RefReps Privacy Policy includes provisions for Customer (Section 1), End User (Section 2), Parent (Section 3), Student (Section 4), and Educator (Section 5).

​

Section 1:

Customer

 

RefReps Customer Privacy Policy

Please note that this policy applies to individuals who visit RefReps commercial web sites or otherwise interact with us as customers via our web sites, social media, or at events. As a customer, you may also be an end user. Please be sure to review our End User Privacy Policy (Section 2) regarding our privacy practices for end user PII. Our commercial web sites, such as www.refreps.com, are not intended for use by minors below the age of 13. Privacy information for users of our digital learning systems, including those under the age of 13, can be found under the appropriate Sections (End User and Parents).

 

RefReps is a global organization. We follow privacy laws and regulations that are applicable to our company and our services in the areas where we do business. By accessing our web sites or otherwise providing your personal information to RefReps, you acknowledge that we will process your PII in accordance with this notice.

 

What is Personal Information?

Personally Identifiable Information, or PII, shall mean any information relating to an identified or identifiable natural person ("data subject") including personal data as defined under applicable local law. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

 

What Personal Information do we collect?

We collect PII, such as contact information, education details, or payment information, in order to provide you with the product and/or service requested.

 

We, or our service providers on our behalf, collect PII and other information when you access and/or submit PII on one of our web sites or interact with us at an event. You are not required to provide PII; however, in order to use certain services, we may need to collect certain PII for that service to function properly (e.g., to finalize your purchase) or for us to provide you with requested information.

 

Depending on the service or transaction, the PII we collect includes information from the following categories:

1. Name, initials or white page information: On our consumer web sites, we collect your name, initials or contact information when you create an account or purchase a product on our online store. We also collect your email address. We also collect this information if you connect with us via your social media account as an existing or potential customer.

2. Payment card industry data such as credit card number, billing address, etc.: If you make an online purchase from us, in addition to your name, we collect payment information through a third party website, which includes billing and shipping addresses and credit card data to process your transaction.

3. Contests and Promotions: If you participate in a contest or promotion with RefReps, we collect your name, contact information, and other information necessary to enter the contest or participate in the promotion.

4. Communications: If you choose to communicate with or receive communications from RefReps via phone, text, chat, email, or any other platform for technical support, customer service, or other assistance, those interactions may be recorded and monitored to deliver the service or information requested by you.

5. Third Party Marketing Lists: RefReps does not purchase or rent marketing lists from various providers including but not limited to event management companies and education non-profits.

 

We automatically collect computer metadata and content to provide, improve, and maintain our products and services.

 

When you visit or make transactions on our websites, we automatically collect certain information from you through the use of cookies, web beacons or other tracking mechanisms. This includes information about your experience such as your IP address, operating systems, pages viewed, and time spent. This allows RefReps to collect information about customer usage and online behavior to tailor marketing to areas that may be more appropriate for the customer.

 

Third parties also collect information automatically from you across websites and over time through the use of their own cookies, web beacons, and tracking mechanisms. This information is used to enable the functions of the site, as well as customize, maintain, and improve our web sites. You may disable cookies via your browser or third party mechanisms. However, some features of our services may not function properly without them.

 

Third parties include:​

• Amazon AWS | aws.amazon.com | Web Hosting

• Mailgun | www.mailgun.com | Sending Emails

• Twilio | www.twilio.com | SMS Messaging

• Pipedrive |www.pipedrive.com | Customer Support

 

You can change your Web browser's Internet preferences to disable or delete cookies, although that may affect certain functions on this site. To learn how to manage your cookies, please follow the instructions for your specific browser. If you wish to opt out of the use of data collected on our site to send you targeted advertising during your visits to other websites, you should adjust your browser preferences to not accept cookies. As an alternative, the following websites will allow you to opt out of the multi-site cookies http://www.aboutads.info/choices or http://youronlinechoices.eu/.

 

How do we use personal information?

We will use PII to provide the requested service or to process transactions such as information requests or purchases in order to meet our contractual obligations to you.

