Last Updated: 10/15/2020
1. Information We Collect
Information We Collect From You
Some of our Products may collect information that is protected under the Family Educational Rights and Privacy Act (“FERPA”). In accordance with FERPA authorization, except for your school-issued login credentials you use to login to these Products through the single sign-on feature described below, we may collect your self-reported Personal Information that is subject to FERPA (“FERPA Personal Information”) through your use of these Products. Our collection of this FERPA Personal Information is authorized via partnership with your school and your FERPA Personal Information will only be used by us as authorized by your school. A school may be defined as a participating higher education entity that has authorized the use of these Products for its student body.
Information We Automatically Collect
When you use portions of our Platform, including, but not limited to, our Products and Websites, some information is automatically collected. For example, when you visit our Websites, your computer’s operating system, Internet Protocol (IP) address, access times, browser type and language, and the websites you visited before visiting our Websites are logged automatically (“Usage Information”). We also collect information about your usage and activity on our Platform.
We may collect information using web beacons, clear gifs, pixel tags or other similar technologies . These technologies are electronic images that may be used on our Platform or in emails we send. We use these technologies to deliver cookies, count visits, understand usage and observe data on email delivery, open rates, link click rates, bounces, unsubscribes and other information.
We may also use third-party solutions with cookie tracking such as those outlined below:
- Facebook Pixel, a cookie placed by Facebook, enables us to measure the effectiveness of advertising campaigns served on Facebook. The information collected by that cookie will be transmitted to and stored by Facebook. For more information about Facebook’s privacy practices, please refer to https://www.facebook.com/about/privacy/. To opt-out, please see https://www.facebook.com/ads/preferences.
- LinkedIn Insight Tag, a cookie placed by LinkedIn, enables us to measure the effectiveness of advertising campaigns served on LinkedIn. The information collected by that cookie will be transmitted to and stored by LinkedIn. For more information about LinkedIn’s privacy practices, please refer to https://www.linkedin.com/legal/privacy-policy. To opt-out you can update your advertising preference through your LinkedIn account. If you do not have a LinkedIn account, LinkedIn allows you to opt-out of targeted advertising by visiting https://www.linkedin.com/psettings/guest-controls.
Information Collected from Other Third Parties
We may receive your Personal Information from third parties, including your school or employer (depending on which Products you use), our business partners and third parties we collaborate with on the development and operation of our Products and Services, social media sites, ad networks and analytics providers. We may also receive your Personal Information from others that refer you to our Platform.
Some of our Products may also provide the ability to register and sign in through other services you already utilize. Please see the following sections for information on which services are available, what data we receive, and how that data is used.
- School Single Sign-On: Some of our Products may offer the ability for you to register and sign-in through a school-issued credential or by using a username or password. In these instances, you will either follow the single sign-on steps to login through your school issued credentials, or you will be asked to set up a username and password, depending on the approach your school elected to adopt. In either case, we ensure the same data security and privacy standards for the data you provide.
- Apple Single Sign-On: Some of our Products may offer the ability for you to register and sign in using your Apple ID. As with single sign-on for school-based logins, this option only gathers the minimum data necessary to create a user within the applicable Product(s). These Products will store and utilize the following attributes: first name, last name, email address, IP address, device model, device operating system and web browser in order to create your user record. These Products may also store and utilize the following attributes: time zone, disk space, carrier, screen size, processor cores, total disk space and remaining disk space. Your Apple data will not be sold, redisclosed, or edited through this process. We only collect the above noted data, regardless of other data you may have allowed for public consumption. Access to this registration and sign-in option may be limited by which Product(s) you access or having a compatible device/operating system that meets Apple requirements. By using the Apple single sign-on service, Apple will know that you are signing into our Products and that you are a user of our Products.
- Google Single Sign-On: Some of our Products may offer the ability for you to register and sign in using your Google Account. As with single sign-on for school-based logins, this option only gathers the minimum data necessary to create a user within the applicable Product(s). These Products will store and utilize the following attributes: first name, last name, email address, IP address, device model, device operating system and web browser in order to create your user record. These Products may also store and utilize the following attributes: time zone, disk space, carrier, screen size, processor cores, total disk space and remaining disk space. Your Google data will not be sold, redisclosed, or edited through this process. We only collect the above noted data, regardless of other data you may have allowed for public consumption. Access to this registration and sign-in option may be limited by which Product(s) you access or having a compatible device/operating system that meets Google requirements. By using the Google single sign-on service, Google will know that you are signing into our Products and that you are a user of our Products.
