a. “Personal Data” and “Personal Identifiable Information” are data about an identified or identifiable individual. Personal Data may include your name, address, telephone number, credit card information, and any other information that is connected with you and may identify you personally.
b. “Processing” of Personal Data means any operation or set of operations which is performed upon Personal Data, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure or dissemination, and erasure or destruction.
c. “Controller” means a person or organization which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
d. “Agent” or “Processor” means any person or organization that processes Personal Data on Controller’s behalf.
e. “Customer” means the subscriber of or visitor to the Company’s Site or Apps, or otherwise accesses the Company’s Services.
3. COMPANY’S LAWFUL BASIS FOR PROCESSING YOUR PERSONAL DATA. Any use of your Personal Data must be for a lawful purpose. In Company’s case, the Personal Data requested from you (e.g., your name, address, email, billing information, etc.) is necessary for the entering into and the performance of the lawful contract between Company and you, under which terms, you may use and enjoy the Company’s Services. Company shall also use the information to promote its services within its subscription base and, with your permission, may share it with third party or affiliate companies interested in marketing similar products to you.
4. COMPLIANCE WITH THE EUROPEAN UNION’S GENERAL DATA PROTECTION REGULATION (GDPR). In keeping with Company’s commitment to comply with the various rules and regulations relating to safeguarding and protecting Personal Data it receives from its customers in the United States, in the European Union, and elsewhere, Company has chosen to undertake a good faith effort to comply the European Union’s GDPR and the obligations it imposes on controllers and processors of EU Personal Data, and to incorporate the privacy terms required for GDPR compliance herein.
6. PRIVACY PRINCIPLES ADHERED TO BY COMPANY PERSONNEL. Company will ensure that its personnel engaged in the processing of Customer Data and Personal Data (i) will process such data only on instructions from Customer, and (ii) will be obligated to maintain the confidentiality and security of such data even after their engagement ends. Furthermore, Company hereby complies with Privacy Shield's Notice Principle which requires Company to inform all participants of the Services about:
a. Its participation in the Privacy Shield (see Paragraph 5 above)
b. The types of personal data collected and the entities or subsidiaries of the organization also adhering to the Principles (see Paragraph 7(a) below)
c. Its commitment to subject to the Principles all personal data received from the EU and/or Switzerland in reliance on the Privacy Shield (see Paragraph 5 above)
d. The purposes for which it collects and uses personal information about them (see Paragraphs 3 and 7(b) below)
e. How to contact the Company with any inquiries or complaints (see Paragraph 17 below)
f. The type or identity of third parties to which it discloses personal information, and the purposes for which it does so (see Paragraph 7(d) below)
g. The right of individuals to access their personal data (see Paragraph 12 below)
h. The choices and means Company offers individuals for limiting the use and disclosure of their personal data (see Paragraph 9 below)
i. The independent dispute resolution body designated to address complaints and provide recourse free of charge to the individual, which in this case is an alternative dispute resolution provider based in the U.S. (see Paragraph 17(a) below)
j. Company being subject to the investigatory and enforcement powers of the FTC (see Paragraph 5 above).
k. The possibility, under certain conditions, for the individual to invoke binding arbitration (see Paragraph 17(b) below)
l. The requirement to disclose personal information in response to lawful requests by public authorities (see Paragraph 7(b) below)
m. Company's liability in cases of onward transfers to third parties (see Paragraph 7(b)(ii) below)
7. TYPES AND USES OF INFORMATION COLLECTED
i. TRAFFIC DATA COLLECTED (NON-PERSONAL IDENTIFIABLE INFORMATION). We automatically track and collect the following categories of information when you visit our Services: (1) IP addresses; (2) domain servers; (3) types of computers accessing the Services; and (4) types of web browsers used to access the Services (collectively “Traffic Data”). Traffic Data is anonymous information that does not personally identify you but is helpful for marketing purposes or for improving your experience on the Services. We also use “cookies” to customize content specific to your interests, to ensure that you do not see the same advertisement repeatedly, and to store your password so you do not have to re-enter it each time you visit the Services.
ii. PERSONAL IDENTIFIABLE INFORMATION COLLECTED. In order for you to access certain premium, services and to purchase products that we offer via our Services, we require you to provide us with certain information that personally identifies you. Personal Identifiable Information includes the following categories of information: (1) Contact Data (such as your name, mailing address, e-mail address, and, if you call our phone support service, your phone number); (2) Geographical Information (such as time zones, locales) (3) Financial Data (such as your account or credit card number, your Paypal email address, or your billing address); (4) Demographic Data (such as your zip code, age, and income); (5) Facebook Profile and ID (we access the first and last names and email address from customer’s public profile information); and Google Account Information (we access the first and last names and email address from customer’s public profile information) . If you communicate with us by e-mail, post messages to any of our chat groups, bulletin boards, or forums, or otherwise complete online forms, surveys, or contest entries, any information provided in such communication may be collected as Personal Information. If you choose to participate in one of our optional marketing research surveys, contests, or other promotional and marketing events at the site, the demographic information asked for (e.g., name, age, gender, and income level) will be collected and retained by us for marketing purposes as described below.
