1. What information do we collect and what do we do with it?
When you enroll as a student or subscriber (“learner”) on our site or related courses, as part of the enrolling process, we collect the following personal information that you give us:
- First Name
- Last Name
- Email Address
- Skill Level
We only request personal information relevant to providing you with a service, and only use it to help provide or improve this service.
We may send you emails about our site and related briefs, courses, registration, learning content, your progress, paid memberships or other updates related to our products and services. We may also use your email to inform you about changes to the briefs, courses, survey you about your usage, or collect your opinion. We may also contact you with updates about our website and services, along with promotional content that we believe may be of interest to you.
2. How do you get my consent?
When you provide us with personal information to become a learner on our site, make a purchase, or participate in the course or brief, you imply that you consent to our collecting it and using it for that specific reason only.
3. How do I withdraw my consent?
If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at any time, by contacting us at firstname.lastname@example.org
If you wish to opt out of receiving emails from us, you can follow the “unsubscribe” instructions provided alongside any email correspondence from us.
4. Children's Privacy
You must be 13 years of age or older to use this Site. This Site is not directed at children under the age of 13. Briefbox does not knowingly collect personal information from children under the age of 13 so if Briefbox discovers a child of under 13 has registered to the Service without parental consent or verification, we will delete their account and personal information as soon as possible.
Briefbox for Educators is available for use by children under the age of 13 under the supervision of an adult such as a teacher, parent or guardian. We will require participating educational institutions to obtain parental consent and then authorise Briefbox to collect personal data from students under the age of 13.
Upon termination of a Briefbox for Educators membership, we will delete all accounts associated with that educational institution. At any time the educational institution may request for a student account to be edited or deleted by writing to email@example.com We will take all reasonable steps to validate the request has been made from the educational institution before granting access or changes to any of the personal information.
We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service https://briefbox.thinkific.com/pages/terms
Our briefs, courses and site are hosted by Thinkific Labs Inc. (“Thinkific”). They provide us with the online course creation platform that allow us to sell our products and services to you.
Your data is stored through Thinkific’s data storage, databases and the general Thinkific application. They store your data on a secure server behind a firewall.
If you make a purchase on our site, we use a third-party payment processor Stripe. Payments are encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our site and related courses and its service providers.
Stripe data is stored in the USA. Stripe is certified with Privacy Shield, this means that the organisation provides a level of protection of your personal data that is deemed adequate by the European Commission.
For more insight, you may also want to read Thinkific’s Terms of Service here https://www.thinkific.com/resources/privacy-policy/ or Privacy Statement here https://www.thinkific.com/resources/terms-of-service/ .
8. Third Party Services
We use third-party services for:
- Payment processing
- Analytics tracking
- Contacting you about our products or services that might be of interest to you
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the way in which your personal information will be handled by these providers.
All personal data required to make payments on the Site are collected directly by our third-party payment provider, Stripe Inc. and are not visible to Briefbox Limited at any point. Briefbox Limited only ever receives the last four digits of your payment card and your card’s expiry date.
Certain providers may be located in, or have facilities that are located in, a different jurisdiction than either you or us. If you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
We may, from time to time, allow limited access to our data by external consultants and agencies for the purpose of analysis and service improvement. This access is only permitted for as long as necessary to perform a specific function. We only work with external agencies whose privacy policies align with ours.
We will refuse government and law enforcement requests for data if we believe a request is too broad or unrelated to its stated purpose. However, we may cooperate if we believe the requested information is necessary and appropriate to comply with legal process, to protect our own rights and property, to protect the safety of the public and any person, to prevent a crime, or to prevent what we reasonably believe to be illegal, legally actionable, or unethical activity.
We do not otherwise share or supply personal information to third parties. We do not sell or rent your personal information to marketers or third parties.
When you click on links on our site, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
We collect cookies or similar tracking technologies. This means information that our website’s server transfers to your computer. This information can be used to track your session on our website. Cookies may also be used to customize our website content for you as an individual. If you are using one of the common Internet web browsers, you can set up your browser to either let you know when you receive a cookie or to deny cookie access to your computer.
Opting out: You can opt out of targeted ads served via specific third-party vendors by visiting the Digital Advertising Alliance’s Opt-Out page.
We may also use automated tracking methods on our websites, in communications with you, and in our products and services, to measure performance and engagement.
Please note that because there is no consistent industry understanding of how to respond to “Do Not Track” signals, we do not alter our data collection and usage practices when we detect such a signal from your browser.
Web Analysis Tools
We may use web analysis tools that are built into the briefbox.me website to measure and collect anonymous session information.
If our site or course is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.
QUESTIONS AND CONTACT INFORMATION
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information, contact our Privacy Compliance Officer at firstname.lastname@example.org
As our learner, you have the right to be informed about how your data is collected and used. You are entitled to know what data we collect about you, and how it is processed. You are entitled to correct and update any personal information about you, and to request this information be deleted. You may amend your account information at any time, using the tools provided in your account control panel.
This policy was is effective as of 06 May 2020.
LEGAL BASIS FOR PROCESSING DATA HELD
The GDPR requires us to state the legal basis upon which we process all personal data for our clients and it requires us to inform our clients of the legal basis on which we process their personal data.
The legal basis on which we process personal information for our contracted clients is:
The legal basis on which we process personal information for contacts/clients existing as at 27 November 2019 is:
The legal basis on which we process personal information for non-contracted clients after 27 November 2019 is: