CRESCONOVA ACADEMY, INC.


PRIVACY POLICY


Last Updated: November 15, 2022


WE WILL POST ANY CHANGES TO THIS PRIVACY POLICY IN A NOTICE OF THE CHANGE AT THE BOTTOM OF OUR WEB PAGE WITH A HYPERLINK THERETO. WE WILL ALSO SEND YOU AN EMAIL DESCRIBING SUCH CHANGES. PLEASE REGULARLY REVIEW THIS PRIVACY POLICY. NEVERTHELESS IF YOU CONTINUE TO USE OUR SERVICES, YOU ARE BOUND BY ANY CHANGES THAT WE MAKE TO THIS PRIVACY POLICY.


  1. INTRODUCTION


Cresconova Academy, Inc.  (“Cresconova, “we,” “us,” or “our”) respects the privacy of its Users which includes the parent or legal guardians of users below eighteen (18) years of age (“User,” “Students”, “your,” or “you”). This Privacy Policy (the “Privacy Policy”) explains how we collect, use, disclose, and safeguard your information when you use Cresconova Platform (the “Platform”) through Cresconova’s website at www.cresconova.org (the “Website”). Cresconova is a Delaware non-profit education company that fosters critical thinking, social-emotional learning, collaboration and problem solving currently by providing online courses and educational consulting to gifted students aged 6 - 12 and their parents.

Cresconova is committed to protecting the privacy of its Users whose information is collected and stored while using Cresconova’s Platform through our Website. This Privacy Policy is applicable to our Website, Platform and all applications offered for sale to the public.

The capitalized terms have the same meaning as ascribed in our Terms of Use or Terms of Service as applicable, unless otherwise noted here.

PLEASE READ THIS PRIVACY POLICY CAREFULLY TO UNDERSTAND OUR POLICIES AND PRACTICES REGARDING YOUR INFORMATION AND HOW WE WILL TREAT IT. BY ACCESSING OR USING OUR WEBSITE, APP, AND PLATFORM, YOU AGREE TO ACCEPT ALL THE TERMS CONTAINED IN THIS PRIVACY POLICY AND ACKNOWLEDGE AND AGREE WITH THE PRACTICES DESCRIBED HEREIN. IF YOU DO NOT AGREE WITH THE TERMS OF THIS PRIVACY POLICY, PLEASE DO NOT ACCESS AND USE OUR WEBSITE, APP, AND PLATFORM.

IF YOU HAVE ANY QUESTIONS REGARDING THIS PRIVACY POLICY, PLEASE SEND US AN EMAIL AT legal@cresconova.org.

WE DO NOT SELL YOUR PERSONAL INFORMATION, NOR DO WE INTEND TO DO SO. WE DO NOT GIVE ACCESS TO YOUR PERSONAL INFORMATION TO THIRD PARTIES EXCEPT TO SUBPROCESSORS TO ASSIST US IN THE PROVISION OF OUR SERVICES TO YOU. 

KEY DEFINITIONS


  1. “Courses” means the learning courses designed specifically for gifted students and provided by Cresconova on the Platform.

  2. “Eduflow” means the third-party learning management system on which the Cresconova Platform is hosted where Users can access and take the Courses.

  3. “Learning Consultant” means the teachers engaged in providing lessons and instruction and responsible for developing a personalized plan for the students on the Platform.

  4. “Parent” means the parent or legal guardian of the student User who acts on behalf of the student User to provide the required consent for the student User under these Terms and our Privacy Policy, and is responsible for registering the student User by creating the account and paying for the Courses on our Platform.

  5. “Parental Consent Form” means the form that can be found here to obtain verifiable parent/legal guardian’s consent for Cresconova to collect, process and use Student’s data to provide service  in compliance with this Privacy Policy and our Terms of Service. 

  6. “Submissions” means the video submissions of homework activities created by Students and uploaded by Parents to the Platform.

  7. “Student” means the child who is undertaking instruction through the Courses on the Platform.



WHAT INFORMATION DO WE COLLECT?

When you register to use our Website or Platform, we collect personal information (also referred to as personally identifiable information or “PII”) which may include Parents and Students’ name, address, online contact information such as your email address or username, phone number,  city, country of residence, and age, grade level, type of school attended by the Student. The information so collected will be stored on our servers. You are able to change your personal information via email by contacting us at legal@cresconova.org or through your profile or account settings on our Website or Platform.  

