LAST UPDATED ON: 21st June 2022
This Privacy Policy (“Privacy Policy”) is made and entered into by and between EdVanna (“EdVanna”, “we”, “us”, or “our”), a company registered in the United States and having its registered office and principal business address at United States. Any person who accesses and uses the Platform, by checking a box marked ‘I Agree’ has agreed to this Privacy Policy.
The processing of personal data, such as the name, address, GPS location information, e-mail address, or telephone number of a data subject shall always be in line with the California Consumer Privacy Act (CCPA) and in accordance with the country-specific data protection regulations applicable to us. Utilizing this data protection declaration, we would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed through this data protection declaration, of the rights to which they are entitled.
Please read our Privacy Policy carefully. If you do not agree with our Privacy Policy, you must stop using or accessing the Platform immediately. By accessing and /or using our Platform, or by checking a box marked ‘I Agree’, you agree to be bound by our Privacy Policy. Use of our Platform is also subject to additional terms, conditions, and policies that we separately post on our Platform or provide to you.
Terms not defined in this Agreement shall have the same meaning as assigned in the Terms and Conditions published on the Platform.
We collect personal data from you when you provide it to us directly and through your use of the Platform. This information may include:
Information you provide to us when you use our Platform (e.g. your name, phone number, address, email, education qualification, work experience, school name and grade or class, and any information which you add to your Account);
Transaction and billing information, if you make any purchases from us by using our Platform (e.g. credit/debit card details and delivery information);
Records of your interactions with us (e.g. if you contact our customer service team, interact with us on social media);
Information you provide us when you enter a competition or participate in a survey;
Information collected automatically, using cookies and other tracking technologies (e.g. which pages you viewed and whether you clicked on a link in one of our email updates). We may also collect information about the device you use to access our Platform; and
Other information necessary to provide the Platform, for example we may access your location if you give us your consent.
Depending on how you use our Platform, your interactions with us, and the permissions you give us, the purposes for which we use your personal data include:
To verify your Account using the information you provide to us;
To verify if Instructors are qualified for imparting knowledge to Learners and associated issues;
To provide proper services and maintain your Account;
To manage and respond to any queries or complaints to our customer service team;
To personalise the Platform to you and show you content we think you will be most interested in, based on your Account information, your purchase history, and your browsing activity;
To improve and maintain the Platform and monitor its usage;
For market research, e.g. we may contact you for feedback about our Platform Services;
To send you service-related messages, promotions, newsletters and show you targeted advertising, where we have your consent or are otherwise permitted to do so;
To provide you discount codes;
To know your location;
For analytics purposes;
For security purposes, to investigate fraud and where necessary to protect ourselves and third parties; or
To comply with our legal and regulatory obligations.
We rely on the following legal basis, under data protection law, to process your personal data:
Because the processing is necessary to perform a contract with you or take steps prior to entering into a contract with you (e.g. where you have made a purchase with us, we use your personal data to process the payment and fulfil your order);
Because we have obtained your consent (e.g. where you contact us with a query, where you add optional information to your account profile, or if you consent to receive marketing from us); and
We use information about you to tailor your view of the Platform, to make it more interesting and relevant in respect of the products and offers on view.
Depending upon your preferences for Platform Services, we may use your personal data to send you marketing messages by email, phone, or post. Some of these messages may be tailored to you, based on your previous browsing or purchase activity, and other information we hold about you.
If you no longer want to receive marketing communications from us, you can change your preferences at any time by contacting us (details below), clicking on the ‘unsubscribe’ link in any email, or updating your settings in your Account. If you unsubscribe from marketing, please note we may still contact you with service messages from time to time (e.g. order and delivery confirmations, and information about your legal rights).
You may also see ads for our Platform on third party websites, including on social media. These ads may be tailored to you using cookies (which track your web activity, so enable us to serve ads to customers who have visited our Platform). Where you see an ad on social media, this may be because we have engaged the social network to show ads to our customers, or users who match the demographic profile of our customers. In some cases, this may involve sharing your email address with the social network. If you no longer want to see tailored ads you can change your cookie and privacy settings on your browser and these third-party websites.
