Last Updated: 21/05/2021
1. General information
Each of the EE American Entities, with its registered office in Ridgefield, Connecticut, United States of America, is established under the laws of the State of Delaware, the United States of America. EE Poland, with its registered office in Kamieniec Wroclawski, Poland is established under the laws of the Republic of Poland. You can find full Explain Everything contact details here: http://explaineverything.com/contact/.
Because EE Parent, EE Discover, EE Sales and EE Poland jointly determine the purposes and means of processing personal data in connection with the Service, they shall be joint controllers as defined in the European General Data Protection Regulation 2016/679 (“GDPR”). Moreover, the EE American Entities designate EE Poland as their representative in the EU. The representative shall be mandated by the joint controller to be addressed in addition to or instead of the joint controller by, in particular, supervisory authorities and data subjects, on all issues related to processing, for the purposes of ensuring compliance with the GDPR.
Explain Everything may use tools or third party analytical software to automatically collect and use certain non-personal information that does not directly enable Explain Everything to identify you. The types of non-personal data Explain Everything may collect and use include, but are not limited to: (i) device properties, including, but not limited to IP address, Media Access Control (“MAC”) address and unique device identifier or other persistent or non-persistent device identifier (“Device ID”); (ii) device software platform and firmware; (iii) mobile phone carrier; and (iv) other non-personal data as reasonably required by Explain Everything to enhance the Service. Behavioral data related to application usage information may be tracked to determine which features are most popular, how they are being used, and how we can improve the applications and Service. In the process of de-identification of behavioral data that is aggregated for statistical analysis we remove information about user’s login and any device identifiers. The third party solutions that Explain Everything uses are not authorized to access user’s information or identify a user based on the scope of contained data they hold.
You recognize and agree that the analytics companies utilized by Explain Everything may combine the information collected with other information they have independently collected from other services or products relating to your activities. These companies collect and use information under their own privacy policies.
Explain Everything complies with the GDPR at the collection, use, and retention of personal information from European Union member countries. Explain Everything ensures that the recipient of your personal information has an adequate level of data protection required by the GDPR, for instance by entering into the appropriate data processing agreements and, if required, standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council as approved by the European Commission . In the case of third-country transfers, a copy of the relevant Standard Contractual Clauses can be obtained by contacting us via e-mail support@explaineverything. The third-country transfer is based on the art. 46(2)(c) of the GDPR.
2. Privacy Shield
Explain Everything is aware that the Privacy Shield is no longer a valid mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States in light of the 16th July 2020 judgement issued by the Court of Justice of the European Union (case C-311/18). However, Explain Everything remains to be a part of Privacy Shield environment, to demonstrate a serious commitment to protect personal information in accordance with a set of privacy principles that offer meaningful privacy protections and recourse. Explain Everything transfers only encrypted data to the US and has conducted Transfer Impact Assessment to apply the most appropriate technical measures as stipulated in above mentioned case C-311/18 and EDPB Recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data adopted on 10 November 2020. Explain Everything may be obliged to disclose some personal data if a legitimate public authorities request that on the ground of national security or law enforcement requirements.
In compliance with the Privacy Shield Principles, Explain Everything commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Explain Everything at: firstname.lastname@example.org. Explain Everything will respond to your complaint within 30 days.
Explain Everything has further committed to refer unresolved Privacy Shield complaints to EU data protection authorities, that are alternative dispute resolution providers. In case that you are unsatisfied with Explain Everything’s response to your complaint you can contact your local data protection authority that will investigate your complaint and Explain Everything’s response at no cost to you. Explain Everything identifies EU data protection authorities as an independent recourse mechanism to any Privacy Shield complaints. You can also contact the U.S. Department of Commerce or Federal Trade Commission located in the United States if you do not receive timely acknowledgment of your complaint from Explain Everything or if Explain Everything has not addressed your complaint to your satisfaction. In case that you choose an arbitrator to handle your complaint not resolved by Explain Everything rewardingly, each Party will be responsible for its own attorney’s fees. You should note that an arbitrator can only impose individual-specific, non-monetary, equitable relief necessary to remedy any violation of the Privacy Shield Principles with respect to the individual filing the complaint.
We, in Explain Everything, would like to stress that we do not identify the Privacy Shield as a mechanism of transatlantic data transfer compliant with the General Data Protection Regulation.
3. Children’s Personal Information
Explain Everything collects limited Personal Information from students (“Children’s Personal Information“) only when that student’s school, district, and/or teacher has contracted with Explain Everything to collect Children’s Personal Information from students for the use and benefit of the learning environment.
