NextLesson Inc. - Privacy Policy

Privacy Policy

NextLesson Inc. (“NextLesson”, “we”, “us” or “our”) is the sole operator of www.nextlesson.org and www.grokspot.org(the “Sites”), a website where students, teachers and parents who register accounts with us (“Users”) can use our project management platform to learn, discover lessons, collaborate, plan, track, achieve progress toward individual or group goals in a visual, collaborative way, and discuss and provide feedback (the “Service”). We respect your privacy, whether you are a User or are just visiting the Sites (a “Visitor”).

Our Privacy Policy was last updated on January 22nd, 2021. It governs the privacy terms of our Service. Any capitalized terms not defined in our Privacy Policy, have the meaning as specified in our Terms of Use accessible at https://www.nextlesson.org/company/tos.

This privacy policy clearly describes our information practices, so we encourage you to read it in its entirety. Our Privacy Policy is a legal statement that explains how we may collect information from you, how we may share your information, and how you can limit our sharing of your information. You accept the practices described in this privacy policy by using the Sites or the Service. If you don’t accept the practices described herein, you should not use the Sites or the Service.

We encourage you to contact us with questions about your privacy and this privacy policy by emailing us at privacy@nextlesson.org.

Our Website follows all legal requirements to protect your privacy. You will see terms in our Privacy Policy that are capitalized. These terms have meanings as described in the Definitions section below.

Definitions

Information Collection and Use

We collect several different types of information for various purposes to provide and improve our Service to you.

Types of Data Collected

We collect two basic types of information from you through the Sites and the Service –Personal Information and Anonymous Information. We may use Personal Information and Anonymous Information to create “Aggregate Information”, which is information about groups of Users which does not identify and cannot reasonably be used to identify you as an individual User. We do not collect your Personal Information without your knowledge or consent. We may require that you provide certain Personal Information to use the Service. We do not collect, save or store any Personal Information from Visitors unless you voluntarily and intentionally provide it to us.

As between us, you own all rights, titles, and interests to all Student Data, you are (and other Schools are) solely responsible for any and all Student Data, whether provided by you, students, or others, and we do not own, control, or license Student Data, except to provide the Services.

We collect the following categories of information:

Use of Data

We collect Personal Information from you for the following purposes:

We collect Performance, Grade and Interests from student Users for educational, non-commercial purposes. We may use Aggregate Information collected from Users to create reports that measure local and national trends in Performance and Interests for the purpose of enhancing larger educational discussions. However, by definition, Aggregate Information cannot be used to identify you or your student.

Retention of Data

We will retain your Personal Information only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

We will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods.

Users may request that their data be deleted by contacting us at support@scholarus.com. We will remove the requested data within 30 days and notify the user that the deletion is completed.

Transfer of Data

Your information, including Personal Information, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Information will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer

Sharing of Data

We will not share your Personal Information in identifiable form, except in the following circumstances:

We will never release student Users’ Personal Information in identifiable form, other than to a person providing internal support for the Sites or the Service.

We may make reports containing purely Aggregate Information publicly available to enhance larger educational discussions. However, by definition, Aggregate Information cannot be used to identify you or your child.

Security–Protection of Your Information

We take appropriate security measures (including physical, electronic and procedural measures) to safeguard your Personal Information from unauthorized access and disclosure. In particular:

Your Personal Information is password protected for your privacy and security. You can help protect against unauthorized access to your account by keeping your password secret at all times and limiting access to your computer and browser by signing off after you have finished accessing your account.

Please note that no information security practices are 100% secure or immune from circumvention. We can’t guarantee the security of your information. If we learn of a security breach, we will attempt to notify you electronically (subject to any applicable laws) so that you can take appropriate protective steps; for example, we may post a notice on our homepage (www.nextlesson.org) or elsewhere on the Service, and we may send an email to you at the email address you have provided to us.

Legal Basis for Processing Personal Information Under General Data Protection Regulation (GDPR)

If you are from the European Economic Area (EEA), NextLesson legal basis for collecting and using the personal information described in this Privacy Policy depends on the Personal Information we collect and the specific context in which we collect it.

NextLesson may process your Personal Information because:

Your Data Protection Rights Under General Data Protection Regulation (GDPR)

If you are a resident of the European Economic Area (EEA), you have certain data protection rights. NextLesson aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Information.

If you wish to be informed what Personal Information we hold about you and if you want it to be removed from our systems, please contact us.

