Last Updated: February 15, 2023
We tailor our privacy practices based on the age of our users. Please refer to our Children’s Privacy Section below to learn about our privacy practices for users who are under the age of 13.
Please read this Policy carefully. If you are under the age of 18, please do so with a parent or legal guardian. If you have any questions about how we collect, use, protect or disclose your Personal Data in connection with our Services, please contact us by email at firstname.lastname@example.org.
SERVICES THROUGH SPONSORS
We may provide our Services directly to you or through agreements we have with a third party such as your school, school district, employer, or other entity (each a “Sponsor”). If you use the Services through a Sponsor, please note that, in addition to our practices described below, the Sponsor’s administrative users – such as teachers or school administrators – may be able to access, use, and disclose the information you provide to us when you use our Services. We are not responsible for, nor do we have control over, how a Sponsor uses or discloses this information.
When we refer to “Personal Data” in this Policy, we mean information that identifies, relates to, describes or is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to a specific person. This might be information that directly identifies someone, such as their name, or it may be information that identifies someone only when combined with other information available to us. Personal Data also includes “Personal Information” as defined in the Children’s Online Privacy Protection Act of 1998, 15 U.S.C. 6501–6505 (“COPPA”) and “Personally Identifiable Information,” as defined in the Family Educational Rights and Privacy Act (20 U.S.C. § 1232g) and the Family Educational Rights and Privacy Act Regulations (34 CFR Part 99) (“FERPA”). However, Personal Data does not include information that is publicly available through government records. Subject to applicable laws, Personal Data also does not include information that has been deidentified or aggregated in a way that it cannot be used to identify a specific individual (“Anonymized Data”). We use Anonymized Data in compliance with applicable laws governing such data.
CATEGORIES OF PERSONAL DATA WE COLLECT
Depending on how you access, use or otherwise interact with our Services, we may collect the following categories of Personal Data about you:
- Identifiers and contact information such as your name, email address, mailing address, telephone number, user ID, password, unique personal identifier, online identifier, IP address and other similar information;
- Demographic information such as your date of birth, gender, and ethnicity;
- Internet and other similar network activity information, such as your operating system, browser type, language preferences, general geographic location, and other similar information associated with a device used to access, use, or interact with the Services;
- Information about your aptitude, skills, and interests, together with other interest-based information that you provide us or that is created through or in connection with your use of the Services, such as your assessment results, career choices, background information, college choices, educational pathway choices, skills information, interests, job choices, certifications attempted and earned, and other data you provide to, or receive from, our Services;
- School and educational information such as your school, grade level, graduation year, school ID, student ID, parent or guardian ID, and other similar information;
- Communication information, such as information contained in voicemails, chats, emails, and other similar information;
- Commercial information, such as records of the Services you purchase, transaction data, payment information, and other similar information.
- Other information you provide to us.
We will not collect additional categories of Personal Data or use the Personal Data we, or third parties acting on our behalf, collect in connection with our Services for materially different, unrelated or incompatible purposes without providing you notice as applicable.
HOW WE COLLECT AND RECEIVE PERSONAL DATA
We collect Personal Data in the following several ways. We, or third parties acting on our behalf, collect most of your Personal Data directly from you. In some cases, we may collect Personal Data from third parties in the ways described in this Policy.
Directly from You
We collect the Personal Data you provide to us directly when you access, use or otherwise interact with our Services, such as when you create an account or complete an assessment.
To operate our Services, monitor our Service quality and continually improve our Services, we automatically receive certain information about you when you use our Services, including, without limitation, information about the device you use to access or interact with our Services, the pages or screens you view, the links you click, your access and session times, and your interactions with emails we send. We refer to this automatically collected data as “Usage Data.” Usage Data generally does not identify you and is thus not considered Personal Data. However, if we link Usage Data with Personal Data or it could otherwise be used to identify you, we will treat the linked Usage Data as Personal Data as described in this Policy.
We collect Usage Data in the following ways:
- We may use other tracking technologies, such as web beacons, clear gifs, and pixel tags. We may use these technologies on or in connection with our Services, including, without limitation, in emails we send. We may also use these technologies to deliver cookies, count visits, understand usage, and observe data on email delivery, open rates, click rates, bounces, unsubscribes and other information.