 

We will also process your PII to meet our legitimate interests, for example to personalize your experience and to deliver relevant content to you; to maintain and improve our services; to generate and analyze statistics about your use of the services; and to detect, prevent, or respond to fraud, intellectual property infringement, violations of law, violations of our rights or Terms & Conditions, or other misuse of the services.

 

Except as described in this policy, we limit the use, collection, and disclosure of your PII to deliver the service or information requested by you. We do not collect, use, or disclose PII that is not reasonably related to the purposes described within this notice without prior notification. Your information may be combined in an aggregate and de-identified manner in order to maintain and/or improve our services.

 

Do we use personal information to market to you

Where we are permitted by law to do so, we will send electronic marketing communications to you as a customer, depending on your location, however you always have the option to change your marketing preferences.

 

Depending on your location, where legally permissible, RefReps uses your PII to provide you with materials that we believe are of interest. This includes information from the platforms on which you choose to communicate with us including email, social media accounts, mobile devices and apps, RefReps websites including text/chat functions, and your shopping cart.

 

In some locations, such as the European Union, we will only send electronic marketing communications to consumers if you provide your consent, however such communications may still be sent directly to businesses without consent. In all instances, you may choose to change your marketing preferences at any time by completing our Global Opt-Out Form (https://forms.gle/cXAmy1SEh2VF3EeH6), clicking the unsubscribe button in any marketing email you receive from us, or by contacting RefReps Privacy Official (hype@gmail.com).

 

RefReps shares your information with third parties to provide you with marketing from us, however we will not share your PII with third parties for them to market to you on their own behalf.

 

Please note, whatever preferences you select for marketing, you may still receive some transactional emails related to the services or products you purchase or use.

 

When do we share personal information?

In general, we only share your PII in order to provide, maintain, or improve our products or services, or respond to legal requests.

1. Co-branded/Other Web Sites and Features – We share your PII with third-party business partners for the purpose of providing services to you and to manage co-sponsored events. Those business partners will be given limited access to the PII that is reasonably necessary to deliver the service, and we will require that such third parties follow the same privacy and security practices as RefReps.

2. Business Transfer – In the event of a sale, merger or acquisition, we will be able to transfer your PII to a separate entity. We will use commercially reasonable efforts to require this entity to use your PII only for authorized purposes and by authorized persons in a manner consistent with the choices customers have made under this notice, and that security, integrity, and privacy of the information is maintained.

3. Agents/Service providers – We hire other companies to perform certain business-related functions on our behalf and according to our instructions. We provide your PII to service providers that host our platform data in the cloud, for example, AWS.

4. Law Enforcement – In the event that RefReps receives a legal demand for customer data from a law enforcement agency, that request will only be honored if:

   • The request complies with all laws and clearly establishes the legal need for disclosure.

   • The request is related to a specific investigation and specific user accounts are implicated in that investigation.

   • Whenever legally permissible, users shall receive notice that their information is being requested.

 

RefReps reserves the right to disclose to third parties non-personally identifiable information about our users and their use of the RefReps websites and related services. For example, RefReps may disclose aggregate data about the overall patterns or demographics of the users of the RefReps websites to third parties.

 

What rights do you have around your personal information?

You have the rights to access, export, be informed about, rectify, object to the further processing of, restrict the processing of, and withdraw consent to the processing of, and erase your PII.

1. Access and rectification: We strive to ensure that information we have about you is accurate and current. You may obtain confirmation as to whether or not PII concerning you exists, regardless of whether PII has already been recorded, and to be communicated such information in a readily understandable form. If you want to review the PII you have provided to us, or believe that the information we have about you is inaccurate, you should make a request by following the instructions below.

2. Choice & Objection to processing: With limited exceptions, you may choose to change how we use your PII at any time by following the instructions below on making a request. However, if the PII is required in order to provide you with the service or process a transaction, you may not be able to opt-out without canceling the transaction or service. You may object, in whole or in part, on legitimate grounds, to the processing of your PII, even where such processing is relevant to the purpose of the collection. In addition, you may choose whether to share information about yourself and the use of our sites with third parties such as social media sites. You can also choose whether to receive marketing messages from us (see your options in our “Do we use your PII to market to you?” section above) and you may object, in whole or in part, to such processing.