  1. Audio and Video Information.  We may collect information audio and video information through the Submissions provided by you. 

  2. Financial Information. We currently do not collect or store any credit cards or bank information, as we are using a third-party payment processor.  However, we will update this Privacy Policy when we start using and storing such information. We will also inform you via reasonable means if we start collecting such information from you.

HOW DO WE COLLECT INFORMATION?


We collect personal information from you in the following ways:

  1. At registration on our Website or Platform; 

  2. In email, text, and other electronic messages between you and our Website or Platform;

  3. When you interact with our advertising and applications on third-party website and services, if those applications or advertising include a link to this Privacy Policy; 

  4. From you placing an order, which includes details of transactions you carry out on our Website or Platform;

  5. When you subscribe to a newsletter; 

  6. From your responses to a survey; 

  7. From forms filled out by you; 

  8. From records or copies of correspondences (including email addresses) if you contact us; ; and

  9. When you post information to be published or displayed on our Website or Platform. 

We collect information from you automatically when you navigate through our Website or Platform in the following ways:

  1. Information obtained through browser cookies; 

  2. Information obtained through flash cookies; 

  3. Web beacons on our Website; 

  4. Web beacons on emails sent by us; and

  5. Other tracking technologies. 


HOW DO WE USE YOUR INFORMATION?


We use the information that you provide to:

  1. Personalize your experience in using our Platform; 

  2. Provide you with information, products, or services requested from us;

  3. Present our Website and Platform and their contents to you;

  4. Provide you with notices about account and/or subscription, including expiration and renewal notices;

  5. Carry out obligations and enforce rights arising from contracts entered into between you and us, including billing and collection; 

  6. Notify you about changes to our Website and Platform and any products or services; 

  7. Allow you to participate in interactive features on our Website and Platform; 

  8. Improve the Website and Platform; 

  9. Improve our customer service;

  10. Administer contests, promotions, and surveys or other Website and Platform features; 

  11. Process transactions;

  12. Anonymize data and aggregate data for statistics;

  13. Contact you for other purposes with your consent;

  14. Contact you about our products and services that may be of interest; and

  15. To evaluate the Students’ activities submitted in the form of Submissions on the Platform and provide feedback; 

  16. Send you periodic emails, in accordance with the CAN-SPAM Act of 2003 as detailed in Section 17, via the email address provided by you to (i) send information, respond to inquiries, and/or other requests or questions; (ii) process orders and send information and updates pertaining to such orders; (iii) send additional information related to your product and/or service; and (iv) market to our mailing list or continue to send email to you after the original transaction has occurred. 


OUR COOKIE POLICY

Cookies are small pieces of text used to store information on web browsers. Cookies are used to store and receive identifiers and other information on computers, phones, and other devices. Other technologies, including data we store on your web browser or device, identifiers associated with your device, and other software, are used for similar purposes. In this Privacy Policy, we refer to all of these technologies as “Cookies.” 

We use Cookies on our Website and App to (a) help remember and process items in the shopping cart, (b) understand and save your preferences for future visits, (c) keep track of advertisements, (d) compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future, and (e) allow trusted third-party services that track this information on our behalf.  You can set your browser to refuse all or some browser Cookies, but it may affect your user experience. We honor Do Not Track signals and, if one is in place, we will not track, plant cookies, or use advertising. 

We allow third party behavioral tracking and links to third-party web pages.  Occasionally, at our discretion, we may include or offer third-party products or services on our Website or Platform.  These third-party sites have separate and independent privacy policies.  We, therefore, have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our Website,  or Platform and welcome any feedback at about these sites.  Please contact us at legal@cresconova.org.


HOW DO WE PROTECT INFORMATION WE COLLECT?

Our Website and App receive regular security scans and penetration tests.  Our Website and App also receive regular malware scans.  In addition, our Website and App use an SSL certificate as an added security measure. We require username and passwords for our employees who can access your personal information that we store and/or process on our Platform and servers. In addition, we actively prevent third parties from getting access to your personal information that we store and/or process on our Platform and servers.  We accept payment by credit card through a third party credit card processor on our behalf.  We will implement reasonable security measures every time you (a) place an order, or (b) enter, submit, or access your information, (c) register, or (d) access our Platform, on our Website and App.  


DATA SECURITY MEASURES.

  1. Security Measures.  We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. All information you provide to us is stored on our secure servers behind firewalls.  The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website or Platform, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Website or Platform. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on our Website or Platform. 