Children under 13 years old are not allowed to create an account without a parent or guardian’s permission. We recommend that minors over the age of 13 ask their parents for permission before sending any information about themselves to anyone over the Internet. Personal Information for account creation may include username and email address. Personal Information for billing and administrative contacts may include name, address, phone number, and email address.
Please note that an environment using Explain Everything group accounts has an option to switch off even this limited Personal Information collection entirely, so that user email addresses are not required to create an account.
We require schools, districts, and/or teachers to obtain parental consent from students’ parents before collecting any such Children’s Personal Information. The collection occurs during the creation of a student’s account, either by student himself or by a Group Administrator. If you are a student, please do not send any Children’s Personal Information about yourself to us, other than what we request from you when you sign up for the Service. In the event that we learn that we have collected Children’s Personal Information from a student without parental consent being obtained by his or her school, district, and/or teacher, or if we learn a student has provided us Children’s Personal Information beyond what we request when he or she signs up for the Service, we will delete that information as quickly as possible. If you believe that a student may have provided us Children’s Personal Information beyond what is requested when signing up for the Service, or that a student’s school, district, or teacher has not obtained parental consent, please contact us.
Hereinafter, references to “Personal Information” shall apply to personal information of individual Service users who are not student registrants. References to “Children’s Personal Information” shall only apply to personal information of student users of the Service. General references to “information” shall apply to all users.
4. Information Collection and How it is Used
We collect information that is sent to us automatically by your Web browser. This information typically includes your IP address, the name and version of your operating system, the name and version of your browser, the date and time of your visit and the pages on this Site you visit. Please check your browser if you want to learn what information your browser sends or how to change your settings. This information does not identify you personally. Generally, we use this information to improve this Site and make it more compatible with the technology used by our visitors. However, we may link information sent by your browser to information that identifies you personally. For example, if you are a registered member, we may link your IP address to information that identifies you personally. In addition, if we suspect criminal activity, we may share our server logs with the appropriate investigative authorities who could use that information to trace and identify you.
If you have supplied us with your email address, we may occasionally send you an email to tell you about new features, ask for your feedback, or just keep you up to date with what’s going on with Explain Everything and our products. If you would prefer not to receive marketing or promotional emails from us that may relate, for example, to new services or offerings, you may opt-out of receiving these communications by using the opt-out mechanism in an email or by specifying your email communication preferences in your account settings. Following your opt-out, please be aware that we, or our affiliates, may continue to contact you via email for administrative or informational purposes, including, but not limited to, follow-up messages regarding the administration of your account, any services, features or functions you have affirmatively enrolled in or registered to use, any promotions or sweepstakes you have participated in or have entered, or other transactions you have undertaken on the Site.
5. How We Share Your Personal Information
Explain Everything will not rent or sell your Personal Information or Children’s Personal Information to anyone. However, we share your Personal Information and Children’s Personal Information as described below. Again, please note that references to “Personal Information” only apply to personal information of individuals who are not students.
You may choose to populate your user profile on the Service with Personal Information, including, without limitation, your name, photograph, and school affiliation. If you are a student, your user profile may only include your username (that might be generated and may have no relation to your real name). This user profile information will be displayed to other users to facilitate user interaction within the Service or facilitate interaction with the Company. However, please keep in mind that information (whether Personal Information or Children’s Personal Information or not) or content that you voluntarily disclose or otherwise publish (including User Submissions) through the Service becomes publicly available and can be collected and used by others, in accordance with the privacy settings you select in your account preferences. Your display name may be displayed to other users when you upload content, presentations, images or videos or send messages through the Service and other users can contact you through messages and comments. Any images, presentations, captions or other content that you submit to, or create on the Service (including User Submissions) may be redistributed through the Internet and other media channels, and may be viewed by the general public as permitted via the privacy settings.
Personal Information and Children’s Personal Information collected through the Site may be shared with companies and organizations that:
(i) need to know that information to perform services on our behalf (for example, companies that provide data management or other support services to us, such as data storage and Web hosting services as delineated in the Family Educational Right to Privacy Act (FERPA)), and
(ii) that have agreed not to disclose it to others. We will not use or disclose Children’s Personal Information collected through an educational/school service (whether personal information or otherwise) for behavioral targeting or advertisements to students.
Explain Everything does not acquire any user information from a third-party or vendors nor collect information from social or federated login providers.