3. Restriction of processing: In specific cases (e.g., if you challenge the accuracy of the PII, while this is being checked), you can request a restriction on the processing of your PII, which can only be processed to file or defend claims.

4. Information: You may be informed a) of the source of the PII; b) of the purposes and methods of the processing; c) of the logic applied to the processing, if processing is carried out with the help of electronic means; d) of the identity of the data controller and data processors; and e) of the entities or categories of entities to whom the PII may be communicated and who may have access to such PII in their capacity as data processor(s) or person(s) in charge of the processing.

5. Data portability: You may request that we export your PII from our systems in a readily accessible file type. If completed, this means you will have received a copy of your PII that we have retained as a result of you doing business with RefReps.

6. Withdraw consent: Where we are using your PII with your consent, you may withdraw your consent at any time, though this will not affect the lawfulness of our uses of your PII prior to the withdrawal.

7. Erasure: You may request erasure, anonymization or blocking of PII that have been processed unlawfully, including PII whose retention is unnecessary for the purposes for which it has been collected or subsequently processed, and will obtain certification to the effect that such operations, as well as their contents, have been notified to the entities to whom the data were communicated, unless this requirement proves impossible or involves a manifestly disproportionate effort. At your request, in such instances, we may therefore delete or de-identify your information. However, you should be aware that doing this may limit your use of our services. For example, if you request the deletion of your account within an ecommerce portal, you may be required to re-enter this information should you wish to make another purchase.

 

To exercise any of your data subject rights, you should fill in a Data Request Form (https://forms.gle/pbBXeLTMen8iB9v79) or contact RefReps Privacy Official (hype@refreps.com).

 

How do we protect personal information?

Our IT security team has established industry standard security measures to protect your PII from unauthorized access and use.

RefReps takes reasonable precautions to protect your information. When you submit personal information via the website, your information is protected both online and off-line. RefReps utilizes reasonable security measures to protect the security and confidentiality of your PII from unauthorized access and use.

 

How long do we retain personal information?

We will retain your data for the minimum amount of time necessary to accomplish the purpose for which it was collected, and thereafter no longer than is permitted under RefReps’ data retention policies. We will retain and use your data as necessary to comply with our obligations, resolve disputes and enforce agreements.

 

For information on the retention period that applies, reach out to the Privacy Office by emailing hype@refreps.com.

 

Version 1.2 6/29/2023, 12:01:12 PM

​

Section 2:

​

End User

 

RefReps End User Privacy Policy

As a global leader in providing digital learning systems for educators and students, RefReps is deeply committed to protecting the privacy of our end users. Whether you are using any of our Services, we collect Personally Identifiable Information that we use to provide, maintain and improve the solution. We are providing the below information so that you can understand how we protect and use your information. If you are under 18 or still in high school/equivalent education level, we require/suggest that you review this information with your parents. 

 

This information applies to all end users of our digital learning system. Since RefReps is a service provider to you or your institution, your Educational institutions are best able to provide you with a full understanding of their privacy practices and more information on how their end user’s Personally Identifiable Information (PII) is collected, shared, and used. To obtain more detailed information about how PII is collected, used, and shared by your educational institution, please contact the appropriate individual at that institution.

 

In limited circumstances, end users may also be customers of RefReps and RefReps may market to them as a customer. For example, end users may purchase products or create personal accounts in our web sites. In these circumstances, they would be treated as a customer. For more information on how your data is used as a customer, please review the Customer Data Privacy Policy (Section 1). By contrast, this End User Data Privacy Policy (Section 2) applies to end users with respect to the information collected and processed as part of a course of instruction within the digital learning solution as determined by their educational institution or employer. Aggregated de-identified end user PII is leveraged by RefReps to improve existing or develop new educational products and services.