- Facebook Single Sign-On: Some of our Products may offer the ability for you to register and sign in using your Facebook Account. As with single sign-on for school-based logins, this option only gathers the minimum data necessary to create a user within the applicable Product(s). These Products will store and utilize the following attributes: first name, last name, email address, IP address, device model, device operating system and web browser in order to create your user record. These Products may also store and utilize the following attributes: time zone, disk space, carrier, screen size, processor cores, total disk space and remaining disk space. Your Facebook data will not be sold, redisclosed, or edited through this process. We only collect the above noted data, regardless of other data you may have allowed for public consumption. Access to this registration and sign-in option may be limited by which Product(s) you access or having a compatible device/operating system that meets Facebook requirements. By using the Apple single sign-on service, Facebook will know that you are signing into our Products and that you are a user of our Products.
Information Collected in Connection with Research and Evaluation Studies
From time-to-time, you may be invited to participate in a research and evaluation study that includes the use of Personal Information we have collected from or about you and may involve the collection of additional Personal Information from or about you in connection with such research and evaluation study. Prior to releasing or otherwise using your Personal Information in connection with any such research and evaluation study, we will ensure that you: (1) have received and accepted an invitation to participate in such research and evaluation study; and (2) have agreed to any additional terms and conditions applicable to such research and evaluation study. Without limiting the foregoing, where any research study includes the use of any FERPA Personal Information, we will only release FERPA Personal Information for approved research, authorized by your school, to your school or partners your school authorizes.
Please note, as otherwise described in this Policy, the foregoing only applies to research and evaluation studies that utilize your Personal Information and does not apply to any research and evaluation study conducted utilizing aggregated, de-identified or otherwise anonymized information.
2. How We Use Collected Information
- facilitate access to our Platform;
- understand your goals and preferences to enhance your experience;
- track, collate and analyze your use of our Platform;
- process and deliver your requests for Services;
- to respond to your comments and questions and provide customer service;
- send you administrative emails, tips and reminders, and notifications;
- facilitate your participation in surveys and other information gathering activities;
- communicate with you about news about other Products and Services offered by us and our selected partners; and
- link or combine it with other Personal Information we receive from third parties to help understand your needs and provide you with better Products and Services.
We may also use any Usage Information we collect in a de-identified, aggregate form to help us understand usage and demographic patterns and improve the functionality of our Products.
We may also use aggregated or otherwise de-identified information for our business purposes.
3. Sharing Your Personal Information
We may share certain portions of Personal Information and other information to make the Platform function properly. This may include sharing portions of Personal Information with development, hosting, email and other service providers that provide services to us and need access to your Personal Information to provide you with the Platform. Our service providers include, but are not necessarily limited to:
- Salesforce, a customer relationship management service that provides services to us that we use to manage our relationships with our customers. To learn more about how Salesforce protects your Personal Information, see their privacy information, available at https://www.salesforce.com/company/privacy/.
We may share Personal Information through some of our Products with your educational institution. However, we also may share aggregated demographic and statistical information that is not personally identifiable: (1) with other educational institutions for informational purposes; and (2) for research purposes. We or educational institutions may view and use your Personal Information with your consent for research purposes as described in this Policy.
You agree that we may use Usage Information and any other aggregated, de-identified or otherwise anonymized information we collect from or about you for research, business and other development purposes, including to improve the Platform and to develop future applications and products.
We may share your Personal Information in connection with or during negotiation of any merger, financing, acquisition, or dissolution, transaction or proceedings involving the sale, transfer, or divestiture of all or a portion of our business or assets to another entity.
We may share your Personal Information with third parties where you have provided consent to such sharing.
Other than what is referenced above, the Personal Information and other information collected from you is not shared with nor sold to any person or entity outside of us.
4. Joint Collaboration Products
5. Third Party Websites
Some users access our Platform via a webpage that is hosted by the user’s individual school, college or university (“School Product”). We do not control the content or links that appear on these School Products and are not responsible for the practices employed by School Products. In addition, School Products and services each have their own privacy policies and customer service policies. Browsing and interaction on any other School Product is subject to that School Product’s own terms and policies.
We take reasonable organizational, technical and administrative steps to help protect Personal Information against loss, misuse, unauthorized access or disclosure. Unfortunately, no transmission or storage system can be guaranteed to be completely secure, and transmission of information via the internet is not completely secure.
7. Children’s Information
The Platform is intended for individuals over 18 years of age and older. If you are under 18, you may not access, attempt to access, or use our Platform.
Without limiting the foregoing, the Platform is not directed at, marketed to, nor intended for children under the age of 13 and we do not intentionally collect any information from or about children under the age of 13. If you believe a child under 13 years of age has provided us with information, contact us at email@example.com. If we learn that any information was provided through the Product by a person younger than 13 years of age, we will delete the information immediately.