  2. Fair Information Practice Principles.  In the event of a personal data breach, we will notify you within seventy-two (72) hours via (i) email and/or (ii) our Platform notification system on our Website.  We agree to the individual redress principle, which requires that individuals have a right to pursue legally enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that that individuals have recourse to courts or a government agency to investigate and/or prosecute non-compliance by data processors.


DISCLOSURE OF PERSONAL INFORMATION

There are times when we may share Personal Information that you have shared with us may be shared by Cresconova with others to enable us to provide you over Services, including contractors, service providers, and third parties (“Partners”). This section discusses only how Cresconova may share such information with Partners. We will ensure that our Partners protect your Personal Information. The following describe how and with whom we may share your Personal Information: 

Disclosure of Personal Information. 

  1. We may disclose aggregated, de-personalized information about you that does not identify any individual to other parties without restriction, such as for marketing, advertising, or other uses.   

  2. We may disclose personal information to our subsidiaries and affiliates.

  3. We may disclose personal information to contractors, services providers, and other third parties. 

  4. We require all contractors, service providers, and other third parties to whom we disclose your personal information to be under contractual obligations to keep personal information confidential and to use it only for the purposes for which we disclose them.

  5. We may disclose personal information in the event of a merger, sale of business, etc.

  6. We require all other Partners, to whom we disclose your personal information, to enter into contracts with us to keep personal information confidential and use it only for the purposes for which we disclose it to such Partners. 

  7. We disclose personal information to fulfill the purpose for which you have provided it.

  8. We may disclose personal information for any other purpose for which you have provided it.

  9. We may only disclose personal information as described in this Privacy Policy or your consent. 

Other Disclosure of Personal Information. 

  1. We will disclose personal information (i) to comply with any court order, law, or legal process, including to respond to any government or regulatory request, (ii) to enforce or apply our Terms of Use or Terms of Service and other agreements, including for billing and collection purposes, (iii) if we believe it is necessary or appropriate to protect the rights, property, or safety of Cresconova, our customers or others, and/or (iv) if it is necessary or appropriate to protect the rights, property, or safety of Cresconova, our customers, or others, and this includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

Third Party Disclosure.

  1. We do not sell, trade, rent, or otherwise transfer personal information to others, unless we provide you with advance notice.  This does not include our hosting partners and other parties who assist us in operating our Website or Platform, conducting our business, or servicing you, so long as those parties agree to keep this information confidential.  

  2. We do not provide non-personally identifiable visitor information for marketing purposes. 

Choices Users Have About How Cresconova Uses and Discloses Information.

  1. Tracking Technologies and Advertising. You can set their browser to refuse some or all the browser cookies, but if you disable or refuse cookies, some parts of our Website may not be accessible or function properly. 

  2. Disclosure of Users’ Information for Third-Party Advertising.  Users can opt-out by (i) checking the relevant form when we collect the data; (ii) logging into the Website or Platform and adjusting their preferences in their account profile by checking or unchecking the relevant boxes, or (iii) emailing us their opt-out request at legal@cresconova.org.  Users receiving promotional email can opt-out by sending a return email requesting to be omitted from future promotional email distributions. This opt-out will not apply to information provided by Cresconova for product purchases, warranty registration, or other transactions.    


GOOGLE ADSENSE AND GOOGLE ANALYTICS

Google, as a third-party vendor, uses Cookies to serve advertisements to Users on our Website, App, and Platform. Google uses first-party Cookies, such as Google Analytics Cookies, to compile data regarding User interactions with ad impressions and other ad service functions as they relate to our Platform. We currently use Google Analytics to collect and process certain Website usage data. To learn more about Google Analytics and how to opt-out, please visit https://policies.google.com/privacy/google-partners

We use these Cookies to compile data regarding User interactions with ad impressions and other ad service functions as they relate to our Website or App. 


FOR OUR EUROPEAN CUSTOMERS AND VISITORS

We are headquartered in the United States. Most of the operations are located in the United States. Your Personal Information, which you give to us during  registration or use of our Website or Platform, may be accessed by or transferred to us in the United States.  If you are visiting our Web site or registering for our Services from outside the United States, be aware that your Personal Information may be transferred to, stored, and processed in the United States. Our servers or our third-party hosting services partners are located in the United States.  By using our site, you consent to any transfer of your Personal Information out of Europe, UK, or Switzerland for processing in the US or other countries. 