 

RefReps is a global organization. We follow privacy laws and regulations that are applicable to our company and our services in the areas where we do business. Should our privacy practices change, we will update it here, but more importantly, we will notify your educational institution in writing and obtain their consent before implementing any material impact to your privacy rights.

 

What is Personal Information?

Personally identifiable information, or PII, is any information relating to an identified or identifiable natural person ("data subject") including personal data as defined under applicable local law. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

 

What Personal Information do we collect?

We collect PII, such as contact information and education details, in order to provide you with the product and/or service requested.

 

We only collect the information required to provide, maintain and improve the digital learning solution you use. When you register, or are registered within one of our digital learning solutions, we collect your name, school, instructor, class, and login information. Once you begin using one of our solutions, we collect your input to questions, technical specifications, and other information about how you use the solution. You are not required to provide PII; however, in order to use certain services, we may need to collect certain PII for that service to function properly or for us to provide you with requested information.

 

Depending on the product, the PII we collect includes information from the following categories:

• Name, initials, and personal or business-related contact information

• For our digital learning systems, we collect your name/initials and contact information when you create an account. However, we collect additional PII, or confirm existing PII, if you contact customer service with an issue or question.

• Education & professional information

• For some digital learning systems, we collect PII related to your position as an educator or student. This includes the state, district, name of school, courses, etc.

• In some instances, we collect PII from third parties who provide single-sign-on functions via Learning Management Systems or related tools.

 

We automatically collect computer metadata and content to provide, improve, and maintain our products and services.

When you use our digital learning systems, we automatically collect certain information from you through the use of cookies, web beacons or other tracking mechanisms. This includes information about your experience such as your IP address, operating systems, pages viewed, and time spent.

 

Third parties also collect information automatically from you across websites and over time through the use of their own cookies, web beacons, and tracking mechanisms. This information is used to enable the functions of the digital learning system, as well as customize, maintain, and improve our digital learning systems. You may disable cookies via your browser or third party mechanisms. However, some features of our digital learning systems may not function properly without them.

 

Third parties include:

• Amazon AWS | aws.amazon.com | Web Hosting

• Mailgun | www.mailgun.com | Sending Emails

• Twilio | www.twilio.com | SMS Messaging

• Pipedrive |www.pipedrive.com | Customer Support

​

If you choose to communicate with or receive communications through our services via phone, text, chat, email, or any other platform for technical support, customer service, or other assistance, those interactions may be recorded and monitored to deliver the solution or information requested by you.

 

How do we use personal information?

As mentioned above, we use your information to provide you with the digital learning solution on behalf of your school, in order to meet our contractual obligation to you or your school with respect to the service. For example, to assist with identifying users across products and providing consistent service and to enable sharing of data between our products and your school’s learning management system.

 

We will also process your PII to meet our legitimate interests, for example to improve the quality of services and products.

Except as described in this notice, we limit the use, collection, and disclosure of your PII to the minimum level necessary to deliver the service or information requested by you or your institution. We do not collect, use, or disclose PII that is not reasonably related to a legitimate business purpose necessary to serve you. Your information may also be used in order to maintain and/or improve our services.

 

Some of our digital learning solutions will use your previous responses to customize your learning experience. This customization is designed to ensure the best possible learning environment for a student without directly driving any determinative outcome.

Provision of your PII may be necessary in order to use the chosen digital learning solution. Failure to provide us with your PII may preclude you from using the digital learning solution.

 

Do we sell end-user personal information or use it for marketing purposes?

We will not sell end user PII or use information from educational records for marketing purposes.

 

We will not sell PII to other organizations, nor will we market to students using the information from their educational records (education records are defined as records directly related to a student and maintained by an educational agency or institution, or by a party acting for the agency or institution).

 

When do we share personal information?

In general, we only share your PII in order to provide, maintain, or improve our products or services, or respond to legal requests.

1. Co-branded/Other Web Sites and Features – We may share your PII with third-party business partners for the purpose of providing the service to you. These third-party business partners include cloud service providers, learning management systems (LMS), other educational software providers, etc. These business partners will be given limited access to the PII that is reasonably necessary to deliver the service, and we will require that such third parties follow the same privacy and security practices as RefReps.

