This Privacy Notice applies to Teaching Strategies, LLC Software as a Service products, located on the Web site https://tadpoles.com (the “Site”). The Site is owned and operated by Teaching Strategies, LLC (“Teaching Strategies”). Teaching Strategies makes the following available on the Site: Tadpoles provides an online platform for educators and families to connect to their child’s development by sharing photos, videos, and notes from their day (the “Services”). Teaching Strategies is committed to ensuring the privacy and accuracy of the information collected on the Site. This Privacy Notice identifies the information that Teaching Strategies collects from users and visitors of the Site and describes how we will use, share, and otherwise process the information we have collected.
This document is organized as follows:
- What Information We Collect
- How We Protect and Secure Our User’s Information
- How We Use The Information We Collect
- When and How We Share Information
- International Visitors
- We Do Not Collect Information from Children
- How Users Can Correct Their Information
- Data Release and Deletion Request
- Links to Third Party Sites and Listservs
- Data Tracking
- Disclaimer of Liability
A. WHAT INFORMATION WE COLLECT
Tadpoles collects Authorized User Data and Child Data. The Data includes Personally Identifiable Information (PII), which means information that may identify an individual child or Authorized User. Tadpoles complies with applicable laws, regulations, industry standards, and contracts and agreements pertaining to the safeguarding of PII. The Data are provided by the users who have purchased the Services (“Customer”) and users provided access to the Services by the Customer (each an “Authorized User”).
The Data is limited information that can be used to personally identify an Authorized Users and children. This information is required before the Authorized User can access the Services (whether on a trial basis or through a paid subscription).
There are two kinds of Data:
Authorized User Data; including caregivers, teachers, school administrators.
- First name & last name (optional)
- Telephone number (optional)
- First name, last name
- Date of Birth (DoB) – Used to validate age-appropriate daily activities reports
B. HOW WE PROTECT AND SECURE OUR USER’S INFORMATION
We utilize technical, administrative, and physical procedures to help ensure Data is protected from unauthorized access, disclosure, or alteration.
You may have the right to restrict or object to the processing of your personal information or to exercise a right to data portability under applicable law.
We have implemented industry standard safeguards designed to prevent loss, misuse and unauthorized access, disclosure or modification of personal data provided or collected through the Teaching Strategies Services. With respect to personal data collected through the Teaching Strategies Services, we use Transport Layer Security (TLS) to encrypt or scramble that information during transmission and Advanced Encryption Standard (AES) to encrypt the data at rest.
- Data Storage and Security: Secure data centers, located within the continental United States, house all personal data. These data centers are continuously monitored and audited annually.
- Disclosures: The uses and disclosures of personal data are in compliance with state and federal laws designed to protect such information. Only authorized individuals, including Teaching Strategies employees and subcontractors, have access to personal data, and their authorization is constantly reviewed and verified by a cross functional working group, which includes the Information Security Officer and senior Legal Department and People Operations staff. Individuals authorized to have access to personal data are limited to only those who need access to that data in order to perform the work necessary under our contractual arrangements with our Customers.
- Google authentication: For those users who have Gmail accounts, we require that they authenticate through Google. This is for the following security and privacy reasons:
- Authenticating directly to Google prevents the user from ever having to send any password information to our system
- Authenticating directly to Google allows for the user to use the most secure authentication mechanisms such as two factor authentication
- Authenticating directly to Google allows us to know absolutely certainly that the user is the owner of the email address provided
- In order to ensure that the user authenticating via Google is the actual owner of the email address and therefore allowed to view communications that have been sent to that email address, we ask for access to verify the user's Google profile and email address. This does not grant any access to any user content stored with Google, nor does it grant access to post any information to the user's Google+ account. We do not and will never request access to any emails, photos, Google+ posts or any content in the user's Google+ account.
- Accountability: All Teaching Strategies employees and subcontractors are accountable for the Security and Privacy of the personal data we maintain. This notice applies to all computing systems, networks, business processes, and the verbal transmission of information.
- Security Incidents: In the event of a verified security breach that results in an unauthorized release or exposure of Authorized User Data or Child Data, Teaching Strategies will take steps to immediately identify and remediate the cause of such Security Incident. Teaching Strategies shall notify the Customers whose data was affected consistent with contract obligations and applicable laws.
C. HOW WE USE THE INFORMATION WE COLLECT
Only for Authorized Purposes: We only use information we collect for the educational purposes for which we were authorized by our Subscribers.