  • If you are a resident of or a visitor to Europe, you have certain rights with respect to the processing of your Personal Data, as defined in the General Data Protection Regulation (“GDPR”).

  • Please note that in some circumstances, we may ask you to provide us with additional information in connection with your request, which may be Personal Data, for example, if we need to verify your identity or the nature of your request.

  • In such situations, however, we will still respond to let you know of our decision.

  • As used herein, “Personal Data” means any information that identifies you as an individual, such as name, address, email address, IP address, phone number, business address, business title, business email address, company, etc.

  1. EU Standard Contractual Clauses.  On June 4, 2021, the EU promulgated a new set of SCCs (the “New SCCs”), which replaced the old SCCs which had been in place for over a decade. We now comply with the New SCCs with respect to the transfer of Personal Data from the EU to the US and other countries for Processing, as defined in the GDPR. If there is any conflict between the terms and conditions in this Privacy Policy and your rights under the New SCCs, the terms and conditions in the new SCCs will govern.

  2. The New SCCs.

  • The New SCCs took effect on June 27, 2021.

  • The Old SCCs may still be used for new data transfers in new contracts during a three-month transition period that ends on September 27, 2021.

  • Existing data transfers contracts that rely on the Old SCCs can be used until December 27, 2022, by which time all data transfers relying on the Old SCCs must be transitioned to the New SCCs.

  • As of now, we and our customers are using the New SCCs to transport Personal Data from the EU to other countries including the US for processing by us.

  • You are the Controller, as defined in the GDPR, and the Exporter, as defined in the New SCCs, of the Personal Data and we are a processor, as defined in the GDPR, and the Importer of such Personal Data. 

  • You agree to comply with the GDPR rules that apply to Controllers and the New SCCs rules that apply to Data Exporters. We agree to comply with the GDPR rules that apply to Processors and the New SCCs rules that apply to Data Importers. 

    3. Our GDPR Compliance Commitment

 

  • We agree to fully comply with the letter and the spirit of the GDPR and the New SCCs with respect to the transfer or your Personal Data for Processing outside the EU. 

  • As a Data Importer, a User may contact us as set forth in Subsection 9(d) below with respect to the Personal Data we store and process on you. 

  • We hereby notify you that we will be processing, as defined in the GDPR, the Personal Data of your Authorized Users (i.e., those individuals whom you have authorized to access our Platform and to use our Services) in the US, Canada, and Turkey for us to be able to provide the Services to you that we have agreed to do in our definitive service agreement between you and us. 

  • Upon request, we will provide you with a list of your Personal Data that we will process and a copy of the New SCCs under which we will transport your Personal Data for processing. 

  • We hereby warrant that, at the time of agreeing to the SCCs for the transport of your Personal Data, we have no reason to believe that the laws and practices applicable to us as a data processor and a data importer, including those of the US, Canada, and Turkey are not in line with the requirements of the New SCCs. 

  • If we cannot satisfy any request or dispute to your satisfaction, we will agree to arbitrate or litigate the dispute in the EU jurisdiction in which your reside. 

  • We will only transfer your Personal Data to a third country in accordance with documented instructions from you.

  • Your Personal Data will be transferred and stored in an encryption format. 

  • Only our employees, who have a need to access your Personal Data to enable us to meet our contractual and legal obligations to you, will be given access to your Personal Data.

  • Such employees will be given a User Name and Password to access your Personal Data. 

  • We will keep an automated record of all persons who have accessed your Personal Data.  


4.  Rights of Data Subjects. To make any of the following requests, with respect to this Privacy Policy, our Terms or Use, and/or Personal Data, please contact us (i) via email at legal@cresconova.org, or (ii) by writing to us at Cresconova Academy, Inc. 8 The Green, Ste. B Dover, Delaware 19901 USA.

 

5. Access: You can request more information about the Personal Information we hold about you. You can also request a copy of the Personal Information.

  1. Rectification: If you believe that any Personal Information we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data. Please contact us as soon as possible upon noticing any such inaccuracy or incompleteness.

  2. Objection: You can contact us to let us know that you object to the collection or use of your Personal Information for certain purposes.

  3. Erasure: You can request that we erase some or all of your Personal Information from our systems.

  4. Restriction of Processing: You can ask us to restrict further processing of your Personal Information.

  5. Portability: You have the right to ask for a copy of your Personal Information in a machine-readable format. You can also request that we transmit the data to another entity where technically feasible.