2. Business Transfer – In the event of a sale, merger or acquisition, we will be able to transfer your PII to a separate entity. We will require this entity to use your PII only for authorized purposes and by authorized persons in a manner consistent with the choices end users have made under this notice, and that security, integrity, and privacy of your PII is maintained.

3. Agents/Service providers – We hire other companies to perform certain business-related functions on our behalf and according to our instructions. For example, we provide your PII to service providers that host our platform data in the cloud (e.g., AWS).

4. Educational Institutions / Corporation – As we provide products and services to your institution / corporation, we share your data with approved individuals such as administrators or educators.

5. Law Enforcement – In the event that RefReps receives a legal demand for end user data from a law enforcement agency, that request will only be honored if:

   • The request complies with all laws and clearly establishes the legal need for disclosure.

   • The request is related to a specific investigation and specific user accounts are implicated in that investigation.

   • Whenever legally permissible, users shall receive notice that their information is being requested.

 

RefReps reserves the right to disclose to third parties non-personally identifiable information about our users and their use of the RefReps services. For example, RefReps may disclose aggregate data about the overall patterns or demographics of the users of the RefReps products or services.

 

What rights do you have around your personal information?

As an end-user, you may have the rights to access, export, be informed about, rectify, object to the further processing of, restrict the processing of, withdraw consent to the processing of, and erase your personal information.

 

If you are or were a student, instructor, or administrator at an educational institution using a RefReps digital product, you must direct any requests to exercise your data subject rights to the appropriate representative at your institution. Otherwise, you may reach out to RefReps directly on the requests below:

1. Access and rectification – We strive to ensure that the PII we have about you is accurate and current. You may obtain confirmation as to whether or not PII concerning you exists, regardless of whether PII has already been recorded, and be communicated such information in a readily understandable form.

2. Choice & Objection to processing – With limited exceptions, you may choose to change how we use your PII at any time. However, if the PII is required in order to provide you with the service or process a transaction, you may not be able to opt-out without canceling the transaction or service. You may object, in whole or in part, on legitimate grounds, to the processing of your PII, even where such processing is relevant to the purpose of the collection. Please know that if we do receive a request to object to the further processing of your information, you may no longer be able to access or use the digital learning solution.

3. Withdraw consent – Your educational institution is responsible for obtaining your consent, where required. RefReps obtains consent from your institution to collect, process, and store your PII.

4. Restriction of processing: In specific cases (e.g., if you challenge the accuracy of the PII, while this is being checked), you can request a restriction on the processing of your PII, which can only be processed to file or defend claims.

5. Information – You have the right to be informed a) of the source of the PII; b) of the purposes and methods of the processing; c) of the logic applied to the processing, if processing is carried out with the help of electronic means; d) of the identity of the data controller and data processors; and e) of the entities or categories of entities to whom the PII may be communicated and who may have access to such PII in their capacity as data processor(s) or person(s) in charge of the processing.

6. Data portability – You have the right to export your PII from our systems in a readily accessible file type.

7. Erasure – You may request erasure, anonymization or blocking of a) PII that have been processed unlawfully; b) PII whose retention is unnecessary for the purposes for which it has been collected or subsequently processed. You can obtain certification to the effect that such operations, as well as their contents, have been notified to the entities to whom the data were communicated, unless this requirement proves impossible or involves a manifestly disproportionate effort. Since your educational institution has hired us to manage this information for them, we ask that you or your parent make any request to delete your information directly to your school. Please know that if we do receive a request to delete your information, you may no longer be able to access or use the digital learning solution.

 

How do we protect personal information?

Our IT security team has established industry standard security measures to protect your PII from unauthorized access and use.

RefReps takes reasonable precautions to protect your information. When you submit PII via the digital learning system, your information is protected both online and off-line. RefReps utilizes reasonable security measures to protect the security and confidentiality of your PII from unauthorized access and use.

 

How long do we retain personal information?

