OUR ROLE IN DATA PROCESSING 

To the extent the General Data Protection Regulation (“GDPR”), Regulation (EU) 2016/679, and the UK Data Protection Act 2018 (“DPA”) apply (collectively referred to in this Privacy Notice as “EU or UK data protection laws”), the entity responsible for the collection and use (processing) of your personal information is Discovery Education Inc., which, is the data controller. You can contact DreamBox on any of the methods set out below:

US contact details: by email at privacy@discoveryed.com, by telephone at 1-800-323-9084, or by sending a letter to 4350 Congress Street, Suite 700, Charlotte, NC 28209, USA.

UK contact details: email at ukprivacy@discoveryed.com, by telephone on 0800 6 527 527, or by sending a letter to Attn Marissa Jones, 9 Palace Yard Mews, Bath, BA1 2NH, UK.

EU contact details: email at datarequest@datarep.com or by sending a letter to DataRep, St Johannesgatan 2, 4^th Floor, Malmo, SE – 211 46, Sweden.

PERSONAL INFORMATION WE COLLECT, WHY AND FOR HOW LONG

We collect personal information, which is information relating to you as an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly. As used in this Privacy Notice, “personal information” includes “Personal Data”, as defined under the GDPR and DPA.

We collect personal information as you engage with our Services.

If you are a Teacher User, this includes when you:

• Sign up as a Teacher User. When you sign up for the Learning Apps as a Teacher User, we collect, from you, your identifiers (name, email address, and phone number (if provided)), your professional or employment-related information (school name, address and district, job title), and your sensitive login details (password) in encrypted format. If you sign up via Google SSO, we will not collect your password, and your usage of the SSO will be governed by the relevant Google policies. If you add a phone number, we may contact you at the number provided. We use this information to set up your account, manage the account, and to respond to your queries. To the extent the EU or UK data protection laws apply, the legal basis for this processing activity is the performance of a contract. If you do not provide this information, we will not be able to set up your account. We also use this information to send you, through our third-party email provider, emails necessary to the Services, and if you opt-in to receiving them, marketing emails to provide you additional promotional information about the Services. To the extent the EU or UK data protection laws apply, the legal basis for this processing is your consent. You may withdraw your consent (unsubscribe) at any time by clicking the “unsubscribe” link included at the bottom of each email we send to you. However, we will continue to send you service-related messages. Our communications contain tracking technologies, to analyze whether a predefined action took place by a recipient, such as opening our communications and other engagement metrics such as timestamps, delivery status, whether an email was forwarded, clicks within an email, as well as sender and recipient addresses to better adapt and distribute our communications. When you opt-in to our marketing communications, you will be automatically opted-in to the use of these technologies. You can avoid downloading the pixel by rejecting the download of images in the email. We use this information to understand the effectiveness of the email messages.

• Use the Learning Apps. When you use the Learning Apps, we automatically collect, through cookies and similar technologies, your internet or other electronic network activity information (usage data (e.g., time stamps)), your online identifiers (IP address), and your usage information (what topic you are clicking, how you interact with the system). We use this information to create aggregated usage reports and to understand how teachers are using the Learning Apps and to send you messages in the applicable platform. We retain this information for as long as your account exists, unless specified otherwise.

• Request a demo. When you request a demo of the Learning Apps, we collect, from you, your identifiers (name, email address, telephone number, country), your professional or employment-related information (job title), your selected product interest, and any additional information you choose to include in your message. We use this information to schedule and facilitate a demonstration of the Learning Apps. To the extent the EU or UK data protection laws apply, the legal basis for this processing is that it is necessary for the performance of the service requested by you. Please note that if you request a demo of Reading Plus, we will share your information with Reading Solutions, our third-party reseller of Reading Plus for marketing purposes. To the extent the EU or UK data protection laws apply, the legal basis for this processing is your consent. You may revoke your consent at any time with effect going forward by emailing us at privacy@discoveryed.com. For information regarding Reading Solutions’ collection and use of personal information, please see Reading Solutions’ Privacy Policy.