  6. Withdrawal of Consent: If we are processing your Personal Information based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, it may limit your ability to use some/ all of our Services or Platform and you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Information, if such use or disclosure is necessary to enable you to utilize some or all of our Services and Platform.

  7. Right to File Complaint: You have the right to lodge a complaint about our practices with respect to your Personal Information with the supervisory authority of your country or EU Member State. Please go to https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm to locate your Data Protection Authority in the EU. You may contact the UK’s Information Commissioner at https://ico.org.uk/make-a-complaint or by telephone: 0303 123 1113.

  8. We will respond to your inquiry within thirty (30) days of the receipt.  

 

FOR OUR AUSTRALIAN CUSTOMERS

 This Section supplements the information contained in our Privacy Policy above and applies solely to all visitors, users, and others to our Website, App, or Platform, who reside in Australia (“consumers” or “you”). 

The Australian privacy framework is governed by the federal Privacy Act 1988  (“Privacy Act”) and the Australian Privacy Principles (“APPs”) and certain State and territorial regulations. The Privacy Act and APPs apply to government agencies and certain private sector businesses. As defined under the Privacy Act, Cresconova is a small business operators i.e. with an annual turnover of less than AU$3 million and is exempt from the operation of the Privacy Act and APPs. This Privacy Policy is updated from time to time and we will ensure compliance with the Privacy Act and the APPs as required in the future and any terms defined in the Privacy Act have the same meaning when used in this Section. 

Notwithstanding, we value your and your children’s privacy and will collect, process and transfer personal information as defined in the Privacy Act under this Privacy Policy only after we obtain your informed consent, as set forth in this Parental Consent Form.


WE DO NOT SIGN UP CONSUMERS TO RECEIVE OUR SERVICES WITHOUT OBTAINING THE CONSENT FORM.

  1. Definition of Personal Information: "Personal information," is defined as “information or an opinion about an identified individual, or an individual who is reasonably identifiable:

(i)  whether the information or opinion is true or not; and

(ii)  whether the information or opinion is recorded in a material form or not.” 

Sensitive information" is a subset of personal information and is defined as: Information or an opinion (that is also personal information) about an individual’s:

  • Racial or ethnic origin

  • Political opinions

  • Membership of a political association

  • Religious beliefs or affiliations

  • Philosophical beliefs

  • Membership of a professional or trade association

  • Membership of a trade union

  • Sexual orientation or practices, or

  • Criminal record

  • Health information about an individual

  • Genetic information (that is not otherwise health information)

  • Biometric information that is to be used for the purpose of automated biometric verification or biometric identification,

We do not collect any sensitive information and shall not do so unless required for a legal basis and only with your consent.

 

  1. Rights of Data Subjects: Data Subjects have the following privacy rights in relation to their personal information:

    1. right to access the data subject's own personal data

    2. right to rectify/correct the data subject's own personal data where inaccurate or incomplete

    3. right to withdraw consent.

 

FOR OUR CANADIAN USERS

 

This Section supplements the information contained in our Privacy Policy above and applies solely to all visitors, users, and others to our Website or Platform, who reside in Canada (“consumers” or “you”). We ensure with the Personal Information Protection and Electronics Document Act of 2000 (“PIPEDA”) and any terms defined in the PIPEDA have the same meaning when used in this Section. 

  1. Definition of Personal Information.  Any information about an identifiable individual. Whatever may be the physical form or characteristics of a particular regime for “business contact information” (name, position, title, address, professional phone number, etc.) 

  2. Right to Access Personal Information.  You can request to access your personal information we hold about you. We will first confirm whether you have requested such information, explain how we have used your information, provide a list of names with whom your information has been shared and provide a copy of your information in an accessible format and make alternative formats available if requested. 

  3. Right to Correction/Limited Right to Deletion.  You can request us to correct or delete your information IF you demonstrate that the personal information we hold on you is inaccurate. We will delete or correct your information within thirty (30) calendar days. When we delete/correct your personal information we will inform the third parties with whom we have shared your information. 

  4. Right to be Forgotten.  Your information will be kept with us for as long as it is required for the fulfillment of the purposes of Cresconova platform. Unless we otherwise give you notice, we will retain your Information on the Cresconova Platform on your behalf until such times as you or we terminate your User Account.