i. COMPANY USE OF INFORMATION. We act as a “Controller” of information we receive from you in that we use your Contact Data to send you information about our company or our products or services, or to provide you with promotional material from some of our partners, or to contact you when necessary. We use your Financial Data to verify your qualifications for certain products or services and to bill you for products and services. We use your Demographic Data to customize and tailor your experience on the Services, such as displaying content that we think you might be interested in according to demographic data and your expressed preferences.
ii. SHARING OF PERSONAL INFORMATION. We share certain categories of information we collect from you to the following parties for the following purposes:
· We share Demographic Data with advertisers and other third parties only on an aggregate (i.e., non-personally-identifiable) basis.
· We share Contact Data with other companies who may want to send you information about their products or services, unless you have specifically requested that we not share Contact Data with such companies.
· We also share Contact Data and Financial Data with our business processing partners who assist us by performing core services (such as hosting, billing, fulfillment, or data storage and security) related to our operation of the Services. Company may hire such third parties to provide certain limited or ancillary services on its behalf. Customer consents to the engagement of these third parties as Sub-processors.
· Contractual obligation of all entities with whom we share Personal Data to adhere to Privacy Principles. By express written agreement with Company, those entities who act as Controllers with whom we share Personal Data shall warrant and represent that they likewise comply with the same Privacy Principles as those required by GDPR, and shall take reasonable and appropriate measures to protect any shared data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in the processing and the nature of the Personal Data.
· Obligations of our business processing partners only. Our agreement with our business processing partners, or agents, provide that such Personal Data shared may only be processed for limited and specific purposes consistent with the consent provided by the customer, that they shall comply with the same level of privacy protection as provided by the Company, and that they will otherwise notify Company if the processor can no longer meet this obligation. In such an event, the agreement will stipulate that the processing partner will immediately cease the processing and shall take other reasonable and that Company shall take appropriate steps to remediate. The agreement shall further provide that, should an unauthorized breach occur involving their data security systems, our processing partners shall immediately inform Company.
c. Location and Retention of Customer Data. Unless otherwise expressed herein, the Personal Data collected by Company shall be kept in its central server and shall remain only as long as necessary to fulfill the requirements of the service agreement between Company and customer, or, with customer’s approval, in perpetuity, until customer requests its removal.
d. Summary of Data Recipients, Users, Purposes, and Retention Periods.
Recipient of Data
30 Day Lessons Inc.
Personal Information (name; phone number; email; address); Computer information (IP; Browser type); Demographic Information (zip code, age, income); Financial Information (credit card number, PayPal address, billing address); Geographical information (Locale, Time Zone); Facebook Profile; Google Profile
Information is necessary to effectuate the service agreement between Company and customer, for customer support, and to allow Company to promote and market the service within its customer base. Facebook and Google public profile information are accessed by Company only to record the “name” and “email” of customer, again for effectuating the agreement and for internal marketing.
Information shall be retained and used in its central server only as long as necessary to fulfill the requirements of the service agreement between Company and customer, or, with customer’s approval, in perpetuity, until customer requests its removal.
Mobile Advertising, Marketing, and Attribution Networks
Personal Information (email); Device information (IP; Device type, in-app events, advertising IDs); Geographical information (Locale, Time Zone);
Information is necessary to effectuate the service agreement between Company and customer, for customer support, and to allow Company to promote and market the service within its customer base.
Information shall be retained and used in its central server only as long as necessary to fulfill the requirements of the service agreement between Company and customer, or, with customer’s approval, in perpetuity, until customer requests its removal. Customer may also limit the sharing of this data.
8. DATA BREACH NOTIFICATION. If Company becomes aware of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Data or Personal Data while processed by Company (each a “Security Incident”), Company will promptly and without undue delay (1) notify Customer of the Security Incident; (2) investigate the Security Incident and provide Customer with detailed information about the Security Incident; (3) take reasonable steps to mitigate the effects and to minimize any damage resulting from the Security Incident. With respect to breach of Personal Data of citizens of the EU, Company shall comply with GDPR requirements and take immediate steps to notify the supervisory authority “without undue delay” and within 72 hours of discovering the breach, where feasible. Company’s obligation to report or respond to a Security Incident under this section is not an acknowledgement by Company of any fault or liability with respect to the Security Incident.
9. CUSTOMER’S CHOICES REGARDING USE OF INFORMATION; CUSTOMER’S RIGHT TO OPT-OUT. You may choose not to provide us with any Personal Information. In such an event, you may still access and use much of the Services, however, you will not be able to access and use those portions of the Services that require your Personal Information. If you do not want us to share your Contact Data with any third parties, please email us at [email protected], or select the “opt out” box on our online forms. In addition, we maintain a procedure for you to review and request changes to your Personal Information; this procedure is described in Section 11 below.
11. DATA PROTECTION OFFICER. Company has designated a Data Protection Officer (DPO) to regularly monitor and maintain the systems and processes relating to Company’s proper handling of Personal Data Information, and to make sure that appropriate safeguards be in place to ensure that any processing and retention of Personal Data complies with the GDPR. Moreover, the Company shall be responsible for onward transfer and the record-keeping relating to all processing activities, for the purposes of demonstrating compliance with GDPR, should a compliance audit be requested.
12. PROCESS TO ACCESS, UPDATE, CORRECT, OR ERASE PERSONAL INFORMATION. We maintain a procedure in order to help you confirm that your Personal Information remains correct and up-to-date. At any time, you may visit your personal profile at https://www.30daysinger.com/settings/account. Through your personal profile you may: (a) review and update your Personal Information that we have already collected; (b) choose whether or not you wish us to send you information about our company, or promotional material from some of our partners; and/or (c) choose whether or not you wish for us to share your Personal Information with third parties.
13. DATA PORTABILITY. Upon your request, Company shall provide your Personal Data in a machine-readable format, or electronically transmit your Personal Data, directly to another Controller.
14. NOTICE CONCERNING CHILDREN. Our Services are intended for a general audience, and we do not direct any of our content specifically at children under 13 years of age. We understand and are committed to respecting the sensitive nature of children’s privacy online. If we learn or have reason to suspect that a user of our Services is under age 13, we will promptly delete any personal information in that user’s account. Special notice regarding Citizens and residents of the European Union: Citizens of the EU who are younger than 16-years-old may provide personal information provided consent is actually given or authorized by the holder of parental responsibility over the child.
15. LOST OR STOLEN INFORMATION. You must promptly notify us if your credit card, user name, or password is lost, stolen, or used without permission. In such an event, we will remove that credit card number, user name, or password from your account and update our records accordingly.
16. PUBLICLY-RELEASED INFORMATION. The Services contain links to other third-party websites. We are not responsible for the privacy practices or the content of such websites. We also make chat rooms, forums, message boards, and news groups available to you. Please understand that any information you voluntarily disclose in these areas becomes public information and is not our responsibility. Thereafter, you should exercise caution when deciding to disclose your Personal Information in such venues.
17. DISPUTES REGARDING PERSONAL DATA COMPLAINTS
b. Good Faith Negotiation; Arbitration. Should the dispute not be resolved satisfactorily in good faith negotiations between you and the Company, Company shall act in good faith to provide, free of charge, accessible and independent dispute resolution though an independent dispute resolution service provider located in San Francisco, California. Should that not be successful, either party may then elect to resolve any remaining dispute through a neutral, binding, non-appearance-based arbitration under the Commercial Rules of Arbitration of the American Arbitration Association conducted in San Francisco, California. The Arbitrator and the parties must comply with the following rules: (a) the arbitration will be conducted, at the option of the party seeking relief, by telephone, online or based solely on written submissions; (b) the arbitration will not involve any personal appearance by the parties or witnesses unless otherwise mutually agreed by the parties; and (c) any judgment on the award rendered by the arbitrator may be entered in any court of competent jurisdiction.
THE PARTIES ACKNOWLEDGE AND AGREE THAT THE FOREGOING DISPUTE RESOLUTION AGREEMENTS RESULT IN EACH PARTY GIVING UP HIS, HER OR ITS RIGHT TO A JURY TRIAL OF ALL ISSUES. EACH PARTY HEREBY EXPRESSLY WAIVES HIS, HER, OR ITS RIGHT TO A JURY TRIAL WITH RESPECT TO ANY AND ALL DISPUTED ISSUES IN ANY MANNER RELATING TO OR ARISING OUT OF THE TERMS AND CONDITIONS OR PERFORMANCE OR NON-PERFORMANCE OF TERMS AND CONDITIONS OF THIS AGREEMENT.
c. No Class Actions. You and Company agree that you may bring claims against the other only in your individual capacity and not as a plaintiff or class member in any purported class or representative proceeding. Further, you agree that the arbitrator may not consolidate proceedings of more than one person’s claims and may not otherwise preside over any form of a representative or class proceeding.
d. Cause of Action. You agree that regardless of any statute or law to the contrary, any claim or cause of action arising out of or related to use of this Agreement must be filed within one (1) year after such claim or cause of action arose or be forever barred.