• Create a Student User account. Student User accounts are created by a teacher, parent, or guardian. When a Student User account is created, we collect, from the creator of the account, the student’s identifiers (name, date of birth, classroom name, class year) and login credentials, and if you are creating a Student User account associated with a Teacher Account, you have the option to also provide additional identifiers (email address). We use this information to create a Student User ID and manage the Student User account. To the extent the EU or UK data protection laws apply, the legal basis for the processing is that it is necessary for the performance of a contract.

Teacher Users can access the following student data associated with Student Users linked to their Classroom: name, grade level, avatar, background themes, demographic data (gender, date of birth, race), usage information, educational progress information (how many lessons they did, assignment history, login credentials, student ID, and alerts and achievements, ongoing assignments, recent achievements, how often the student logs in, rough metrics on how much time they spend in the Learning Apps, and a detailed breakdown of their ability in different areas in the curriculum (including areas needing improvement).

If you are a Parent/Guardian User, this includes when you:

• Sign up as a Parent User. When you sign up for the Learning Apps as a Parent User, we collect, from you, your identifiers (name, email address, postal code or mailing address, and telephone number (if provided)), your child’s identifiers (name, class year, date of birth (if provided)), protected classifications (race and gender (if provided)), and sensitive log-in information (password). We use this information to create and manage your account, to start your child at a position in the curriculum appropriate for your child’s current grade, and to customize reports on your Family Dashboard. To the extent the EU or UK data protection laws apply, the legal basis for this processing is that it is necessary to perform a contract or, if applicable, to comply with legal our obligations. The processing condition for the processing of this sensitive information (race) is, depending on the laws of the relevant member state, the safeguarding of the child’s rights (Art. 9(2)(b) GDPR). We may send informational materials to your mailing address.

• Purchase a subscription. When you purchase a subscription, we collect, from you or from our third-party payment processor, Stripe, your identifiers (name, email address, physical address) and your sensitive financial information (credit/debit card number, security code, expiration date). We use this information to process your payment for the selected subscription, using the services of a third-party vendor and only get access to card type, and the last four digits of the card. To the extent the EU or UK data protection laws apply, the legal basis for this processing activity is the performance of a contract. Please see Stripe’s Privacy Policy for information regarding Stripe’s collection and use of personal information.

Parents/guardians can view, through the Family Dashboard, information with respect to the Student Users linked to their family account, namely: the student’s name and account details, ongoing assignments, recent achievements, how many lessons they did, how often the student logs in, rough metrics on how much time they spend in the Learning Apps, and a detailed breakdown of their ability in different areas in the curriculum (including areas needing improvement). Parents/guardian’s also receive a notification each time their student completes a lesson within the Learning Apps.

For Student Users, this includes when the student:

For students under 16 years old, the collection and processing is conditioned on the consent of the parents (or legal guardians).

• Updates their Student User profile. When a student updates their Student User profile, we collect, from the student, their avatar preferences (visual appearance). We use this information to update the student’s Student User profile. A student’s avatar selection is viewable by other student’s on the Classroom log-in page.

• Sends feedback to DreamBox. When a student sends feedback to DreamBox, we collect, from the student, any information the student chooses to include in their message, as well as collect a screenshot of the student’s screen and session data. We use this information to troubleshoot technical issues, address concerns related to the product that are included in the feedback, and to improve the product based on such feedback. We do not respond to the student’s feedback message.

• Uses the Learning Apps. When a student uses the Learning Apps, we automatically collect the student’s internet or other electronic network activity information (usage data (e.g., time spent on each problem, what items were clicked, how the student answered)), the student’s online identifiers (IP address), and the student’s education information (participation history and performance data). We use this information to provide and improve the Learning Apps by: (i) monitoring the progress of the student; (ii) adapting question content and modifying the sequencing of the learning path and/or the level of difficulty of questions the student receives in real time; (iii) creating student diagnostic reports (which are then shared with the student’s parent/guardian and teachers); (iv) diagnosing and repairing errors; and (v) allocating prizes/rewards to the student’s profile, when earned.

We also receive, from schools, educational information (records of diagnostic assessments performed on the students including the name of the test, the score, the date of the test). At their election, schools may also provide sensitive demographic data (ethnicity and race), special education status, information regarding assisted lunch, and English language leaner (ELL) status. We use this information to correlate this to an individual student’s play history in the program in order to optimize the system for better test performance, as well as to aid schools in their advancement of equity efforts and to verify compliance with state, jurisdiction, and school district requirements. We do not share this information other than with the relevant schools. Additionally, we also receive personal information indirectly from schools through our rostering and SSO service provider for purposes of facilitating access to the Learning Apps.

• Completes a survey. When a student completes a survey at the end of a lesson, we collect, from the student, their responses to the survey and use this information to improve the product and educational content. To the extent the EU or UK data protection laws apply, the legal basis for this processing activity is our legitimate interest in identifying common issues with the product or educational content. These surveys are offered randomly to a randomized subset of students after the completion of certain lessons.

• Messages their teacher. When a student receives a written communication from their teacher, the student can respond by selecting one of several emojis to communicate their reaction to the teacher’s message. We retain these messages for a period of 90 days.

If you are a website visitor, this includes when you:

• Contact Customer Support. When you contact customer support, we collect, from you, your personal identifiers (name and email address), your “role” (i.e., school administrator, teacher, family/guardian), and any additional information you choose to include your message. We use this information to respond to your questions or inquiries and to troubleshoot where necessary. To the extent the EU or UK data protection laws apply, the legal basis for the processing of this information is that it is necessary for the performance of the service requested by you.

• Sign up for our newsletter. When you sign up to receive our newsletter, we collect, from you, your identifiers (email address). We use this information to send you updates and editorial content. To the extent the EU or UK data protection laws apply, the legal basis for this processing is your consent. You may revoke your consent at any time with effect moving forward by clicking the “unsubscribe” link included with each newsletter we send you. Our communications contain tracking technologies, to analyze whether a predefined action took place by a recipient, such as opening our communications and other engagement metrics such as timestamps, delivery status, whether an email was forwarded, clicks within an email, as well as sender and recipient addresses to better adapt and distribute our communications. When you opt-in to our marketing communications, you will be automatically opted-in to the use of these technologies. You can avoid downloading the pixel by rejecting the download of images in the email.

• Interact with us on social media. When you interact with our social media pages on social networking websites, such as Facebook, X, LinkedIn, Instagram, and YouTube (each a “Social Media Page” and collectively, “Social Media Pages”), we collect basic engagement metrics and use it to tailor content and marketing and use it to improve user experience as set forth in this section. Please note that we do not control the use or storage of the information that you have posted to any social networking websites. This information is collected and processed by the social networking websites for their own purposes, including marketing. For more information on how Facebook, X, LinkedIn, Instagram, and YouTube use your personal information, please see Facebook’s Privacy Policy, X’s Privacy Policy, LinkedIn’s Privacy Policy, Instagram’s Privacy Policy, and YouTube’s Privacy Policy.

Facebook, X, LinkedIn, Instagram and YouTube (the “Social Networks”) process personal information in the USA where the laws may be less protective than in your country of residence. For example, in accordance with U.S. laws, in certain circumstances, courts, law enforcement agencies, regulatory agencies, or security authorities in other countries may be entitled to access your personal data.

• Social Media Pages. When interacting with our Social Media Pages, we collect, from you, your personal identifiers (first and last name) and visual information (photograph (i.e., profile picture)), as well as any information that you provide when interacting with our Social Media Pages (e.g., commenting, sharing, and rating). We use this information to advertise our products, for events and invitations, and to communicate with users via the contribution and comment function. To the extent the EU or UK data protection laws apply, the legal basis for the processing is our legitimate interest in advertising our products via our Social Media Pages and communicating with users, customers, and interested parties. Because our Social Media Pages are publicly accessible, when you use them to interact with other users, for example by posting, leaving comments or liking or sharing posts, any personal information that you post in them or provide when registering can be viewed by others or used by them as they see fit. The content posted on our Social Media Pages or other public areas of social networking websites can be deleted in the same way as other content that you have created. If at any time you want content posted to be deleted, please email your request to us at privacy@discoveryed.com.

