We Do NOT Collect or Use.
- In no event shall we use, share or sell any Learner PII for advertising or marketing purposes.
How We Store and Process Your Information.
We strive to maintain security policies and procedures that are designed to protect your information.
Our servers are located in a secured, locked, and monitored environment to prevent unauthorized entry or theft, and are protected by a firewall. The servers are located in a data center in the United States and backed up daily to a secure, U.S.-based, off-site data center.
While we do not actively collect PII, we take extra measures to ensure the safety of Learner data and apply a Secure Sockets Layer (SSL or HTTPS) encrypting technology to establish and ensure that all data passed between the server and the browser remains encrypted.
Governance policies and access controls are in place to ensure that the information of each customer, school, or other subscriber is separated, and all subscribers can only access their own data.
Only limited Floreo personnel have access to the database, and personnel only access it when necessary to provide services.
We follow standardized and documented procedures for coding, configuration management, patch installation, and change management for all applicable servers, and we audit our practices at least once a year.
While we strive to maintain best industry-standard privacy and security practices, it should be noted that no industry system is fail proof. We have established a Disaster Recovery Plan for use in an actual data breach, loss, or disaster. This includes notifying the affected subscriber(s), and as appropriate, coordinating with the subscriber to support notification of affected individuals, Learners, and families when there is a substantial risk of harm from the breach or a legal duty to provide notification.
All customer data will be deleted at the end of the contract if requested by the customer.
Floreo requires all internal personnel who would be in direct contact with Learner data information to be trained in the secure handling and privacy distribution of Learner data. This includes, but is not limited to, access rights, communication with customers, along with the importing and exporting of files. Customer service and training personnel are trained to only release any Learner information to authorized school/district personnel or parent through a series of validation methods.
Subcontractors’ with access to Learner data information are required to sign Non-Disclosure Agreements and must return or destroy all Floreo property and data at the end of their contracts.
Data Breach Protocol.
Floreo maintains a contact list of key administrators for each customer. Should a data breach occur, these administrators will be notified via email as soon as it is known what breach, exposure or data loss may have occurred.
Sharing Preferences. We provide you with settings to allow you to set your sharing preferences for content you post to our Services. Certain information may always be publicly available to others, and other information is made publicly available to others by default. To change whether certain information is publicly viewable, you can adjust the settings in your account.
Email Subscriptions. You can unsubscribe from our promotional emails via the link provided in the emails. Even if you opt-out of receiving promotional messages from us, you will continue to receive administrative messages from us.
Right to Know and Delete. You have the right to know certain details about our data practices. In particular, you may request the following from us:
- The categories of personal information we have collected about you.
- The categories of sources from which the personal information was collected.
- The specific pieces of personal information we have collected about you.
In addition, you have the right to delete the personal information we have collected from you. To exercise your right to know, please send an email to: firstname.lastname@example.org.
In the request, please specify whether you are seeking the categories of information we collect or the specific pieces of personal information. To delete your account, please send an email to: email@example.com. Please note that while any changes you make will be reflected in active user databases instantly or within a reasonable period of time, we may retain all information you submit for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so.
We will confirm receipt of your request within 10 days. We may require specific information from you to help us verify your identity and process your request. If we are unable to verify your identity, we may deny your requests to know or delete.
School Data Compliance
Under the terms of our contracts with schools, we agree to act as a "School Official" as defined by FERPA, meaning that we:
- Perform an institutional service or function for which the school or district would otherwise use its own employees;
- Have been determined to meet the criteria set forth in the school's or district's annual notification of FERPA rights for being a School Official with a legitimate educational interest in the education records;
- Are under the direct control of the school or district with regard to the use and maintenance of education records; and
- Use education records only for authorized purposes and will not re-disclose Personally Identifiable Information from education records to other parties (unless we have specific authorization from the school or district to do so and it is otherwise permitted by FERPA or FIPPA).
Under the terms of our contracts with schools, we agree to the state specific data security and privacy requirements, as amended from time to time, and the following state laws are incorporated herein by reference, to the extent that any of the provisions apply to Floreo’s possession and use of Learner and school PII:
- New York State Education Law 2-d and the Parent’s Bill of Rights Regarding Data Privacy and Security which can be accessed at http://www.nysed.gov/student-data-privacy/bill-rights-data-privacy-and-security-parents-bill-rights
- California Student Online Personal Information Protection Act, (Cal. Bus. & Prof. Code § 22584(i).
- Connecticut Student Data Privacy Law, (Connecticut General Statutes §§ 10-234aa through 10-234dd).
Our Services are hosted in the United States and intended for visitors located within the United States. If you choose to use our Services from the European Union or other regions of the world with laws governing data collection and use that may differ from U.S. law, then please note that you are transferring your personal information outside of those regions to the United States for storage and processing. Also, we may transfer your data from the U.S. to other countries or regions in connection with storing and processing data, fulfilling your requests, and operating our Services. By providing any information, including personal information, on or to our Services, you consent to such transfer, storage, and processing.
Update Your Information or Pose a Question.
This policy has been updated as follows:
- On February 25, 2020 to update privacy and security procedures and to describe FERPA compliance for school customers in various states.
- On July 7, 2020 to update privacy and security procedures to include compliance with the Canadian FIPPA privacy requirements.
- On March 21, 2022 added ability to request deletion of collected data.