8. Email Opt Out
By using some portions of our Platform, you may be consenting to be included in both system generated emails and our mailing list for promotional content.
If your registration resulted in joining our promotional mailing list, we may send you updates, news, and information about our services. If at any time you wish to stop receiving emails or mailings from us please send us an email to firstname.lastname@example.org with the phrase “Privacy Opt-out: Grit Mailings” in the subject line, or write to us at the address provided below, and we will remove you from our mailing list. Alternatively, for email communications, you may opt out of receiving such communications by following the unsubscribe instructions set forth at the bottom of most e-mail messages from us.
Please note that even if you do not sign up to receive email from us, we may send you important service announcements.
Also, please note that we have not yet developed a response to browser “Do Not Track” signals, and do not change any of our data collection practices when we receive such signals. We will continue to evaluate potential responses to “Do Not Track” signals in light of industry developments or legal changes.
9. California Privacy Rights
We do not share Personal Information as defined by California Civil Code Section 1798.83 (“Shine the Light Law”) with third parties for their direct marketing purposes absent your consent. If you are a California resident, you may request information about our compliance with the Shine the Light law by contacting us by email to email@example.com or by sending a letter to:
Grit Digital Health LLC
2128 15th Street
Denver, CO 80202
Any such request must include “California Privacy Rights Request” in the first line of the description and include your name, street address, city, state, and ZIP code. Please note that we are only required to respond to one request per customer each year, and we are not required to respond to requests made by means other than through this email address or mail address.
10. European Users’ Rights. If you are located in the EU or Switzerland, you have certain rights with respect to your Personal Information. Following is a summary of those rights and additional information applicable to our collection and use of your Personal Information.
Legal Basis for Processing Personal Information
If you are located in the EU or Switzerland, we rely on several legal bases to process your Personal Information. These legal bases include where:
- The processing is necessary to perform our contractual obligations, such as to provide you with our Services;
- You have given your prior consent, which you may withdraw at any time (such as for marketing purposes or other purposes we obtain your consent for from time to time);
- The processing is necessary to comply with a legal obligation, a court order or to exercise or defend legal claims; and
- The processing is necessary for the purposes of our legitimate interests, such as in improving, personalizing, and developing our Site and Services, marketing new features or products that may be of interest, and promoting safety and security as described above.
If you have any questions about or would like further information concerning the legal bases on which we collect and use your Personal Information, please contact us by emailing firstname.lastname@example.org.
Rights Under the General Data Protection Regulation
If you are located in the EU or Switzerland, you have the following rights in respect of your Personal Information that we hold:
- Right of access. The right to obtain access to your Personal Information.
- Right to rectification. The right to obtain rectification of your Personal Information without undue delay where that Personal Information is inaccurate or incomplete.
- Right to erasure. The right to obtain the erasure of your Personal Information without undue delay in certain circumstances, such as where the Personal Information is no longer necessary in relation to the purposes for which it was collected or processed.
- Right to restriction. The right to obtain the restriction of the processing undertaken by us on your Personal Information in certain circumstances, such as where the accuracy of the Personal Information is contested by you, for a period enabling us to verify the accuracy of that Personal Information.
- Right to portability. The right to portability allows you to move, copy or transfer Personal Information easily from one organization to another.
- Right to object. You have a right to object to processing based on legitimate interests and direct marketing.
If you wish to exercise one of these rights, please email us at email@example.com. You also have the right to lodge a complaint to your local data protection authority. Further information about how to contact your local data protection authority is available at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
Retention of Personal Information
When reserve the right to retain any Personal Information as long as it is needed to: (1) fulfill the purposes for which we collected the Personal Information; and (2) comply with applicable law.
Transfers of Personal Information
Obligations to Data Protection Authorities (DPAs)
We will respond diligently and appropriately to requests from DPAs about this policy or compliance with applicable data protection privacy laws and regulations. We will, upon request, provide DPAs with names and contact details of the individuals designated to handle this process. With regard to transfers of Personal Information, we will (1) cooperate with inquiries from the DPA responsible for the entity exporting the data and (2) respect its decisions, consistent with applicable law and due process rights. With regard to transfers of data to third parties, we will comply with DPAs’ decisions relating to it and cooperate with all DPAs in accordance with applicable legislation.
11. Updates to this Policy and Contact Information
If you have any questions about your privacy or security on our Platform, please contact us using the following information:
Grit Digital Health LLC
2128 15th Street
Denver, CO 80202