• Community Management. We collect, from you, your contact, including “likes”, shares, messages and other interactions with the content, in order to analyze and evaluate how our content is perceived, to learn from it, and to improve our public relations efforts. To the extent the EU and UK data protection laws apply, the legal basis for analyzing your content is our legitimate interest in organizing, facilitating, and optimizing communication with our users and the general public. If you object to this processing of your personal information and believe you have an overriding interest, you can submit your objection via email to privacy@discoveryed.com.

• Events and Photos. When you register for an event on our Social Media Pages, we collect, from you, your personal identifiers (first and last name, email address, telephone number, physical address, and any other information you provide). We use this information to create and manage the event (e.g., to create the guest list, accreditation and admission control, room and personnel planning, planning the catering) as well as to send you your invitation and notifications about the event. We also use this information for prevention of fraud and defense against legal claims. To the extent the EU or UK data protection laws apply, the legal basis for processing your information to facilitate your attendance is the necessity for the performance of a contract with you. If you do not provide this information, you would not be able to participate in the event. The legal basis for the other uses is our legitimate interest in fraud prevention.  At events for which you have registered, photos and video recordings may be made (possibly by a photographer commissioned by us), in which you may also be shown. If you are the central subject of a recording, the photographer will ask you before the recording/taking the photo whether you agree and consent. We use the photos for our public relations and marketing on our various media/digital media outlets. To the extent the EU or UK data protection laws apply, the legal basis for processing your photos where you are the subject is your consent. You can revoke your consent with effect going forward via email to privacy@discoveryed.com. The legal basis for taking and publishing photos where you are in the background is our legitimate interest in public relations. If you object to this processing of your personal information and believe you have an overriding interest, you can submit your objection via email to privacy@discoveryed.com.

• Page Insights. When you visit our Social Media Page, the applicable Social Network records your IP address and other information about your usage behavior on our Social Media Page. The Social Network collects this information through trackers in the browser of your device or via the advertising ID (IDFA from Apple or GAID from Google), when you open the Social Network app through your mobile device (e.g., smartphone or tablet). The Social Network uses this information to provide us with statistical evaluations of the use of our Social Media Page. We receive this information directly from Social Network, in the form of aggregated data and anonymous statistics regarding certain data points, such as: age; gender; city/country; device; inquiries from fans about other Social Media Pages; region and language settings of the users; proportion of men and women; the number of people reached; clicks on posts, “likes” and reactions; comments and shared content; and total video views. We use this information to analyze and improve the advertising campaigns we conduct through our Social Media Pages. We do not collect or process any other personal information in connection with Social Network “Page Insights” function.

To the extent the EU and UK data protection laws apply, we are joint controllers with the Social Network for this processing. For the purpose of the EU and UK data protection laws, the legal basis for this processing is our legitimate interest in statistical evaluation of users on our Social Media Page for the improvement and adjustment of our advertising measures based on the information collected. If you object to this processing of your personal information and believe you have an overriding interest, you can submit your objection via email to privacy@discoveryed.com.

We do not retain this information independently. For information on data protection and the storage period on the Social Network in relation to its Insights function, see the Social Network privacy policy linked above. It has been contractually agreed with the Social Network that the Social Network is responsible for providing you with information about the processing for Page Insights.

• Information Processed Solely by Social Networks. We do not know how the Social Networks use personal information for their own purposes, how long the personal information is stored on the Social Networks or whether the Social Networks’ data is passed on to third parties. If you are currently logged in to a Social Network as a user, the Social Network automatically collects, through trackers on your device, your Social Network ID or a link between the Social Network ID and the advertising ID (IDFA from Apple or GAID from Google) when you open the Social Network app through your mobile device (e.g., smartphone or tablet). This enables the Social Network to understand that you have visited our Social Media Page along with other social media pages that you have clicked on, whether you clicked on Social Network buttons integrated into websites that partner with the Social Network, and other online interactions that report user data to the Social Network. Based on this data, content or advertising tailored to you can be offered. You can find more information about the personal information collected by Social Networks, how it is used and how long it is stored by visiting the Social Network’s privacy policies, linked above.