We share customers’ personal data with third parties in the following circumstances:
With other companies as necessary to operate the Platform;
With our suppliers and service providers working for us, e.g. payment processors and delivery companies;
With our professional and legal advisors;
With third parties engaged in fraud prevention and detection;
With law enforcement or other governmental authorities, e.g. to report a fraud or in response to a lawful request; or
If we sell any business assets, the personal data of our customers may be disclosed to a potential buyer. In this event, we will make reasonable attempts to ensure the buyer will be bound by the terms of this Privacy Policy. Otherwise, where we have your consent or are otherwise legally permitted to do so.
We will keep your personal data for as long as you are active on the Platform, and so this period will vary depending on your interactions with us. After the deletion of your Account, your personal data will be available with us for the next 6 months. For example, where you have made a purchase with us, we will keep a record of your purchase for the period necessary for invoicing, tax and warranty purposes. We may also keep a record of correspondence with you (for example if you have made a complaint about a service) for as long as is necessary to protect us from a legal claim. Where we no longer have a need to keep your information, we will delete it. Please note that where you unsubscribe from our marketing communications, we will keep a record of your email address to ensure we do not send you marketing emails in future.
On the Platform, the controller has integrated components of the enterprise Facebook. Facebook is a social network.
A social network is a place for social meetings on the Internet, an online community, which usually allows users to communicate with each other and interact in a virtual space. A social network may serve as a platform for the exchange of opinions and experiences or enable the Internet community to provide personal or business-related information. Facebook allows social network users to include the creation of private profiles, upload photos, and network through friend requests.
The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, United States. If a person lives outside of the United States or Canada, the controller is the Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
With each call-up to one of the individual pages of this Platform, which is operated by the controller and into which a Facebook component (Facebook plug-ins) was integrated, the web browser on the information technology system of the data subject is automatically prompted to download display of the corresponding Facebook component from Facebook through the Facebook component. An overview of all the Facebook Plug-ins may be accessed under here. During the course of this technical procedure, Facebook is made aware of what specific sub-site of our Platform was visited by the data subject.
If the data subject is logged in at the same time on Facebook, Facebook detects with every call-up to our Platform by the data subject—and for the entire duration of their stay on our Website—which specific sub-site of our Internet page was visited by the data subject. This information is collected through the Facebook component and associated with the respective Facebook account of the data subject. If the data subject clicks on one of the Facebook buttons integrated into our Site, e.g. the “Like” button, or if the data subject submits a comment, then Facebook matches this information with the personal Facebook user account of the data subject and stores the personal data.
Facebook always receives, through the Facebook component, information about a visit to our Platform by the data subject, whenever the data subject is logged in at the same time on Facebook during the time of the call-up to our Platform. This occurs regardless of whether the data subject clicks on the Facebook component or not. If such a transmission of information to Facebook is not desirable for the data subject, then he or she may prevent this by logging off from their Facebook account before a call-up to our Platform is made.
The data protection guideline published by Facebook, which is available at here, provides information about the collection, processing and use of personal data by Facebook. In addition, it is explained there what setting options Facebook offers to protect the privacy of the data subject. In addition, different configuration options are made available to allow the elimination of data transmission to Facebook, e.g. the Facebook blocker of the provider Webgraph, which may be obtained under http://webgraph.com/resources/facebookblocker/. These applications may be used by the data subject to eliminate a data transmission to Facebook.
We use the “visitor action pixels” from Facebook Inc (1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”)) on our Platform. This allows user behavior to be tracked after they have been redirected to the provider’s website by clicking on a Facebook ad. This enables us to measure the effectiveness of Facebook ads for statistical and market research purposes. The data collected in this way is anonymous to us, i.e. we do not see the personal data of individual users. However, this data is stored and processed by Facebook, which is why we are informing you, based on our knowledge of the situation. Facebook may link this information to your Facebook account and also use it for its own promotional purposes, in accordance with Facebook’s Data Usage Policy which can be found at here. You can allow Facebook and its partners to place ads on and off Facebook. A cookie may also be stored on your computer for these purposes. The legal basis for the use of this service is Art. 6 paragraph 1 sentence 1 letter f GDPR. You can object to the collection of your data by Facebook pixel, or to the use of your data for the purpose of displaying Facebook ads by contacting the following address. Facebook is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation
On this Platform, the controller has integrated the component of Google Analytics (with the anonymiser function). Google Analytics is a web analytics service. Web analytics is the collection, gathering, and analysis of data about the behaviour of visitors to websites. A web analysis service collects, inter alia, data about the website from which a person has come (the so-called referrer), which sub-pages were visited, or how often and for what duration a sub-page was viewed. Web analytics are mainly used for the optimisation of a website and in order to carry out a cost-benefit analysis of Internet advertising.