  5. Data Breach Notification.  We will send a notification to you as soon as feasible regarding the information of any breach that creates a “real risk of significant harm” to you. We keep a record of every data breach and, on request, provide the Office of the Privacy Commissioner with access to the record. 

  6. Canadian Privacy Officer.  We have appointed a Canadian Privacy and Data Protection Officer, Katie Kelly, katie.kelly@cresconova.org, to make sure the privacy rights of our Canadian users are protected in compliance with PIPEDA.  

  7. Two Factor Authentication. You may enable two-factor authentication on your account to help ensure that only you can access your account. If you do, in addition to entering your password to log in to your account to access the Cresconova Platform, we will send a code to your mobile number, which you will need to enter. This added security prevents anyone else from accessing your Cresconova account unless they have access to your login information.

  8. Contact Information. You may contact us (i) at legal.cresconova.org, or (ii) by writing to us at Privacy Officer, at 8 The Green, Ste. B Dover, Delaware 19901 USA to (i) make a Personal Information Request, (ii) correct or delete your personal information, (iii) discuss our Privacy Policy and/or anything that has to do with it. We will respond within thirty (30) calendar days of receiving such a request or query. Additionally, in order for us to respond to your request or query, we will need to collect information from the requesting party to verify their identity.

 

 YOUR CALIFORNIA PRIVACY RIGHTS

Cresconova does not sell, trade, or otherwise transfer to outside third parties your “Personal Information” as the term is defined under the California Civil Code Section § 1798.82(h).  Additionally, California Civil Code Section § 1798.83 permits Users of our Website or Platform that are California residents to request certain information regarding our disclosure of their Personal Information to third parties for their direct marketing purposes. To make a request for such disclosure, or identification and/or deletion of Personal Information in all our systems that we store on you, please send an email to legal@cresconova.org or write us at Cresconova Academy, Inc. 8 The Green, Ste. B Dover, Delaware 19901 USA

Note that (i) if we delete your Personal Information as requested, we will no longer be able to provide our services to you and (ii) we may need to keep such Personal Information for a while during the shutting down and billing process. If you would like to discuss our Personal Information storage and processing process with us, please send us an email at legal@cresconova.org or write us at Cresconova Academy, Inc. 8 The Green, Ste. B Dover, Delaware 19901 USA.


FOR OUR SINGAPORE USERS

This Section supplements the information contained in our Privacy Policy above and applies solely to all visitors, users, and others to our Website or Platform, who reside in Singapore (“consumers” or “you”). We ensure with the Personal Data Protection Act (“PDPA”) as amended and any terms defined in the PDPA have the same meaning when used in this Section

  1. Definition of Personal Data: Personal Data is defined in the Act to mean data, whether true or not, about an individual (whether living or recently deceased i.e. 10 years of fewer) who can be identified from that data; or that data and other information to which the organization has, or is likely to have access. Business contact information is not Personal Data.

  2. Singaporean Data Protection Officer (“DPO”).  We have appointed a Singaporean Data Protection Officer, Katie Kelly, katie.kelly@cresconova.org, to make sure the privacy rights of our Singaporean users are protected in compliance with PDPA.  

  3. Do Not Call regime: The PDPA establishes a Do Not Call regime (“DNC regime”) that covers telephone calls, text messages, and faxes. We will not call, text or fax a number listed on the DNC regime to send marketing messages without your clear and unambiguous consent.

  4. Rights of Data Subjects: To comply with the PDPA we have made available this Privacy Policy detailing our data protection policies, publicly available. We obtain your express verifiable consent before collecting or processing Personal Data under this Privacy Policy. We will cease to retain Personal Data or anonymize it where it is no longer necessary for any business or legal purpose. We will ensure that Personal Data is accurate and complete if likely to be used to make a decision about the individual that will affect the individual and respond to requests by data subjects under their statutory rights.

  5. Breach Notification: We will send a notification to the Personal Data Protection Commission as soon as feasible and no later than three calendar days after the day we have made the assessment of a notifiable breach as defined under the PDPA  i.e. a breach that results in, or is likely to result in, significant harm to the affected individuals (including one that compromises personal data prescribed under the PDPA) or is of significant scale. 