• Interact with the Website. In addition to the personal information you provide directly to us, if you consent to the deployment of cookies and other tracking technologies, we will also collect information from you automatically as you use the Website via cookies, pixels, web beacons, and similar tracking technologies. To the extent the EU or UK data protection laws apply to placement of cookies on our Website, the legal basis for this processing is your consent. You may withdraw your consent at any time with effect moving forward by visiting Your Privacy Choices. To the extent the EU or UK data protection laws apply, the legal basis for the placement and access of strictly necessary cookies is the performance of a contract. These cookies are necessary to provide the Website to you.

We use essential, performance, marketing, and analytics cookies to collect parent and teacher usage, device, and location information (determined through your IP address) when you interact with the Website. We use this information to: (i) enhance user experience on the Website; (ii) conduct analytics to improve the Website; (iii) prevent fraudulent use of the Website and detect unlawful activity; and (iv) diagnosis and repair Website errors, and, in cases of abuse, track and mitigate the abuse. Analytics and advertising cookies may be considered a sale or sharing under the California Privacy Rights Act. To opt out, please visit Your Privacy Choices. To learn more about your privacy choices, please see YOUR INFORMATION CHOICES.

Particular third-party cookies to note on our Website include the following:

• Google Analytics. We use Google Analytics to collect information on your use of the Website for its improvement. To collect this information, Google Analytics installs cookies on your browser or reads cookies that are already there. Google Analytics also receives information about you from applications you have downloaded that partner with Google. We do not combine the information collected through the use of Google Analytics with personal information. Google’s ability to use and share information collected by Google Analytics about your visits to our Website or to another application which partners with Google is restricted by the Google Analytics Terms of Use and Privacy Policy. To prevent your data from being used by Google Analytics, you can download the Google Analytics opt-out browser add-on, which can be accessed here. To opt out, please visit Your Privacy Choices.

• Adobe Marketo Engage. We utilize Adobe Marketo Engage to collect information on your interaction with our Website, including your web browsing activity, device information, IP address (which may be used to approximate your general location), the URL of the web page from which you navigate to our Website, the web search you performed that led you to our Website, social media profile information, purchasing history, and whether you clicked on any of our online advertisements. This information is collected via third-party cookies and similar technologies, such as web beacons (also known as tags or pixels) that Adobe Marketo Engage sets on your web browser. We use this information to manage our online content, improve the performance of our Website, and conduct targeted advertising campaigns. Please review Adobe’s Privacy Policy for additional information on how Adobe Marketo Engage uses the information collected. To prevent your data from being used by Adobe Marketo Engage, you may opt out here. To opt out, please visit Your Privacy Choices.

• Firebase Crashlytics SDK. We use the Firebase Crashlytics SDK to collect crash report information, including log data, user interactions occurring immediately before a crash occurs, crash counts, and user IDs. We use this information to enable crash reporting and crash management services, as well as share this information with our developers to analyze and prevent subsequent crashes from occurring in the future. Please review Firebase’s Privacy and Security Terms for additional information on how Firebase uses the information collected. To opt out, please visit Your Privacy Choices.
• Aggregate and anonymize data. We aggregate and anonymize the data we collect for benchmarking purposes and for internal analytics. We maintain and use this data in deidentified form. We will not attempt to reidentify the data, unless it is necessary to determine whether our deidentification processes satisfy applicable data protection laws.

DreamBox will also use the personal information we collect as described in this section to comply with the law, to efficiently maintain our business, and for other limited circumstances as described in HOW WE SHARE YOUR PERSONAL INFORMATION.