We will retain your data for the minimum amount of time necessary to accomplish the purpose for which it was collected, and thereafter no longer than is permitted under RefReps’ data retention policies. We will retain and use your data as necessary to comply with our obligations, resolve disputes and enforce agreements.

 

For information on the retention period that applies, reach out to the Privacy Office by emailing hype@refreps.com.

 

Version 1.2 6/29/2023, 12:01:12 PM

​

Section 3:

 

Parent

​

RefReps Parents Privacy Policy

Protecting privacy and maintaining the trust of our customers, students, and their parents has always been a key priority for us. To enhance learning, we need access to data, measurement, insight and other feedback that inform us about students' knowledge, skill levels and learning development.

 

Our goal is to use the data obtained in the course of current learning activities to provide adaptive pathways of learning; not to drive commerce. Our commitment to privacy and innovation goes beyond compliance, it is part of our culture:

• We have implemented policies and procedures to support customers in their compliance with privacy laws, including: GDPR, COPPA, and FERPA.

• We have an internal Privacy Council comprised of senior leaders throughout our company that provides the tone at the top to perpetuate best practices across our business.

• We do not support business models that create tolls and taxes on interoperability.

• We conduct regular scans of our applications to prevent and detect security breaches. We recognize that no system is 100% secure, but we take steps to prevent and mitigate the impact of adverse events.

 

By increasing awareness and transparency, we hope to better understand the concerns and learn how to talk with each other about privacy, security, and confidentiality.

 

Educational institutions, as data controllers, are ultimately responsible for providing a full understanding of the privacy practices around how their students' personally identifiable information is collected, shared, and used. To obtain more detailed information about how data is collected, used, and shared by an educational institution, please contact the appropriate representative at that institution.

 

For further details on our privacy practices around student data, please review the Student Data Privacy Policy (Section 4). The Student Data Privacy Policy (Section 4) details practices around how we collect and use student information, whether they are a student at an educational institution or an individual using a product on their own.

 

If you have purchased a RefReps product for your child please also review the Customer Data Privacy Policy for information on how we handle your personally identifiable information.

 

If you have purchased a RefReps product and created an account for yourself as an educator, please also review the Educator Data Privacy Policy (Section 5). The Educator Data Privacy Policy (Section 5) also applies to educators at educational institutions.

 

If you choose to communicate with or receive communications from RefReps via phone, text, chat, email, or any other platform for technical support, customer service, or other assistance, those interactions may be recorded and monitored to deliver the information requested by you.

 

Version 1.2 6/29/2023, 12:01:12 PM

​

Section 4:

Student

 

RefReps Student Privacy Policy

As a global leader in providing digital learning systems for educators and students, RefReps is deeply committed to protecting the privacy of our end users. Whether you are using any of our Services, we collect Personally Identifiable Information that we use to provide, maintain and improve the solution. We are providing the below information so that you can understand how we protect and use your information. If you are under 18 or still in high school or an equivalent education level, we require/suggest that you review this information with your parents.

 

This information applies to all students of our digital learning system. Since RefReps is a service provider to your institution, your institution Educational institutions are best able to provide you with a full understanding of their privacy practices and more information on how their end user’s Personally Identifiable Information (PII) is collected, shared, and used. To obtain more detailed information about how PII is collected, used, and shared by your educational institution, please contact the appropriate individual at that institution.

 

In limited circumstances, students may also be customers of RefReps and RefReps may market to them as a customer. For example, students may purchase products or create personal accounts in our web sites. In these circumstances, they would be treated as a customer. For more information on how your data is used as a customer, please review the Customer Privacy Policy (Section 1). By contrast, this Student Data Privacy Policy (Section 4) applies to students with respect to the information collected and processed as part of a course of instruction within the digital learning solution as determined by their educational institution or employer. Aggregated de-identified student PII is leveraged by RefReps to improve existing or develop new educational products and services.

 

RefReps is a global organization. We follow privacy laws and regulations that are applicable to our company and our services in the areas where we do business. Should our privacy practices change, we will update it here, but more importantly, we will notify your educational institution in writing and obtain their consent before implementing any material impact to your privacy rights.

