Alegra Learning Privacy Policy

Effective Date: August 23, 2022

Thank you for visiting us at the Joy School application, which is owned and operated by Alegra Learning, Inc. (“Company,” “we,” “our,” or “us”). We welcome you and hope you find our application and the related subscription services we provide (collectively, the “Services”) helpful and useful. We always seek to improve our Services to you, and that requires that we collect, store, share, and use information about you and your usage preferences. As we do so, we are absolutely committed to protecting your privacy and the security of your personal information. To that end, we have implemented this Privacy Policy to help you understand not only what Data we collect, store, share, and use, but how and why.

In this Privacy Policy, we use the word “Data” to describe all the information we collect that relates to you and your use of our Services. “Data” is broken into different categories, which we may refer to separately, but when we use the word “Data,” we mean all the different categories described in this Privacy Policy.

CONSENT

By accessing or using the Services, you consent to our use of your Data as described in this Privacy Policy. You may withdraw this consent at any time. However, in some cases, this may result in your inability to receive full access to the Services, and your withdrawal of consent does not limit our ability to use the Data that has been aggregated and anonymized for use by us in connection with our legitimate business efforts in the future. In other words, to the extent the Data is not personally identifiable to you, we may use the Data to help us in our legitimate business interests in the future.

CHILDREN

The Services are directed generally to children 2-12 years old and occasionally continuing on up to children age 13 and older. We only gather information about those children that is strictly necessary for us to effectively provide the Services, and then only with permission from a parent, guardian, or teacher. We do not use cookies or other tracking technologies on student users. We will never sell student information under any circumstances. We never make Data from a child available publicly. If you believe that we have published Data from a person under 13, please contact us at support@joyschoolenglish.com.

INFORMATION WE COLLECT AND HOW WE USE IT

In the course of our relationship with you, we gather different categories of Data. We always have a lawful basis for gathering the Data, but that lawful basis might be different for different categories. Regardless, we never use the Data for any purpose other than the purpose for which we gathered the Data in the first place. This section of our Privacy Policy describes the categories of Data we collect, the lawful basis for collecting that Data, and the uses we make of that Data.

A. Registration Data

1. Data Description: Registration Data consists of the name, e-mail address, and other contact information you provide us using the Services, both when you register your account and thereafter. Registration Data also includes your username, membership type (e.g., ad-supported or paid “Rockstar” membership), and membership end date.
2. Lawful Basis for Processing: Our lawful basis for processing Registration Data is our contract with you. We can only provide the Services to you if we have the Registration Data, so we need to store and access that Registration Data during the term of our contract.
3. How We Use It and Who We Share It With: Registration Data is accessible only by us. We use it only to provide the Services to you. At times, we will share the Registration Data with third parties at your request or to fulfill requests that you make to us.

B. Personal Data

1. Data Description: Personal Data consists of all the personal information you input using the Services other than the Contact Data. It might include, for example, your age, interests, or requests you may submit using our contact forms. It could also include indirect identifiers such as an email, IP address, and other technical information (that isn’t considered “personal.”)
2. Lawful Basis for Processing: Our lawful basis for processing Personal Data is (1) our contract with you and (2) our legitimate interest in improving our Services based on the Personal Data we receive from you.
3. How We Use It and Who We Share It With: Your Personal Data is accessible only to us and to you. We do not share it with third parties, except at your specific request, but we may use Personal Data to make inferences that help us provide and improve the Services. We may also use Personal Data in an aggregated format that is not identifiable to any individual, and that aggregated information belongs solely to us. To the extent we are required to delete any Personal Data about you, we may still retain aggregated and anonymized information that may have originated as your Personal Data.      

C. Usage Data

1. Data Description: Usage Data consists of the following:

• Information about your interactions with the Services which includes the date and time of any requests you make, lessons and content you access, materials you create, video content you’ve watched, and your interactions with other users. This also may include details of your use of Third-Party Applications and advertising you receive. We do not sell personal information, nor do we collect, use, or share such information for any purposes beyond the authorized educational or school purposes, or as authorized by the student or parent. We only share student information with third parties that agree to comply with our privacy policy. We therefore assume all responsibility for the privacy, information, or other practice of any third parties or other products and services used in connection with our services. 
• Information you post to the Services including messages you send and/or receive via the Services and your interactions with our customer service team.
• Technical data which may include URL information, cookie data, your IP address, the types of devices you are using to access or connect to the Services, unique device IDs, device attributes, network connection type (e.g. WiFi, 3G, LTE, Bluetooth) and provider, network and device performance, browser type, language, information enabling digital rights management, operating system, and application version.

• Motion-generated or orientation-generated mobile sensor data (e.g. accelerometer or gyroscope) required for the purposes of providing specific features of the Services to you.