Personal Data: We will use the personal data provided to register the membership and to set up and maintain the account. We will also use personal data to notify Authorized Users of updates to the Site and our Services, and for contact purposes if we need more information. If an Authorized User has purchased a subscription to use the Services, we will use the financial information provided to bill the Authorized User.
If the Authorized User has registered to use the Services through a school, school district, child care center, Head Start program, or other organization that has purchased a subscription from Teaching Strategies, any personal data that the Authorized User provides may be accessible by the organizations that purchased the Services, as outlined in the contract with the organization.
We do not use automatic decision-making or engage in profiling.
In the event that circumstances require us to process your personal data for a purpose other than the purpose for which it was collected, we will provide you with information regarding the purpose for the processing, as well as other relevant information, prior to processing your personal data for the new purpose.
Please see Section D. below for applicable circumstances.
D. WHEN AND HOW WE SHARE INFORMATION
We share information only for the educational purpose of the work. We do not share personal data for advertising or any other use outside of the stated purpose for the Service.
We will not sell or distribute user information or data collected from use of the Services.
We vigilantly review our policies and practices to ensure compliance where required with the Federal Educational Rights and Privacy Act (FERPA) and applicable state law and regulations.
We will not disclose any of the personal data we collect to any third parties except as described in C above and in the following limited circumstances:
- Disclosures that are necessary to carry out the scope of work. We may use subcontractors to carry out functions within the scope of work when it is in compliance with GDPR, federal, and state law, and with applicable agreements. In such circumstances, the subcontractor is acting as a Teaching Strategies employee and is required to comply with the privacy and security requirements and safeguards that apply to Teaching Strategies and all of its employees. This includes all applicable federal laws, state laws and regulations, and contractual agreements.
- Legally compelled disclosures. We will disclose the data we collect if required to do so by law or in the good-faith belief that disclosure is necessary (a) to obey the law or comply with legal process served on us or our affiliates; (b) to protect and defend our rights or property or the rights or property of other users of our Web site; or (c) to act in an emergency to protect the personal safety of users of our website or the public.
- Company acquisition. In the event that our company is acquired, we may share the data with the acquirer to continue to provide services to you. The acquirer will be bound by this Privacy Notice, and we will comply with all contractual agreements with our Customer that require us to disclose any acquisition of Teaching Strategies.
- Analytics. We may work with third parties that collect data about your use of the Site and other sites or apps over time for non-advertising purposes. For example, Teaching Strategies uses Google Analytics to improve the performance of the Site and for other analytics purposes. For more information about how Google Analytics collects and uses data when you use our Site, visit https://www.google.com/policies/privacy/partners/ , and to opt out of Google Analytics, visit https://tools.google.com/dlpage/gaoptout/. We do not sell or rent your data: Teaching Strategies, LLC does not sell or rent any data that has been collected through the Services.
E. INTERNATIONAL VISITORS
This section applies to those who visit our Site from the European Economic Area or Switzerland.
- Lawful Basis for Processing On certain occasions, we process your personal data when it is necessary for the performance of a contract to which you are a party, such as to provide services to you that you have requested. We may also process your personal data to respond to your inquiries concerning our products and services. On other occasions, we process your personal data where required by law. We may also process your personal data if necessary to protect your interests or the interests of a third party. Additionally, we process your personal data when it becomes necessary for us to provide important notifications to Customers concerning the Services. We will also use your personal data to communicate with you if you choose to opt into our marketing communications so that you can learn more about our Services and products. However, this interest in providing you with information does not override your data protection rights. Where we process your personal data for this purpose, our legitimate interest is to improve our Services and secure our Site. If the processing of personal data is necessary and there is no statutory basis for such processing, we will ask for your consent to process your personal data. You have the right to withdraw your consent to processing of personal data at any time. If you wish to exercise the right to withdraw consent, contact us via the “Contact” section below for contact information.
- Transfers of Personal Data Please be aware that the personal data we collect may be transferred to and maintained on servers or databases located outside your state, province, country, or other jurisdiction, where the privacy laws may not be as protective as those in your location. If you are located outside of the United States, please be advised that we process and store personal data in the United States.
- Complaints Resolution Teaching Strategies commits to resolve complaints about our collection or use of your personal information. Individuals with inquiries or complaints regarding our Privacy Notice should contact Teaching Strategies at DPO@teachingstrategies.com. If you are affected by the GDPR, please consult the following link for the Teaching Strategies, LLC GDPR Addendum, which states your rights under the GDPR: Teaching Strategies, LLC GDPR Addendum
We will process and store your information only for the period necessary to achieve the purpose of the storage, or as permitted by law.