From Third Parties
We may collect Personal Data about you from third parties, including, without limitation, online and offline sources, entities affiliated with us, our subprocessors and other public or commercial sources (collectively, “Third Parties”). In certain situations, these Third Parties may collect Personal Data directly from you and provide it to us:
- Subprocessors. We may receive Personal Data about you from web hosting providers, analytics providers, payment providers, and other third parties that provide services to us through or in connection with the performance of our Services or the operation of our Services (“Subprocessors”).
- Sponsors. If you use the Services through a Sponsor, we may collect certain information about you from your Sponsor, such as your name, grade, school ID, or employee ID.
- Certification and Content Providers. We may receive certain information from certification providers and other third party content providers that provide their services or content to you through our Services.
- Single-Sign on Providers. If you use our Services through a Sponsor, we may provide you with the ability to register and sign in through a Sponsor-issued credential or by using a preexisting username or password you have with a third party single-sign on provider. In these instances, we may collect information about you from the single-sign on provider to facilitate your registration or account access.
- Integrated Service Providers. Depending on how you use our Services, we may provide you with the ability to access our Services through or in connection with your account with an integrated service provider. In these instances, we may collect information about you from the integrated service provider to facilitate this process.
- Others. Depending on how you use our Services, we may also receive Personal Data about you from other third parties, such as other users of our Services and those that refer you to our Services.
Please note, we may combine the Personal Data and other content and information we receive about you from multiple sources, including, without limitation, Personal Data we collect directly from you and one or more Third Party Sources.
WHY WE COLLECT AND USE YOUR PERSONAL DATA
We primarily use and collect your Personal Data to:
- Deliver, operate, and improve our Services, including without limitation, validate your account, administer certification exams, aptitude assessments, interest surveys, and other similar instruments, as well as recommend career, college, educational pathway, and job choices;
- Customize your experience with our Services;
- Communicate with you, including provide you with information about the Services and, in certain circumstances, provide you with promotional materials about new features and capabilities available to you;
- Customize your search for post-secondary and employment opportunities, and if instructed by you, assist you in engaging with post-secondary institutions and employers;
- Conduct statistical or demographic analysis and invite you to participate in research and evaluation studies;
- Comply with legal and regulatory requirements;
- Carry out our obligations and enforce our rights arising from any contracts we have entered into related to your use of or interaction with the Services, including, without limitation, any contracts between you and us and between us and a Sponsor;
- Protect and defend us against legal actions or claims;
- Cooperate with law enforcement or other governmental agencies for purposes of investigations, national security, public safety or matters of public importance when we are legally required to do so or believe that disclosure of Personal Data is necessary or appropriate to protect the public interest;
- Prevent fraud; and
- Those purposes in which you authorize or instruct us to use your Personal Data.
Additionally, we may use and disclose Anonymized Data for any lawful purposes, which may include, without limitation, research, business development purposes, product development and improvement, and other purposes not described in this Policy. Except as otherwise required under applicable laws, our use and disclosure of such Anonymized Data is not subject to this Policy.
DISCLOSING PERSONAL DATA TO THIRD PARTIES
Except for the limited circumstances described below, we will not disclose your Personal Data to a third party without your express permission to do so. We may disclose certain Personal Data that we have collected or received through your use of the Services with certain third parties, including:
- Subprocessors. We may disclose your Personal Data to our Subprocessors in connection with the services they provide to us, including, without limitation, order fulfillment, email communications, marketing, data hosting, payment processing and fraud protection and prevention. We contractually require our Subprocessors to exercise reasonable care in protecting your Personal Data and restrict their use of your Personal Data to only the purposes for which we provide it to them. Please note, we currently use Stripe to process payments when you purchase Services from us and, as such, do not directly collect or store credit card numbers. To learn more about Stripe’s policies, you can visit its website here.
- Certification and Content Providers. Depending on how you use our Services, we may disclose your Personal Data to certification providers and other third-party content providers that provide their services or content to you through our Services.
- Integrated Service Providers. Depending on how you use our Services, we may disclose your Personal Data to third party integrated service providers through, or in connection with, whom you use and access our Services.
- Sponsors. If you are using our Services through a Sponsor, we may disclose your Personal Data and information about your use of the Services to that Sponsor, including without limitation, status updates on your progress and your assessment results, career choices, college choices, educational pathway choices, skills information, interests, job choices, and other data you provide to or receive from our Services.