COPPA COMPLIANCE (FOR CHILDREN UNDER 13 ONLY)

The Children’s Online Privacy Protection Act (“COPPA”) is a federal legislation that applies to entities that collect and store “Personal Information,” as the term is defined under COPPA, from children under the age of 13. We are committed to ensure compliance with COPPA. Our Website and Platform are not meant for use by children under the age of 13. Our Website and Platform do not target children under the age of 13. We only collect personal information of children under 13 and use it for the purposes set forth in this Privacy Policy after we obtain verifiable parental consent. The personal information such as the name of the child under 13, their school and age collected to set up the initial consultation with a learning consultant before a parent or legal guardian can register to use the Platform is deleted within thirty (30) days if the parent or guardian does not register to use the Platform.


You may update the information that is stored in your user account by visiting www.eduflow.com or by e-mailing us at legal@cresconova.org.

We strive to help parents ensure that their kids have a safe experience using our Services. Parents or legal guardians can review any Personal Information collected about their child under 13 years of age, have this information deleted, request that there be no further collection or use of their child’s Personal Information, and/or allow for our collection and use of their child’s Personal Information while withholding consent for us to disclose it to third parties. We take steps to verify the identity of anyone requesting information about a child and to ensure that the person is in fact the child’s parent or legal guardian.

If you would like to know more about our practices and specifically our practices in relation to COPPA compliance, please email us at legal@cresconova.org.

IF YOU ARE UNDER 13, PLEASE DO NOT ACCESS OR USE OUR WEBSITE OR PLATFORM. 

  1. FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT

Family Educational Rights and Privacy Act (“FERPA”) is a US federal legislation that protects the privacy of students’ Education Records. FERPA applies to a variety of information that directly relates to the student and is maintained by the educational institution or an outside agency such as Cresconova. Some of the information collected by us in the provision of our services to you may be considered an ‘Educational Record’ under FERPA. Therefore, we handle all student data in compliance with FERPA regulations.

Under FERPA, “Education Records” means those records that are:

(1) Directly related to a student; and

(2) Maintained by an educational agency or institution or by a party acting for the agency or institution.

Education Records can include grades, transcripts, class lists, student course schedules, health records (at the K-12 level), photos or videos that are directly related to the student i.e. not incidental.

“Directory Information” means information contained in an education record of a student that would not generally be considered harmful or an invasion of privacy if disclosed and is excluded from Education Records. Directory Information includes, but is not limited to, the student's name; address; telephone listing; electronic mail address; photograph; date and place of birth; major field of study; grade level; enrollment status (e.g., undergraduate or graduate, full-time or part-time); dates of attendance; participation in officially recognized activities and sports; weight and height of members of athletic teams; degrees, honors, and awards received; and the most recent educational agency or institution attended.

Rights under FERPA: Parents of students under 18 and students over 18 have the right to

  1. Inspect and review Education Records within 45 days of a request.

  2. Seek to amend Education Records believed to be inaccurate.

  3. Consent to the disclosure of personally identifiable information (PII) from Education Records except as specified by law.

Our privacy policy is designed to be compliant with FERPA. If you would like to know more about our practices, or make a request to inspect, review or amend an Education Record, please send an email to legal@cresconova.org.

CAN-SPAM ACT OF 2003

The CAN-SPAM Act establishes requirements for commercial messages, gives recipients the right to have businesses stop emailing them, and spells out penalties for violations.  Per the CAN-SPAM Act, we will:

  1. not use false or misleading subjects or email addresses; 

  2. identify the email message as an advertisement in some reasonable way; 

  3. include the physical address of Cresconova, which is 8 The Green, Ste. B Dover, Delaware 19901 USA; 

  4. monitor third-party email marketing services for compliance, if one is used;

  5. honor opt-out/unsubscribe requests quickly; and

  6. give an “opt-out” or “unsubscribe” option.    

If you wish to opt out of email marketing, follow the instructions at the bottom of each email or contact us at legal@cresconova.org.and we will promptly remove you from all future marketing correspondences.


MODIFICATIONS TO OUR PRIVACY POLICY

Cresconova reserves the right, at its sole discretion, to change or modify this Privacy Policy at any time. In the event we modify this Privacy Policy, such modifications shall be binding on you only upon your acceptance of the modified Privacy Policy. We will inform you about the modifications on our Privacy We will inform you about the modifications as set forth at the beginning of this Agreement.  In any event, your continued use of our Website or Platform shall constitute your consent to such changes.


LIST OF THIRD-PARTY SERVICE PROVIDERS

Cresconova uses the following third-party service providers for the provision of services as detailed under the Terms of Use or Terms of Service, as applicable

Name of Third-Party Service Provider

Contact Information

Shopify, Inc.