 

What is Personal Information?

Personally identifiable information, or PII, is any information relating to an identified or identifiable natural person ("data subject") including personal data as defined under applicable local law. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

 

What Personal Information do we collect?

We collect PII, such as contact information and education details, in order to provide you with the product and/or service requested.

 

We only collect the information required to provide, maintain and improve the digital learning solution you use. When you register, or are registered within one of our digital learning solutions, we collect your name, school, instructor, class, and login information.

 

Once you begin using one of our solutions, we collect your input to questions, technical specifications, and other information about how you use the solution. You are not required to provide PII; however, in order to use certain services, we may need to collect certain PII for that service to function properly or for us to provide you with requested information.

 

Depending on the product, the PII we collect includes information from the following categories:

• Name, initials, and personal or business-related contact information

• For our digital learning systems, we collect your name/initials and contact information when you create an account. However, we collect additional PII, or confirm existing PII, if you contact customer service with an issue or question.

• Education & professional information

• For some digital learning systems, we collect PII related to your position as an educator or student. This includes the state, district, name of school, courses, etc.

• In some instances, we collect PII from third parties who provide single-sign-on functions via Learning Management Systems or related tools.

 

We automatically collect computer metadata and content to provide, improve, and maintain our products and services.

 

When you use our digital learning systems, we automatically collect certain information from you through the use of cookies, web beacons or other tracking mechanisms. This includes information about your experience such as your IP address, operating systems, pages viewed, and time spent.

 

Third parties also collect information automatically from you across websites and over time through the use of their own cookies, web beacons, and tracking mechanisms. This information is used to enable the functions of the digital learning system, as well as customize, maintain, and improve our digital learning systems. You may disable cookies via your browser or third party mechanisms. However, some features of our digital learning systems may not function properly without them.

 

If you choose to communicate with or receive communications through our services via phone, text, chat, email, or any other platform for technical support, customer service, or other assistance, those interactions may be recorded and monitored to deliver the solution or information requested by you.

 

How do we use personal information?

As mentioned above, we use your information to provide you with the digital learning solution on behalf of your school, in order to meet our contractual obligation to you or your school with respect to the service. For example, to assist with identifying users across products and providing consistent service and to enable sharing of data between our products and your school’s learning management system.

 

We will also process your PII to meet our legitimate interests, for example to improve the quality of services and products.

 

Except as described in this notice, we limit the use, collection, and disclosure of your PII to the minimum level necessary to deliver the service or information requested by you or your institution. We do not collect, use, or disclose PII that is not reasonably related to a legitimate business purpose necessary to serve you. Your information may also be used in order to maintain and/or improve our services.

 

Some of our digital learning solutions will use your previous responses to customize your learning experience. This customization is designed to ensure the best possible learning environment for a student without directly driving any determinative outcome.

 

Provision of your PII may be necessary in order to use the chosen digital learning solution. Failure to provide us with your PII may preclude you from using the digital learning solution.

 

Do we sell student personal information or use it for marketing purposes?

We will not sell end user PII or use information from educational records for marketing purposes.

 

We will not sell PII to other organizations, nor will we market to students using the information from their educational records (education records are defined as records directly related to a student and maintained by an educational agency or institution, or by a party acting for the agency or institution).

 

When do we share personal information?

In general, we only share your PII in order to provide, maintain, or improve our products or services, or respond to legal requests.

1. Co-branded/Other Web Sites and Features – We may share your PII with third-party business partners for the purpose of providing the service to you. These third-party business partners include cloud service providers, learning management systems (LMS), other educational software providers, etc. These business partners will be given limited access to the PII that is reasonably necessary to deliver the service, and we will require that such third parties follow the same privacy and security practices as RefReps.

2. Business Transfer – In the event of a sale, merger or acquisition, we will be able to transfer your PII to a separate entity. We will require this entity to use your PII only for authorized purposes and by authorized persons in a manner consistent with the choices end users have made under this notice, and that security, integrity, and privacy of your PII is maintained.