- Subsidiaries. We may disclose your Personal Data to our subsidiaries with the understanding that they will treat such information consistent with this Policy.
- Law Enforcement and to Protect Our Rights. To the extent permitted under, or required by, applicable law, we may disclose any Personal Data and other information to government or law enforcement officials or private parties as we believe is necessary or appropriate to investigate, respond to and defend against legal claims, for legal process (including subpoenas), to protect our property and rights of those of a third party, to protect us against liability, for the safety of the public or any person, to prevent or stop any illegal, unethical, fraudulent, abusive or legally actionable activity, to protect the security and integrity of our Services and any equipment used to make our Services available or to comply with applicable laws.
- Prospective Employers and Post-Secondary Institutions. We may provide you with opportunities to connect with prospective employers, post-secondary institutions, and other relevant third-party collaborators through optional sharing features in the Services that you control. We will only disclose your Personal Data to these third parties with your explicit consent or when you instruct us to do so.
THIRD PARTY WEBSITES
If you use our Services through a Sponsor, you may access our Services through a website hosted by that Sponsor. We do not control the content or links that appear on those websites and are not responsible for any content of such websites or any links those websites provide.
HOW TO MANAGE YOUR PERSONAL DATA
We offer you several choices with respect to how we use your Personal Data.
- To update or correct any Personal Data you have provided us or update your preferences, please make such changes directly through the Services or contact our Customer Support at (801) 653-9356 or email@example.com. For questions about our use of your Personal Data, please email us at firstname.lastname@example.org.
- If you receive promotional emails from us regarding our services, you can opt-out of receiving such communications by following the unsubscribe instructions contained in most email messages from us. Your unsubscribe request or email preference changes will be processed promptly, though this process may take several days. During that processing period, you may receive additional marketing and other promotional emails from us. Please note, opting out of these communications will only apply to marketing and other promotional emails and will not apply to any email or other communications we send to you for non-marketing purposes, including, but not limited to, emails and other communications about your interactions with our Services.
- You may request that we de-identify your Personal Data and terminate your account by emailing us at email@example.com. If you are actively using our Services through a Sponsor, please check with your Sponsor before requesting we de-identify your Personal Data to ensure that you do not need that information for any reason. De-identification is permanent, and we cannot recover de-identified Personal Data. If we de-identify your Personal Data at your request, we are not responsible for any impact the absence of your Personal Data has on your relationship with your sponsor (e.g. if that Personal Data was still necessary for you to complete a course requirement, receive credit for a training, or any other such purposes).
- There are some circumstances in which we may not be able to de-identify some or all of your Personal Data. For example, if you are actively using our Services through a Sponsor, we may not be able to de-identify your Personal Data we receive from your Sponsor. A request to delete that information will need to come from your Sponsor. Please note, however, we automatically de-identify the Personal Data we receive about you from a Sponsor within a reasonable period after our contractual relationship with the Sponsor ends.
Please note, we have not yet developed a response to browser “Do Not Track” signals, and do not change any of our data collection practices when we receive such signals. We will continue to evaluate potential responses to “Do Not Track” signals in light of industry developments or legal changes.
PROTECTING YOUR PERSONAL DATA
We are committed to protecting the security of your Personal Data. We use commercially reasonable safeguards to maintain the security and privacy of Personal Data we collect and use in connection with our Services. Although we take precautions to protect against the risk of unauthorized access to your Personal Data, using the internet carries inherent risks and we cannot guarantee the security of any information, including your Personal Data, that you disclose online, and you do so at your own risk.
RETENTION OF PERSONAL DATA
We retain Personal Data only as long as we have a legitimate business purpose to keep it, such as to provide our Services to you; ensure the security and integrity of our Services; and satisfy any legal, regulatory, tax, accounting or reporting requirements.
To determine the appropriate retention period for individual categories of Personal Data we collect, we consider the nature and sensitivity of the Personal Data; the potential risk of harm from unauthorized use or disclosure of the Personal Data; the purposes for which we process that Personal Data, and whether we can fulfill those purposes through other means; and applicable legal, regulatory, tax, accounting, reporting or other requirements.