Website: https://www.shopify.com/

Address: 151 O’Connor Street, Ottawa ON KP 2L8 Canada

Google Pay

Website: https://pay.google.com

Address: 1600 Amphitheatre Parkway Mountain View, California 94043 USA

Eduflow (Peergrade Inc.)

Website: https://www.eduflow.com/

Address:  Peergrade Inc., 548 Market St #58941, San Francisco, California 94104-5401, United States of America. 

Additionally, if you have any questions or concerns about our third-party service providers, please email us at legal@cresconova.org.. 

COPYRIGHT INFRINGEMENT/DMCA NOTICE

If you believe that any content on our Website or Platform violates your copyright, and you wish to have the allegedly infringing material removed, the following information in the form of a written notification (pursuant to the Digital Millennium Copyright Act of 1998 (“DMCA Takedown Notice”)) must be provided to our designated Copyright Agent. 

  1. Your physical or electronic signature;

  2. Identification of the copyrighted work(s) that you claim to have been infringed;

  3. Identification of the material on our Website or Platform that you claim is infringing and that you request us to remove;

  4. Sufficient information to permit us to locate such material;

  5. Your address, telephone number, and email address;

  6. A statement that you have a good faith belief that use of the objectionable material is not authorized by the copyright owner, its agent, or under the law; and

  7. A statement that the information in the notification is accurate, and under penalty of perjury, that you are either the owner of the copyright that has allegedly been infringed or that you are authorized to act on behalf of the copyright owner.

Cresconova’s Copyright Agent to receive DMCA Takedown Notices is Katie Kelly, at katie.kelly@cresconova.org and at Cresconova, Attn: DMCA Notice, 8 The Green, Ste. B Dover, Delaware 19901 USA. You acknowledge that for us to be authorized to take down any content, your DMCA Takedown Notice must comply with all the requirements of this Section. Please note that, pursuant to 17 U.S.C. § 512(f), any misrepresentation of material fact (falsities) in a written notification automatically subjects the complaining party to liability for any damages, costs and attorney’s fees incurred by Cresconova in connection with the written notification and allegation of copyright infringement. 


ANTI-BRIBERY COMPLIANCE

Cresconova represents and warrants that it is fully aware of and will comply with, and in the performance of its obligations hereunder will not take any action or omit to take any action that would cause it or its customers to be in violation of, (i) U.S. Foreign Corrupt Practices Act, (ii) U.K. Anti-Bribery Act, (iii) India Prevention of Corruption Act of 1988, or (iv) any other applicable anti-bribery statutes and regulations, and (v) any regulations promulgated under any such laws.  Company represents and warrants that neither it nor any of its employees, officers, or directors is an official or employee of any government (or any department, agency or instrumentality of any government), political party, state owned enterprise or a public international organization such as the United Nations, or a representative or any such person (each, an “Official”).  Company further represents and warrants that, to its knowledge, neither it nor any of the Supplier Personnel has offered, promised, made or authorized to be made, or provided any contribution, thing of value or gift, or any other type of payment to, or for the private use of, directly or indirectly, any Official for the purpose of influencing or inducing any act or decision of the Official to secure an improper advantage in connection with, or in any way relating to, (A) any government authorization or approval involving Cresconova,, or (B) the obtaining or retention of business by Cresconova.  Supplier further represents and warrants that it will not in the future offer, promise, make or otherwise allow to be made or provide any payment and that it will take all lawful and necessary actions to ensure that no payment is promised, made or provided in the future by any of the Supplier Personnel.  


CONTACT US 

To ask questions or comment about this Privacy Policy and our privacy practices, contact us at:

  • Privacy Officer, Katie Kelly

  • Email: katie.kelly@cresconova.org

  • Address: Cresconova Academy, Inc. 8 The Green, Ste. B Dover, Delaware 19901 USA

PLEASE NOTE: IF YOU USE OUR WEBSITE OR PLATFORM, YOU HAVE AGREED TO AND ACCEPTED THE PRACTICES DESCRIBED IN THIS PRIVACY POLICY AND THE TERMS AND CONDITIONS SET FORTH IN OUR TERMS OF USE OR OUR TERMS OF SERVICE, AS APPLICABLE.  IF YOU DO NOT AGREE WITH THE TERMS OF THIS PRIVACY POLICY OR OUR TERMS OF SERVICE, PLEASE DO NOT USE OUR WEBSITE OR PLATFORM.