3. Agents/Service providers – We hire other companies to perform certain business-related functions on our behalf and according to our instructions. For example, we provide your PII to service providers that host our platform data in the cloud (e.g., AWS).

4. Educational Institutions / Corporation – As we provide products and services to your institution / corporation, we share your data with approved individuals such as administrators or educators.

5. Law Enforcement – In the event that RefReps receives a legal demand for end user data from a law enforcement agency, that request will only be honored if:

   • The request complies with all laws and clearly establishes the legal need for disclosure.

   • The request is related to a specific investigation and specific user accounts are implicated in that investigation.

   • Whenever legally permissible, users shall receive notice that their information is being requested.

 

RefReps reserves the right to disclose to third parties non-personally identifiable information about our users and their use of the RefReps services. For example, RefReps may disclose aggregate data about the overall patterns or demographics of the users of the RefReps products or services.

 

What rights do you have around your personal information?

As an end-user, you may have the rights to access, export, be informed about, rectify, object to the further processing of, restrict the processing of, withdraw consent to the processing of, and erase your personal information.

 

If you are or were a student, instructor, or administrator at an educational institution using a RefReps digital product, you must direct any requests to exercise your data subject rights to the appropriate representative at your institution. Otherwise, you may reach out to RefReps directly on the requests below:

1. Access and rectification – We strive to ensure that the PII we have about you is accurate and current. You may obtain confirmation as to whether or not PII concerning you exists, regardless of whether PII has already been recorded, and be communicated such information in a readily understandable form.

2. Choice & Objection to processing – With limited exceptions, you may choose to change how we use your PII at any time. However, if the PII is required in order to provide you with the service or process a transaction, you may not be able to opt-out without canceling the transaction or service. You may object, in whole or in part, on legitimate grounds, to the processing of your PII, even where such processing is relevant to the purpose of the collection. Please know that if we do receive a request to object to the further processing of your information, you may no longer be able to access or use the digital learning solution.

3. Withdraw consent – Your educational institution is responsible for obtaining your consent, where required. RefReps obtains consent from your institution to collect, process, and store your PII.

4. Restriction of processing: In specific cases (e.g., if you challenge the accuracy of the PII, while this is being checked), you can request a restriction on the processing of your PII, which can only be processed to file or defend claims.

5. Information – You have the right to be informed a) of the source of the PII; b) of the purposes and methods of the processing; c) of the logic applied to the processing, if processing is carried out with the help of electronic means; d) of the identity of the data controller and data processors; and e) of the entities or categories of entities to whom the PII may be communicated and who may have access to such PII in their capacity as data processor(s) or person(s) in charge of the processing.

6. Data portability – You have the right to export your PII from our systems in a readily accessible file type.

7. Erasure – You may request erasure, anonymization or blocking of a) PII that have been processed unlawfully; b) PII whose retention is unnecessary for the purposes for which it has been collected or subsequently processed. You can obtain certification to the effect that such operations, as well as their contents, have been notified to the entities to whom the data were communicated, unless this requirement proves impossible or involves a manifestly disproportionate effort. Since your educational institution has hired us to manage this information for them, we ask that you or your parent make any request to delete your information directly to your school. Please know that if we do receive a request to delete your information, you may no longer be able to access or use the digital learning solution.

 

How do we protect personal information?

Our IT security team has established industry standard security measures to protect your PII from unauthorized access and use.

RefReps takes reasonable precautions to protect your information. When you submit PII via the digital learning system, your information is protected both online and off-line. RefReps utilizes reasonable security measures to protect the security and confidentiality of your PII from unauthorized access and use.

 

How long do we retain personal information?

We will retain your data for the minimum amount of time necessary to accomplish the purpose for which it was collected, and thereafter no longer than is permitted under RefReps’ data retention policies. We will retain and use your data as necessary to comply with our obligations, resolve disputes and enforce agreements.

 

For information on the retention period that applies, reach out to the Privacy Office by emailing hype@refreps.com.

 

Version 1.2 6/29/2023, 12:01:12 PM