DATA RETENTION

Unless otherwise stated in this Privacy Notice, we retain your personal information (i) for as long as the relevant account exists, (ii) until we no longer need your information to fulfill the purposes for which we collected it, or (iii) until we receive a valid request to delete the information, in which case we will delete or anonymize the information within 30 days after receiving the request. If your account is associated with a school or school district, we will delete the information in your account 90 days after the applicable subscription agreement expires. However, we may need to use and retain your personal information for longer than the periods indicated above for purposes of:

• Compliance with our legal obligations. For example, retaining your records for the purpose of accounting, dispute resolution, and compliance with labor, tax, and financial regulations.
• Meeting our safety and security commitments. Such as keeping our properties secure and preventing fraud.
• Exercising or defending legal claims. We also may need to retain personal information for longer than the periods indicated above in order to respond to legal process or enforceable governmental requests, or to enforce our contracts or Terms of Use, including investigation of potential violations.

YOUR INFORMATION CHOICES

You have the following choices with respect to your personal information:

• Opt out of marketing communications. You may opt out of receiving marketing emails from us by clicking the “unsubscribe” link provided at the bottom of each email we send. Please note that we will continue to send you notifications necessary to the Services.
• Correct or view your information. You may send an email to privacy@discoveryed.com to correct or view certain personal information of yours in our possession.
• Opt out of Google Analytics. To prevent your data from being used by Google Analytics, you can download the Google Analytics opt-out browser, which can be accessed here.
• Opt Out of Adobe Marketo Engage. To prevent your data from being used by Adobe Marketo Engage, you may opt out here.
• Opt out of interest-based advertising. All session cookies are temporary and expire after you close your web browser. Persistent cookies can be removed by following your web browser’s directions. To find out how to see what cookies have been set on your computer or device, and how to reject and delete the cookies, please visit: https://www.aboutcookies.org/. Please note that each web browser is different. To find information relating to your browser, visit the browser developer’s Website and mobile application. If you reset your web browser to refuse all cookies or to indicate when a cookie is being sent, some features of our website may not function properly. If you choose to opt out, we will place an “opt-out cookie” on your device. The “opt-out cookie” is browser specific and device specific and only lasts until cookies are cleared from your browser or device. The opt-out cookie will not work for essential cookies. If the cookie is removed or deleted, if you upgrade your browser or if you visit us from a different computer, you will need to return and update your preferences. By clicking on the “Opt-Out” links below, you will be directed to the respective third-party website where your computer will be scanned to determine who maintains cookies on you. At that time, you can either choose to opt out of all targeted advertising or you can choose to opt out of targeted advertising by selecting individual companies who maintain a cookie on your machine. Please note that DreamBox adheres to the Digital Advertising Alliance’s self-regulatory principles.
• • Network Advertising Initiative (NAI) Opt-Out: https://www.networkadvertising.org/managing/opt_out.asp
  • Digital Advertising Alliance (DAA) Opt-Out: https://optout.aboutads.info
  • European Union (EU) /European Economic Area (EEA) Opt-Out: http://www.youronlinechoices.eu
  • In general, to disable cookies and limit the collection and use of information through them, you can set your browser to refuse cookies or indicate when a cookie is being sent.
• Opt out of email tracking. You can disable this tracking by blocking automatic loading of images in your email.

INFORMATION SECURITY

DreamBox maintains ISO 27001 certification. We implement appropriate technical and organizational security measures, such as access controls and encryption, to protect the personal information that we collect and maintain from unauthorized access, destruction, use, modification, or disclosure. Additional measures include firewalls, muti-factor authentication via single sign on, malware protection, regular staff training, and robust incident response procedures. However, no security measure or modality of data transmission is 100% secure, and we are unable to guarantee the absolute security of the personal information we have collected from you.

CHANGES TO THIS PRIVACY NOTICE

We may amend this Privacy Notice in our sole discretion at any time. If we do, we will post the changes to this page, and will indicate the date the changes go into effect. We encourage you to review our Privacy Notice to stay informed. If we make changes that materially affect Your Privacy Choices, we will notify you by prominent posting on the Website and/or via email, and obtain your consent, if required.

CONTACT US  

If you have any questions or concerns regarding this Privacy Notice, please contact us by email at privacy@discoveryed.com, or by telephone at 1-800-323-9084.