The Company uses API integration for several third party services including Dropbox, Box, Evernote, and Google Drive. All user login information is collected and stored only by these third party cloud services. The Service does not store or access any login credentials for any third party services. Please refer to those companies’ privacy policies and terms of service if you have concerns or questions.
Explain Everything’s accountability for personal data that it receives and subsequently transfers to a third party is described in the GDPR and the Standard Contractual Clauses. In particular, Explain Everything remains responsible and liable if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the GDPR and the Standard Contractual Clauses, unless Explain Everything proves that it is not responsible for the event giving rise to the damage.
In case you obtain a business licence and you create material containing any personal data using our Service, then Explain Everything’s accountability for such personal data that it receives under the GDPR shall be as the processor of such personal data and you will remain the controller of such data. We will process such data in accordance with the provisions contained in our Terms of Service. These Terms, together with any applicable Data Processing Agreement, contain all of our representations and obligations as the data processor and – once accepted by you – constitute a Data Processing Agreement, as prescribed by art. 28 of the GDPR. The user rights under the GDPR are:
Access to data
You have the right to access the information that we collect to provide our services. You can do this using this form. We will make sure to provide you with a copy of the data we process about you. In order to comply with your request, we may ask you to give us some additional information that we will use to verify your identity. If you fail to provide such information and the information that you have already given to us is not sufficient to identify you, we may refuse to provide you with information. We will fulfil your request by sending your copy electronically, unless the request expressly specifies a different method. For any subsequent access request, we may charge you with an administrative fee.
Erasure and rectification of data
If you believe that the information we have about you is incorrect, you are welcome to contact us so we can update it and keep your data accurate. We will automatically delete information about you from our systems after it is no longer needed for the purposes it was collected. We will also cause your information to be deleted from any third-party system if we find that such third party is misusing your information. If at any point you wish for us to delete information about you, you can do this by contacting us using this form.
Withdrawal of consent
If processing of your data is based on consent, you have the right to withdraw your consent at any time. If you at any point wish to withdraw your consent, you can do this by contacting us using this form. Remember that withdrawal of consent will not affect the lawfulness of processing based on this consent before its withdrawal.
We do not use any information provided by you for the purposes of automated decision-making, including profiling.
Disclosure of your data
We guarantee that all your personal information is protected through our compliance with GDPR standards and any related restrictions protecting access to user data. All data is encrypted while in transit and all traffic is performed only through the SSL (https). We store the data on encrypted servers in AWS data centers fulfilling SOC 1, SOC 2 and SOC 3 standards. Explain Everything regularly verifies safety of user data with scheduled audits and tests. We will not make this information available to third parties in cases different than those specified below, unless you give us a permission to do so or unless such disclosure is necessary to comply with a legal obligation that is imposed on us.
We may disclose your data to entities located in countries outside of the European Economic Area, provided that such entities meet appropriate data protection standards in accordance with the GDPR.
We may share information that you provided us with while purchasing a license for our software with:
- payment processors, i.e. PayPal and Braintree, in order to be able to process and complete the payment process for your order;
- storage, computing and network distribution provides, such as Amazon AWS;
- providers of services necessary to send transaction-related and product-related information via email to the extent that such disclosure is necessary to automate, simplify and analyze these processes(MailChimp, Firebase);
- external accounting and bookkeeping services providers to the extent that such disclosure is necessary to have these services provided to us;
- our legal advisors to the extent that such disclosure is necessary to obtain legal advice or protect our rights in legal proceedings;
- governments and law enforcement authorities only if we are required to do so by law. We will always attempt to redirect the law enforcement agency or government to request any data directly from you. If compelled to disclose your data, we will promptly notify you and provide a copy of the demand.
Each third party solution provider has a contractual limit within data processing agreement, that regulates responsibilities and forbids re-identification or other use of data outside of scope described in this document. We will notify you with an update to this document if the context in which your information is processed would change. We may share personal information obtained in connection with your use of the Service only if required to do so by law or if necessary to protect our rights in legal proceedings. Additional information about the subprocessors we use to support delivery of the Service is set forth at List of Data Subprocessors.
If Explain Everything ever were to engage in any onward transfers of data with third parties for a purpose other than which it was originally collected or subsequently authorized, Explain Everything would provide an opt-out choice to limit the use and disclosure of personal data.
Explain Everything will notify you at the email address you provided to us in the event of a data breach or exposure of your personal data to unauthorized individuals.
7. Questions and Complaints
4 Danbury Rd. #425
Ridgefield, CT 06877
European Union customers should use following contact details for questions or concerns related to the GDPR:
Explain Everything sp z o.o.
55-079 Wrocław, Poland, EU