Last Revised: September 18, 2020
PERSONAL INFORMATION COLLECTED THROUGH PLATFORM
"Personal information" is any information which is related to an identified or identifiable natural person. We do not collect any personal information about you when you visit our Platform unless you register for an account. When you register for an account, we will collect the following personal information from users of the Platform.
Information Collected From Teachers: first name, last name, grades taught, email, phone number, team name, school name, and date of birth.
Information Collected From School Directors/Principals: first name, last name, email, phone number, school name, and date of birth.
Information Collected From Parents of Students: first name, last name, email, phone number, date of birth, and information on participating child/student.
Information Collected From Students:
- users under 13 from all parts of the worlds except the EU and EEA areas
- users 13 and above all parts of the worlds except the EU and EEA areas
- users under 16 from the EU and EEA areas
- users 16 and above from the EU and EEA areas
- first name
- conditions apply1
- conditions apply1
- last name
- conditions apply1
- conditions apply1
- conditions apply2
- conditions apply2
- conditions apply2
- conditions apply2
- game data
- school name
- phone number
1first and last name of minors can be collected under the condition that a particular school or educational institution either (a) signs an agreement with Let'sMod authorizing Let'sMod to collect personal information of such minors, or (b) obtains Google Accounts for its students in order to authenticate them on the Platform through Google Single Sign-On (SSO).
2age information is collected upon sign-in, however, it is not stored in our servers; it is only saved in the browser session of the user.
NON-PERSONAL OR AGGREGATE INFORMATION WE MAY COLLECT
We, or any third party that helps us provide the Platform, may collect data which is anonymous and pseudonymous. When you visit the Platform, the following data is automatically collected and stored:
- The IP address, from which you access the Internet;
- The date and time when you access the Platform;
- The pages you visited (recorded by the text and graphics files that compose the page).
We only use information about you to support your experience throughout the Platform or to communicate with you about the Platform or other products or services we may offer in the future. In particular, we collect information about you to:
- help us identify which services are most or least interesting to you;
- monitor the Platform performance;
- recognize you as a registered user of the Platform;
- verify your identity;
- respond to your inquiries or requests;
- conduct market research;
- allow our partners and third party vendors (including payment processing, marketing and shipping companies) to help us run our business smoothly;
- comply with all applicable laws or if we are required by law or by a court order to do so;
- analyze non-personal or aggregate information for Platform improvement;
- transfer information in connection with the sale or merger or change of control of Let'sMod. We reserve the right to use and disclose non-personal information and anonymous aggregate statistics for any purpose and to any third party at our sole discretion.
If you leave any feedback or suggestions ("Feedback") via the Platform or in an email to us, you hereby assign to Let'sMod all rights in the Feedback and agree that Let'sMod shall have the right to use such Feedback and related information in any manner it deems appropriate. We will treat any Feedback you provide to us as non-confidential and non-proprietary. You agree that you will not submit to us any information or ideas that you consider to be confidential or proprietary.
WHEN WE MAY SHARE YOUR INFORMATION
We do not sell, rent or lease personal information of Platform users to third parties, however, we may use third-party consultants, tools, or software for conducting statistical analysis of aggregated, non-personal information. Such information does not identify you individually.
Personal information of students as well as their progress will be shared with teachers and parents/legal guardians of such students. Principals of schools will get only non-personal, aggregate information.
We keep all collected information confidential except where disclosure is enforced or required by law, or as part of the requirement to protect our rights and intellectual properties. Specifically, Let'sMod may disclose your personal information, without notice, if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the edicts of the law or comply with a legal process served on Let'sMod; (b) protect and defend the rights or property of Let'sMod; and/or (c) act under exigent circumstances to protect the personal safety of users of Let'sMod, or the public.
We may sell, transfer or otherwise share some or all of our assets, including your personal information, in connection with a merger, acquisition, reorganization or sale of assets or in the event of bankruptcy.
Let'sMod may use "cookies" to help you personalize your online experience.
The security of your information is very important to us. We apply all reasonable security measures and comply with the industry standards to protect your personal information (including, preventing the loss, misuse, unauthorized access, disclosure, alteration and destruction of your personal information). Notably, on our end, access to the Platform's database with your personal information is held behind administrative logins and managed, controlled and limited to authorized website administrators and support technicians only. Data transmitted between browser and application servers is encrypted using an HTTPS/SSL certificate. We do not collect or store your passwords. We use XSRF against cross-domain attacks. Data is backed up daily. Our server's software is updated regularly to ensure we are running the latest and safest software (where applicable and depending on compatibility). The server's firewall is configured to prevent unauthorized access, and activity is automatically monitored to detect and ban malicious activity.