We design certain limited Services for users under the age of 13 that differ from the Services we provide to other users (“Children’s Services”). We only provide Children’s Services through school Sponsors and rely on the school Sponsor, acting in the stead of parents and guardians as permitted under COPPA, to provide consent for us to collect and use the Personal Data of users under the age of 13.
The operator collecting or maintaining personal information from users under the age of 13 through this online service is YouScience, LLC, 751 Quality Drive, Suite 200, American Fork, UT 84003, (801) 653-9356, firstname.lastname@example.org.
CHANGES AND UPDATES TO THIS POLICY
Because the methods used to protect your Personal Data and the Services we provide are continually evolving, this Policy may change at any time. Unless otherwise noted, those changes will be effective as soon as they are posted. If changes are made to this Policy, we will make it known on our Services or by email and will indicate the last date it was updated above. Please check back periodically to see if our Policy has been updated.
We welcome your questions, comments, and concerns about privacy. Please email us at email@example.com with any questions or feedback you have pertaining to our privacy practices.
EUROPEAN USERS’ RIGHTS
The following information applies ONLY to residents of the European Union (“EU”), Switzerland, or the United Kingdom (“UK”).
If this applies to you, you have certain rights with respect to your Personal Data, and such rights may replace, change, or be in addition to those stated above. Below is a summary of those rights and additional information applicable to our collection and use of your Personal Data.
Legal Basis for Processing Personal Data
If you are located in the EU or Switzerland, we rely on several legal bases to process your Personal Data. These legal bases include where:
- The processing is necessary to perform our contractual obligations, such as to provide you with our Services;
- You have given your prior consent, which you may withdraw at any time (such as for relevant collaborations as described above, or other purposes we obtain your consent for from time to time);
- The processing is necessary to comply with a legal obligation, a court order or to exercise or defend legal claims; and
- The processing is necessary for the purposes of our legitimate interests, such as in improving, personalizing, and developing our Services, marketing new features or products that may be of interest, and promoting safety and security as described above.
If you have any questions about or would like further information concerning the legal bases on which we collect and use your Personal Data, please contact us by emailing firstname.lastname@example.org.
Rights Under the General Data Protection Regulation
By statute, you have the following rights in respect of your Personal Data that we hold:
- Right of access. The right to obtain access to your Personal Data.
- Right to rectification. The right to obtain rectification of your Personal Data without undue delay where that Personal Data is inaccurate or incomplete.
- Right to erasure. The right to obtain the erasure of your Personal Data without undue delay in certain circumstances, such as where the Personal Data is no longer necessary in relation to the purposes for which it was collected or processed.
- Right to restriction. The right to obtain the restriction of the processing undertaken by us on your Personal Data in certain circumstances, such as where the accuracy of the Personal Data is contested by you, for a period enabling us to verify the accuracy of that Personal Data.
- Right to portability. The right to portability allows you to move, copy or transfer Personal Data easily from one organization to another.
- Right to object. You have a right to object to the processing of your Personal Data for direct marketing purposes and for purposes based on our legitimate interests.
If you wish to exercise one of these rights, please email us at email@example.com. You also have the right to lodge a complaint to your local data protection authority. Further information about how to contact your local data protection authority is available at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
Transfers of Personal Data
If you are located in the EU, Switzerland, or the UK, the Personal Data we collect may be stored and processed in any country in which we or our affiliates, suppliers, third party electronic payment processors, and/or agents maintain facilities, including, without limitation, the United States of America. The United States of America has not sought nor received a finding of “adequacy” from the EU, Switzerland, or the UK. We rely on appropriate safeguards and derogations for specific situations as set forth in applicable laws to protect Personal Data transferred from the EU, Switzerland, or the UK to third countries and international organizations.
Obligations to Data Protection Authorities (DPAs)
We will respond diligently and appropriately to requests from DPAs about this policy or compliance with applicable data protection privacy laws and regulations. We will, upon request, provide DPAs with names and contact details of the individuals designated to handle this process. With regard to transfers of Personal Data, we will (1) cooperate with inquiries from the DPA responsible for the entity exporting the data and (2) respect its decisions, consistent with applicable law and due process rights. With regard to transfers of data to third parties, we will comply with DPAs’ decisions relating to it and cooperate with all DPAs in accordance with applicable legislation.