G. WE DO NOT COLLECT INFORMATION FROM CHILDREN
Our services are not intended to be accessed by anyone under 14 years of age. We respect the sensitive nature of children’s privacy online. The Services are intended for use by schools, school districts, program administrators, teachers, parents, and legal guardians. They are not intended for use by persons under the age of 14. We do not expect and are not aware of children under the age of 14 accessing our site, and we are in full compliance with the legal requirements outlined in COPPA regarding children under the age of 13. If we learn that a user is under 14 years of age, we will promptly delete any personally identifiable information provided by that user.
H. HOW USERS CAN CORRECT THEIR INFORMATION
Users can manage the data they entered: Our Authorized Users are able to manage and modify the information that they provide to us. They may correct or change any of their personal data by logging onto the site and updating or correcting their personal data. Authorized Users may change any of the personal data that they provide by logging onto the Services and modifying the applicable data. If you need assistance modifying the Data, you may contact Teaching Strategies’ support services line at 1-866-736-5913.
I. DATA RELEASE AND DELETION REQUESTS
Teaching Strategies does not own the Authorized User Data or Child Data stored and processed by our software-as-a-service suite of products. The childcare provider or school in which your child is or was previously enrolled has contracted with Teaching Strategies to provide the services associated with collecting that data. As such, all data that we collect for that provider or school is owned by that organization.
Parents can request that any personal information be deleted or they be removed from the Tadpoles program at any time by contacting the childcare director or schools department supervisor to change or delete the personal information collected about his or her child. We may not delete or release data without express written permission from that organization except in limited cases, such as a court order. All data deletion and data release requests must be made directly to your childcare provider or school.
The Tadpoles app provides parents the choice to opt out of email communication. Doing so will disable email sharing and will require you to authenticate via the app or website to access these photos.
Instruction to opt out are here: https://teachingstrategies.force.com/portal/s/article/How-do-families-opt-out-of-emails-from-tadpoles
J. LINKS TO THIRD PARTY SITES AND LISTSERVS
External links: The Site may contain links to other Web sites or refer our users to other resources. We are not responsible for the privacy practices or the content of such web sites or resources, and our users should refer to such web sites and resources for information about how such sites and resources protect the information they collect.
K. DATA TRACKING
Tracking Information: We use the anonymous information we collect to administer our Site, improve our services, determine how the Site is being used, identify popular areas of the Site, and analyze trends and usage patterns. While this anonymous information cannot be used to personally identify users or students:
- Tadpoles uses Branch.io to improve the customer onboarding experience, by identifying if the app is installed on the device, and if not, to take them to the appropriate app in the app store. No PII or sensitive information is shared with Branch.io. Tadpoles does not share any information with Facebook, unless enabled by the user. Tadpoles provides an optional, user-initiated button in the app to post pictures to the user’s Facebook feed if they choose to, additional information is described in this article: https://teachingstrategies.my.site.com/portal/s/article/How-can-my-families-download-photos-and-videos-from-tadpoles
- Tadpoles tracks the delivery status of daily report emails to allow a childcare provider to ensure a parent has received a critical piece of information.
- If you would like to opt out of that delivery status update please notify us at firstname.lastname@example.org
L. CHANGES TO OUR PRIVACY NOTICE
Teaching Strategies may modify or update this Privacy Notice from time to time. The Privacy Notice can be found at https://teachingstrategies.com/agreement-and-policies/ . We encourage you to review this page periodically. If we change the notice in a material manner, such as using personal data in a different way than prior practice, we will make reasonable efforts to provide at least a 30-day notice to our Authorized Users so that they will have sufficient time to evaluate any materials changes in the notice.
M. DISCLAIMER OF LIABILITY
The information contained herein reflects the privacy notice and practices that Teaching Strategies has adopted for the Site. In legal terms, it shall not be construed as a contractual promise, and Teaching Strategies reserves the right to amend it at any time in accordance with Section L above. Any such amendment will become effective, with a 30-day notice, as stated in Section L above. Neither Teaching Strategies nor any of its affiliates, employees, or agents shall be held liable for any improper or incorrect use of the information described and/or contained in the Site and assumes no responsibility for anyone’s use of the information.
If you have any questions or concerns about Teaching Strategies’ information collection and use practices, please contact our Legal Department at: email@example.com.
If you have questions regarding our role as a data controller or processor, please contact us at: DPO@teachingstrategies.com