The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.
For the web analytics through Google Analytics the controller uses the application “_gat._anonymizeIp”. By means of this application the IP address of the Internet connection of the data subject is abridged by Google and anonymised when accessing our Platform from a Member State of the European Union or another Contracting State to the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyse the traffic on our Site. Google uses the collected data and information, among other things, to evaluate the use of our Platform and to provide online reports, which show the activities on our Platform, and to provide other services concerning the use of our Internet site for us.
Google Analytics places a cookie on the information technology system of the data subject. The definition of cookies is explained above. With the setting of the cookie, Google is enabled to analyse the use of our Platform. With each call-up to one of the individual pages of this Internet site, which is operated by the controller and into which a Google Analytics component was integrated, the Internet browser on the information technology system of the data subject will automatically submit data through the Google Analytics component for the purpose of online advertising and the settlement of commissions to Google. During the course of this technical procedure, the enterprise Google gains knowledge of personal information, such as the IP address of the data subject, which serves Google, inter alia, to understand the origin of visitors and clicks, and subsequently create commission settlements.
The cookie is used to store personal information, such as the access time, the location from which the access was made, and the frequency of visits of our Site by the data subject. With each visit to our Internet site, such personal data, including the IP address of the Internet access used by the data subject, will be transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may pass these personal data collected through the technical procedure to third parties.
The data subject may, as stated above, prevent the setting of cookies through our Platform at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such an adjustment to the Internet browser used would also prevent Google Analytics from setting a cookie on the information technology system of the data subject. In addition, cookies already in use by Google Analytics may be deleted at any time via a web browser or other software programs.
In addition, the data subject has the possibility of objecting to a collection of data that are generated by Google Analytics, which is related to the use of this Platform, as well as the processing of this data by Google and the chance to preclude any such. For this purpose, the data subject must download a browser add-on under the link and install it. This browser add-on tells Google Analytics through a JavaScript that any data and information about the visits of Platform may not be transmitted to Google Analytics. The installation of the browser add-ons is considered an objection by Google. If the information technology system of the data subject is later deleted, formatted, or newly installed, then the data subject must reinstall the browser add-ons to disable Google Analytics. If the browser add-on was uninstalled by the data subject or any other person who is attributable to their sphere of competence or is disabled, it is possible to execute the reinstallation or reactivation of the browser add-ons.
Further information and the applicable data protection provisions of Google may be retrieved under here and under here. Google Analytics is further explained under the following link.
On this Site, the owner has used Razorpay as an online service provider. Payments are processed via Razorpay and the data is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS) when processing payment.
The operator of the Razorpay component is Razorpay Software Private Limited, No. 22, 1st Floor, SJR Cyber, Laskar - Hosur Road, Adugodi, Bangalore.
If the data subject chooses “Razorpay” as the payment option in the online shop during the ordering process, we automatically transmit the data of the data subject to Razorpay. By selecting this payment option, the data subject agrees to the transfer of personal data required for payment processing.
The personal data transmitted to Razorpay is usually first name, last name, address, email address, IP address, telephone number, mobile phone number, or other data necessary for payment processing. The processing of the purchase contract also requires such personal data, which are in connection with the respective order.
The transmission of the data is aimed at payment processing and fraud prevention. The controller will transfer personal data to Razorpay, in particular, if a legitimate interest in the transmission is given. The personal data exchanged between Razorpay and the controller for the processing of the data will be transmitted by
Razorpay to economic credit agencies. This transmission is intended for identity and creditworthiness checks.
Razorpay will, if necessary, pass on personal data to affiliates and service providers or subcontractors to the extent that this is necessary to fulfil contractual obligations or for data to be processed in the order.
The data subject has the possibility to revoke consent for the handling of personal data at any time from Razorpay. A revocation shall not have any effect on personal data which must be processed, used or transmitted in accordance with (contractual) payment processing.
The applicable data protection provisions of Razorpay may be retrieved under here
This Website ensures that data is encrypted when leaving the Website. This process involves the converting of information or data into a code to prevent unauthorised access. This Website follows this process and employs secure methods to ensure the protection of all credit and debit card transactions. Encryption methods such as SSL are utilised to protect customer data when in transit to and from this Site over a secure communications channel.
Whilst we do everything within our power to ensure that personal data is protected at all times from our Site, we cannot guarantee the security and integrity of the information that has been transmitted to our Site.