Please be aware, however, that despite our efforts, no security measures are impenetrable. No method of transmission over the Internet, or method of electronic storage, is 100% secure. Thus, while we strive to protect your personal information, we cannot ensure and do not warrant the security of any information you transmit to us.
When you use your login credentials on our Platform, you are solely responsible for keeping them confidential. Do not share them with anyone. If you believe your password has been misused, please contact us immediately. You are also responsible for the security of your personal devices and for making sure they are protected against unauthorized access.
If you believe that your privacy has being compromised during your access to this Platform, log out from your account and close all tabs and windows you are browsing our Platform with.
WE DO NOT RESPOND TO DO NOT TRACK SIGNALS
Our Platform does not respond to and does not support the Do Not Track (DNT) header request field. If you turn DNT on in your browser, those preferences will not be communicated to us in the HTTP request header, and we will continue tracking your browsing behavior.
MINORS (CHILDREN) POLICY: MINIMUM AGE REQUIREMENT
We comply with the strictest laws that protect privacy of minors. Therefore, in order to register for an account on the Platform you must meet our minimum age requirements or obtain verifiable consent of your parent or legal guardian.
The minimum age requirement for:
- the residents of all countries except the EU and EEA areas is set to 13 ( in compliance with COPPA and LGPD);
- the residents of the EU and EEA areas is set to 16 (in compliance with GDPR).
Minors not meeting these age requirements may register for an account on the Platform only with the consent of a parent or a legal guardian (see exemption below). We do not knowingly collect or solicit personal information from anyone under these minimum age thresholds. If you are under these minimum age thresholds, please do not send or share any information about yourself to us, or other users of the Platform, including your name, address, telephone number, or email address. In the event that we learn that we have collected personal information from an individual under the minimum age thresholds without the consent of a parent or legal guardian, we will delete that information as quickly as possible.
Exemption: Should a school authority obtain Google Accounts for its students, such students will be able to sign in to the Platform using Google Single Sign-On (SSO) service without the consent of their parents or legal guardians. Google provides tokens to Let'sMod that allow Let'sMod to sign students in. Every time a student uses such Google SSO to sign in to the Platform, such student is being authenticated by Google.
OPPA; FERPA; CSPC
Let'sMod is in strict compliance with Children's Online Privacy Protection Rule (COPPA), Family Educational Rights and Privacy Act (FERPA) and California Student Privacy Certified (CSPC). The Platform went through a certification process administered by iKeepSafe, an organization which assesses providers' compliance with federal and California laws governing student data privacy.
LINKS TO OTHER THIRD PARTY WEBSITES
YOUR RIGHTS UNDER GDPR
The European General Data Protection Regulation ("GDPR") is a regulation in EU law on data protection and privacy for all individuals accessing websites from the European Union and the European Economic Area. It also addresses the transfer of personal data outside the EU and EEA areas. Our collection, processing and protecting of personal information of those who access the Platform from a European country, is compliant with GDPR.
If you are accessing and using the Platform from the European Union and the European Economic Area, you have the following rights with regard to your personal information:
- the right of access (you can request us to provide you verbally or in writing the type of information we store about you and we have a month to respond to your request);
- the right to rectify (amend/correct) any personal information about you that is inaccurate;
- the right to erasure (some conditions apply, see Data Retention section below);
- the right to restrict processing your personal information, however, if you restrict us from processing a part of your personal information that is essential to our provision of the Platform, you may be asked to stop using the Platform;
- the right to data portability (the right to data portability allows users of the Platform to obtain and reuse their personal information for their own purposes across different services; you may request us to transmit your personal information directly from our servers to another company's servers and we will do so if it is technically feasible);
- the right to object (for example, you have an absolute right to stop us from using your personal information for direct marketing - read our opt-out instructions below; you may express your objection verbally or in writing and we have a month to respond to any such objection; we might still continue processing your personal information if we are able to show that we have a compelling reason for doing so);
- the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or that affects you significantly. If you would like to exercise any of the above rights, please send an email to: firstname.lastname@example.org
We represent and warrant that your personal information is:
- processed lawfully, fairly and transparently;
- collected only for specific legitimate purposes;
- collection of personal data is adequate, relevant and limited to what is necessary;
- accurate and kept up to date (with your help);
- stored only as long as is necessary; and
- is secure and kept in confidence.