In certain circumstances, you have the following data protection rights:

Please note that we may ask you to verify your identity before responding to such requests.

You have the right to complain to a Data Protection Authority about our collection and use of your Personal Information. For more information, please contact your local data protection authority in the European Economic Area (EEA).

"Do Not Sell My Personal Data" Notice for California consumers under California Consumer Privacy Act (CCPA)

Under the CCPA, California consumers have the right to:

If you make a request, we have 30 days to respond to you. If you would like to exercise any of these rights, please contact us.

Service Providers

We may employ third party companies and individuals to facilitate our Service ("Service Providers"), to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used.

These third parties have access to your Personal Information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

Analytics

We may use third-party Service Providers to monitor and analyze the use of our Service.

Email Marketing

Payment

We may provide paid products and/or services within the Service. In that case, we use third-party services for payment processing (e.g. payment processors).

We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.

The payment processor we work with is:

Links To Other Sites

Our Service may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Your Controls and Choices

You may always decline to give us any information. We provide you with the ability to exercise certain controls and choices regarding our collection, use and sharing of your information. For example, in accordance with local law:

You can typically remove and reject cookies from our Sites with your browser settings. Many browsers are set to accept cookies until you change your settings. If you remove or reject our cookies, it could affect how our Sites work for you.

If you need assistance exercising your controls and choices, or if you would like to request access to your, or your Child’s, Personal Information, we encourage you to email us at privacy@nextlesson.org.

Children's Privacy

We are committed to protecting the privacy of children under the age of 13 (“Children”) who use the Sites and the Service. In accordance with the U.S. Children’s Online Privacy Protection Act (“COPPA”), this section of our privacy policy, read together with the rest of our privacy policy, explains our information collection, disclosure and parental consent practices with respect to Children’s Personal Information. For more information on COPPA and protecting Children’s online privacy, please visit OnGuard Online.

We recognize the need to provide further privacy protections with respect to Personal Information we may collect from Children on the Sites and through the Service. When we do intend to collect Personal Information from Children, we take additional steps to protect Children’s privacy. Our policy is to not collect more Personal Information from Children than is necessary to provide the Service. Children’s access to the Sites and the Service is not conditioned on their providing more Personal Information than is reasonably necessary to provide the Service. To register an account and access the Service, Children need only provide the following information: first name, last name, user name, password and a valid Join Code. We only provide Join Codes once we have obtained verifiable parental consent, so Children cannot register for an Account without a parent or guardian’s consent. We may obtain verifiable parental consent using any method that is reasonably calculated to ensure that the person providing consent is the Child’s parent or guardian, such as speaking to a trained customer service representative or requiring a signed consent form by mail, email attachment or fax. As Children interact with the Service, we may also prompt them for the following information: color preferences, Performance, Interests and Grade, confidence and sentiments. Optionally, Children may provide their own email addresses, which we will use for the sole purpose of resetting their passwords upon request. NextLesson will also receive a Child’s email address if the Child uses his or her Google account to register for a NextLesson account.

We will never release Children’s Personal Information to third parties in identifiable form for any reason, other than to a person providing internal support for the Sites or the Service.

COPPA allows schools, including teachers and school administrators, to act in the stead of parents in the educational context; schools can provide consent for the collection of Personal Information from Children and review Children’s Personal Information just as parents can. We will only use Children’s Personal Information in the educational context. When we receive authorization from a school for our collection of Children’s Personal Information in connection with the Service, we will presume that that authorization is based on the school having obtained consent to such collection from the parents. Schools should always notify parents about these activities and obtain their consent. For more information about parental rights with respect to a Child’s educational record under the Family Educational Rights and Privacy Act (“FERPA”), please visit the FERPA site.

Parents and guardians can review the Personal Information we have collected about their Children, request that we delete that Personal Information and refuse to allow us to collect further Personal Information from their Children by contacting us directly at: privacy@nextlesson.org

Parents and guardians can consent to collection and use of a Child’s personally identifiable information without consenting to the disclosure of information to third parties. Please include your Child’s username with any such request so we can better assist you with your inquiry or request. In the interest of the Child’s security, we may ask you additional questions or take other steps to verify that you are a Child’s parent or guardian before we respond to your request.

Changes To This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the "effective date" at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

If you have any questions about this Privacy Policy, please contact us via email at privacy@nextlesson.org.