Our Site is not intended for, and should not be used by, children under the age of eighteen (18). We do not knowingly collect personal data from children under eighteen (18). Please make sure that you do not give permission to access and use the Platform to minors under the age of eighteen (18). Please note that we cannot know if a User of the Platform is of age of majority. Therefore, we shall not be responsible for any damages or disputes that may arise in this regard. We recommend you to monitor the access and use of the Platform whilst being used by your minor wards.
We use cookies. Cookies are text files that are stored in a computer system via an Internet browser.
Many Internet sites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a character string through which Website and servers can be assigned to the specific Internet browser in which the cookie was stored. This allows visited Internet sites and servers to differentiate the individual browser of the data subject from other Internet browsers that contain other cookies. A specific Internet browser can be recognised and identified using the unique cookie ID.
Through the use of cookies, EdVanna can provide the Users of our Platform with more user-friendly services that would not be possible without the cookie setting. We can manage sessions and there would be personalized services.
By means of a cookie, the information and offers on our Platform can be optimised with the User in mind. Cookies allow us, as previously mentioned, to recognise our Platform users. The purpose of this recognition is to make it easier for users to utilise our Platform. The User who uses cookies, e.g. does not have to enter access data each time the Platform is accessed, because this is taken over by the Platform, and the cookie is thus stored on the User’s computer system. Another example is the cookie of a shopping cart in an online shop. The online store remembers the articles that a customer has placed in the virtual shopping cart via a cookie.
The data subject may, at any time, prevent the setting of cookies through our Website employing a corresponding setting of the Internet browser used, and may thus permanently deny the setting of cookies. Furthermore, already set cookies may be deleted at any time via an Internet browser or other software programs. This is possible in all popular Internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our Platform may be entirely usable.
We use Session cookies, also known as 'temporary cookies', which help websites recognize users and the information provided when they navigate through a website. Session cookies only retain information about a User's activities for as long as they are on the website. Once the web browser is closed, the cookies are deleted.
If you are a consumer under the California Consumer Protection Act you have certain rights in respect of your personal data, including the right to access, portability, non-discrimination, correct and request the erasure of your personal data.
RIGHT TO ACCESS
You have the right to request FitHub to disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive your verifiable request, we will disclose to you:
The categories of personal information we collected about you.
The categories of sources for the personal information we collected about you.
Our business or commercial purpose for collecting or selling that personal information.
The specific pieces of personal information we collected about you
If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
Sales, identifying the personal information that each category of recipient purchased; and
Disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
RIGHT TO NON-DISCRIMINATION
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
Deny you goods or services;
Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
Provide you a different level or quality of goods or services;
Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services;
However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels.
RIGHT OF ERASURE OR DELETION
You have the right to request EdVanna to delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
Debug products to identify and repair errors that impair existing intended functionality;
Exercise free speech ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law;
Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.);
Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent;
Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
Comply with a legal obligation; or
Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
VERIFIABLE CUSTOMER REQUEST
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:
Contacting us via: [email protected]
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative; and
Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
You also have the right to object to your personal data being used for certain purposes, including to send you marketing. See ‘Marketing’ clause, for more details of how to opt-out of marketing.
We will comply with any requests to exercise your rights in accordance with applicable law. Please be aware, however, that there are a number of limitations to these rights, and there may be circumstances where we are not able to comply with your request. To make any requests regarding your personal data, or if you have any questions or concerns regarding your personal data, you should contact us using the details below. You are also entitled to contact your local supervisory authority for data protection.
The criteria used to determine the period of storage of personal data is the respective statutory retention period. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfilment of the contract, the initiation of a contract or for any other purpose under law.
We clarify that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual provisions (e.g. information on the contractual partner). Sometimes it may be necessary to conclude a contract that the data subject provides us with personal data, which must subsequently be processed by us. The data subject is, for example, obliged to provide us with personal data when our company signs a contract with him or her. The non-provision of the personal data would have the consequence that the contract with the data subject could not be concluded. Before personal data is provided by the data subject, the data subject must contact our Data Protection Officer. Our Data Protection Officer clarifies to the data subject whether
the provision of the personal data is required by law, contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and the consequences of non-provision of the personal data.
If you have any questions about this Privacy Policy, feel free to contact EdVanna at [email protected].
You acknowledge that you have read, understood, and accepted to be bound by this Code of Conduct.
Effective as of June 21, 2022.