1. Lawful Basis for Processing: Our lawful basis for processing Usage Data is (1) our contract with you and (2) our legitimate interest in improving our Services based on the Usage Data we receive from you.
2. How We Use It and Who We Share It With: Usage Data is accessible to us and to you. We do not share it with third parties, except at your specific request, but we may use Usage Data to make improvements to the Services. We may also use Usage Data in an aggregated format that is not identifiable to any individual, and that aggregated information belongs solely to us. To the extent we are required to delete any Usage Data about you, we may still retain aggregated and anonymized information that may have originated as your Usage Data.      

D. Payment Data

1. Data Description: Payment Data is the information necessary for us to process your payments for premium Services. Payment Data will vary depending on the payment method you use (e.g. direct via your mobile phone carrier or by invoice) but will include information such as:

• Name;
• Date of birth;
• Credit or debit card type, expiration date, and certain digits of your card number;
• Address and postal code; and
• Mobile phone number      

2. Lawful Basis for Processing: Our lawful basis for processing Usage Data is (1) our contract with you and (2) our legitimate interest in improving our Services based on the Usage Data we receive from you.

3. How We Use It and Who We Share It With: We only use Payment Data to facilitate payment, and we only communicate it to those parties who are strictly necessary for that purpose.

E. Supplemental Mobile Data

1. Data Description: Supplemental Mobile Data consists of the following:

• Your precise mobile device location - If you give us permission to access your precise location, this enables us to access your GPS or Bluetooth to provide location-aware functionality in the Services. Please note that this does not include your IP address. We use your IP address to determine non-precise location, for example, what country you are in to comply with our licensing agreements;
• Your voice data - If you give us permission, this enables us to access the voice commands captured via your device microphone to enable you to interact with the Services with your voice. Please note you will always have the ability to turn off the microphone feature; and,
• Your contacts - If you give us permission to access your contacts, this enables us to access individual contacts stored on your device to help you find friends who use the Services.
• The Alegra user profile includes age, gender, and other personal characteristics use for the purpose of delivering certain features. We do not create or keep student profiles for non-educational purposes.
• Your photos and videos - If you give us permission to access your photos, movies, or camera, we will only access images or videos that you specifically choose to share with us and metadata related to those images, such as the type and size of the file. We will never scan or import your photo or video library or camera roll.

2. Lawful Basis for Processing: Our lawful basis for processing Supplemental Mobile Data is (1) our contract with you and (2) our legitimate interest in improving our Services based on the Supplemental Mobile Data we receive from you.

3. How We Use It and Who We Share It With: We only use Supplemental Mobile Data when you specifically authorize it, and we only share it with those parties who are strictly necessary for the purpose you have authorized.

SHARING YOUR INFORMATION

Except where a specific limitation is noted above, we may share your Data as follows.

1. At Your Instruction. If you request us to make your Data available to a third party, and such request furthers the purposes of our Services, we will do so.
2. Sharing with Vendors and Service Providers. In certain cases, we use the services of third- party vendors and service providers to assist us in providing the Services. We may share your Data with such vendors and service providers solely for that purpose, and we will require those parties to abide by our privacy policies.
3. Third-Party Offers. We may allow other companies to offer you their products and services, including offers through our Services, co-branded pages hosted by the third parties, or via email. Whether or not you decide to participate in any such offers is up to you. If you purchase a product or service on a co-branded page, or via a third-party offer on our Services that requires you to submit financial and personal information, you are also consenting to our delivery of this information to that party. The offer will notify you if any financial or personally identifiable information will be shared. Such third party will be authorized to use this information in keeping with our contractual relationship with them and in accordance with their own privacy policy and information practices. We do not control these third parties and you agree that we are not liable for their acts, or any failure to act on their part.
4. Service Providers. We may sometimes use a third party to provide specific Services on our behalf, including sending e-mails to our members, conducting member surveys, processing transactions or performing statistical analysis of our Services. In these cases, we may provide certain personal information, such as your name and e-mail address and other financial information necessary for the service to be provided. However, these third parties are required to maintain the confidentiality of this information and are prohibited from retaining, sharing, storing or using this information for any other purposes.
5. Business Transitions. In the event that we go through a business transition, such as a merger, acquisition, liquidation or sale of all or a portion of our assets, the information we have about you will, in most instances, be part of the assets transferred. In the event of such a transfer, we are committed to doing so only with entities that agree to act in accordance with Pledge principles (or allow users a choice to send information to the future entity or have their information deleted).
6. Legal Disclosure. We may disclose your Information if required to do so by law or in the good faith belief that such action is necessary to conform to applicable law, comply with a judicial proceeding, court order or legal process served on us, protect and defend our rights or property, or investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, or violations of our terms of service.
7. Publicly Disclosed Data. Certain items of Data are always publicly available, such as your username, people who follow your playlists, and the playlists you follow.      