Data Retention: Generally, your personal information will be erased when (i) it is no longer needed for its original processing purpose, (ii) you withdraw your consent for us to store by deleting your account, (iii) there is no preferential justified reason for the processing of your personal information and you object to our processing of your personal information, or (iv) erasure of your personal information is required in order to fulfil a statutory obligation under the EU law or the right of the EU Member States. Therefore, we will make sure your personal information will be erased under all of the above-mentioned circumstances. You may request us to erase your personal information verbally or in writing and we have one (1) month to respond to any such request.
Data Breach Noticiation: Should there be a personal data breach leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed, we will notify you and appropriate supervisory authority without undue delay and, where feasible, not later than seventy-two (72) hours after having become aware of it.
YOUR RIGHTS UNDER CCPA
The California Consumer Privacy Act ("CCPA") is a state-wide data privacy law that regulates how businesses all over the world are allowed to handle the personal information of California residents. CCPA provides California residents with five core rights to data privacy and an effective way to control their personal information.
If you are a California resident, you have the following rights with regard to your personal information:
- the right to know what personal information is being collected about you.
- the right to know whether your personal information is sold or disclosed and to whom.
- the right to say no to the sale of personal information ("the right to opt out") -- Let'sMod does not sell personal information ;
- the right to access your personal information (under CCPA, a business may provide personal information to a consumer at any time, but shall not be required to provide personal information to a consumer more than twice in a 12-month period).
- the right to equal service and price, even if you exercise your privacy rights. Additionally, a California consumer has the right to request that a business delete any personal information about the consumer which the business has collected from the consumer. However, a business or a service provider shall not be required to comply with a consumer's request to delete the consumer's personal information if it is necessary for the business or service provider to maintain the consumer's personal information in order to:
- complete the transaction for which the personal information was collected, provide a good or service requested by the consumer, or reasonably anticipated within the context of a business's ongoing business relationship with the consumer, or otherwise perform a contract between the business and the consumer;
- detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity;
- debug to identify and repair errors that impair existing intended functionality;
- exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law;
- comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code;
- engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the businesses' deletion of the information is likely to render impossible or seriously impair the achievement of such research, if the consumer has provided informed consent;
- enable solely internal uses that are reasonably aligned with the expectations of the consumer based on the consumer's relationship with the business;
- comply with a legal obligation;
- otherwise use the consumer's personal information, internally, in a lawful manner that is compatible with the context in which the consumer provided the information. Conflict resolution under CCPA: Prior to initiating any action against a business for statutory damages on an individual or class-wide basis, a California consumer shall provide a business 30 days' written notice identifying the specific provisions of this title the consumer alleges have been or are being violated. In the event a cure is possible, if within the 30 days the business actually cures the noticed violation and provides the consumer an express written statement that the violations have been cured and that no further violations shall occur, no action for individual statutory damages or class-wide statutory damages may be initiated against the business. Contact us should you need to exercise any of your rights under CCPA.
YOUR RIGHTS UNDER LGPD
Lei Geral de Proteção de Dados ("LGPD") is the Brazilian general data protection law, which applies to businesses that process the personal data of users located in Brazil. LGPD establishes rules on collecting, handling, storing and sharing of personal data managed by organizations.
According to the article 18 of LGPD, individuals have the following nine rights over their data processing:
- The right to receive a confirmation about processing of their personal data;
- The right to access their personal data;
- The right to correct incomplete, inaccurate or out-of-date personal data;
- The right to anonymize, block or delete unnecessary or excessive data or data processed in noncompliance with the provisions of LGPD;
- The right of portability of the data to another service or product provider, by means of an express request and subject to commercial and industrial secrecy, pursuant to the regulation of the controlling agency;
- The right to delete their personal data;
- The right to know who their data is being shared with (e.g., third parties, sub-processors, public, and private entities);
- The right to know how to deny consent and what would be the consequences of denying consent to collect personal data; and
- The right to revoke consent.
EMAIL MARKETING OPT-OUT OPTION
14575 Horseshoe Dr.,
Saratoga, CA 95070