If we ever plan to use any Data in the future for any other purposes not identified above, we will only do so after obtaining your specific consent.

TECHNOLOGIES WE USE

The technologies we use for automatic Data collection may include the following:

• Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of our Services. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Services.
• Flash Cookies. Certain features of our Services may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from and on our Services. Flash cookies are not managed by the same browser settings as are used for browser cookies.
• Web Beacons. Pages of the Services and our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs. pixel tags and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an e-mail and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
• Web Services. We may use various third-party web services to transmit and store information related to the Services. We ensure that the web services we use comply with the same standards of privacy and security that we observe.

YOUR CHOICES REGARDING OUR USE AND DISCLOSURE OF YOUR DATA

If you wish to opt-out of our sharing of your information with third parties for the third parties’ direct marketing purposes, please follow the instructions below.  

1. Receiving electronic communications from us: If you no longer want to receive marketing- related emails from us on a going-forward basis, you may opt-out of receiving these marketing- related emails by sending a request for list removal to support@joyschoolenglish.com.
2. Our sharing of your Data with unaffiliated third parties for their (or their customers') direct marketing purposes: If you would prefer that we do not share your information on a going-forward basis with unaffiliated third parties for their direct marketing purposes, you may opt-out of this sharing by emailing support@joyschoolenglish.com from the email that you have signed up or used in receiving the Services.
3. Any other disclosure of your Data: Except as provided in this Privacy Policy regarding anonymized and aggregated Data and except for Data that is processed by us pursuant to a lawful basis based on our legitimate interests and contracts with you, you may instruct us to cease disclosure or use of your Data by contacting us at support@joyschoolenglish.com .      

We will try to comply with your request(s) as soon as reasonably practicable. Please also note that if you do opt-out of receiving marketing-related emails from us, we may still send you messages for administrative or other purposes directly relating to your use of the Services, and you cannot opt-out from receiving those messages.

California’s “Shine the Light” law, Civil Code section 1798.83, requires certain businesses to respond to requests from California customers asking about businesses’ practices related to disclosing personal information to third parties for the third parties’ direct marketing purposes. Alternatively, such businesses may have in place a policy not to disclose personal information of customers to third parties for the third parties’ direct marketing purposes if the customer has exercised an option to opt-out of such information- sharing. If you wish to opt-out of our sharing of your information with third parties for the third parties’ direct marketing purposes offline, please follow the instructions in this Privacy Policy.

SECURITY AND PRIVACY FOR EU RESIDENTS

The General Data Protection Regulation made effective in Europe on May 25, 2018 (“GDPR”) requires that we clearly describe to data subjects the data we collect and how we use that data. This Privacy Policy does that, and we hope that if you have any questions for us regarding our data collection, you will write us at support@joyschoolenglish.com .

The GDPR also requires that we have a lawful basis for our processing of any personal data about an individual residing in Europe. For an individual browsing our website or otherwise accessing our Services, our lawful basis is our legitimate interest in providing the Services to you in the manner that you desire, and all the Data that we collect from such individuals will be used only for those purposes, as described in this Privacy Policy. For an individual purchasing Products from us, our lawful basis is the contract under which you purchase Products, and the Data we collect from such individuals will be used only in connection with our contractual relationship with you and only in a manner that furthers the purposes of that contractual relationship, as set forth in this Privacy Policy.

For employees and other authorized users operating in their role as administrators or users of our services, our lawful basis is the legitimate interest we have in providing the services to you.

In turn, you, your employees, and your other authorized users agree to be bound by the provisions of the GDPR with respect to any personal data (“Data”) with which you come in contact using Services,

including without limitation the personal data belonging to individuals with whom you communicate or whose personal data you access using the Services. Specifically, you agree that you, your employees, or other authorized users will:

A. Never access, process, transfer, view, use, or store any Data of any third party without express authorization, and then only for purposes directly related to fulfilling your contractual obligations under your agreement with any third party (“Data Secrecy”);

B. Keep all Data strictly confidential and disclose Data only on a strict need-to-know basis to other employees or authorized users only as required for fulfilling an individual’s contractual obligations (“Confidentiality”); however, you agree that you shall not disclose or otherwise make accessible Data under any circumstances to anyone who has not been obliged to Data Secrecy and Confidentiality.

C. Ensure that your obligations of Data Secrecy and Confidentiality are observed forever, both during and after the expiration and/or termination of any agreement with us or any contractual relationship you may have with an employer or other party.

D. Upon our request to provide Company