FAMILY ZONE CUSTOMER POLICIES

INTRODUCTION
Our agreement
Information and ownership
End Users and consent
PRIVACY & SCHOOLS
For schools in the United States
For schools in the United Kingdom and European Union
Other specific terms for schools
PRIVACY & PERSONAL ACCOUNTS
THE INFORMATION WE COLLECT
Account and user related information
Cyber Safety Data
System related information and analytics
Messaging
Privacy & Mobile Device Management
Purposes for processing your data
HOW WE SHARE YOUR INFORMATION
How we share your information
International Privacy
HOW WE SECURE YOUR INFORMATION
Information Storage
Our Security Procedures
Your Security Procedures
How Long We Keep Information
YOUR RIGHTS
Access
Rectification
Erasure
Restriction
Portability
Objection
Withdrawal of consent
Complaints to the regulator
DATA BREACHES
ADVERTISING TO MINORS
COMMUNICATIONS
THIRD PARTY ADVERTISING
SPAM
Cookies And Tracking Technologies
LAW ENFORCEMENT REQUESTS
DISCLOSURES OF HARM
NOTICE TO END USERS
PRIVACY POLICY FOR CHILDREN
CHANGES TO OUR CUSTOMER POLICIES

ABRIDGED PRIVACY POLICY FOR PERSONAL ACCOUNTS

Our Privacy Policy describes how we collect, store, use and distribute information. We also set out your options which include how you can avoid capture of certain information and how you can access and update certain information.
Your privacy is of critical importance to us. We collect and use data strictly in accordance with best practices and relevant laws. We collect the minimum information necessary and retain your data only for as long as is necessary to provide our services, or until you tell us to delete it. Your data is never sold or given to Third Parties.
If you do not agree with our policy, please do not access, or use our products.
We collect data from account holders
So we can verify you and set up your account, we need some information about you and your family.

    • Your name, email address or mobile telephone number: Used to verify you and send account communications
    • Your child’s name (optional), date of birth, avatar (optional) and time zone: Used to personalise settings for your children
    • Delivery details and payment method: Used where we are required to deliver you a physical item or take a payment from you. We do not store these details against your account.

We collect data associated with the use of children’s devices
So we can provide the services you request, our products capture information relating to device activity. You can opt-out at any time.

  • Location: If you have enabled location, we collect location data using APIs provided by Google and Apple.
  • Locale: Allows us to send any necessary service messages in the correct language.
  • Requests: These are logs of requests from your user’s for changes in service settings.
  • Internet Usage: Used to provide Parents with the ability to monitor and control internet access.

We collect data using MDM
Some of our products use Mobile Device Management (MDM) functions. These are tools provided by operating system providers (such as Apple) which allow remote access to devices to monitor and control the functions available on them. You can opt-out of the use of MDM however our services will be affected.

  • Device Identifier (UDID): Used so we can ensure a parent’s chosen settings apply to a specific device.
  • Device details: Such as OS Version, Build Version, Supervision Status, Device Name, Device Make, Model Code & Product Name: Used to assist parents identify devices paired to their account and for our support actions.
  • Installed Apps: Used to provide parents the ability to see what Apps are installed on their child’s devices.

Our Privacy and Data Protection Officer can be contacted at privacy@familyzone.com.
Our full Privacy Policy is available at www.familyzone.com/privacy.

PRIVACY POLICY

INTRODUCTION

Our agreement
Our business involves advertising, marketing and the provision of online safety technology, content and advice (our “products”) to you (the” account holder”) and the persons associated with your account (the “end-users”). We provide products under an agreement with you (the “Customer Terms” which is accessible on our website) and our Customer Policies, which include this Privacy Policy.

Our Privacy Policy is an agreement between you, the account holder and the owner of your information and us. If your account was created and/or paid for by another party (such as a school) then you are still the account holder and these arrangements are between you and us.

Our Privacy Policy applies whether you have purchased products from us directly or through resellers and if you download and use our products.

In addition to this Privacy Policy we comply with relevant privacy and data protection regulations across the world and we voluntarily sign-up to various pledges, data protection agreements and the like. These are outlined below.
If you do not accept our privacy policy then you should not use our products.

Information and ownership
In the course of our business we may collect information from and about you, your end-users and the use of our products.

This Privacy Policy describes how we collect, store, use and distribute this information. It also sets out your options which include how you can avoid capture of certain information and how you can access and update certain information.

Your privacy is of critical importance to us. We collect and use data strictly in accordance with best practices and relevant laws. We collect the minimum information necessary and retain your data only for as long as is necessary to provide our products, or until you tell us to delete it. Your data is never sold to third parties.

With respect the information we collect, generally speaking:

  • Data that relates to or identifies you or your end-users is owned by you;
  • User content such as content submitted by you into forms or surveys is owned by you;
  • Data associated with your use of our products is owned by us; and
  • Data which cannot reasonably be attributed to you or an end-user (through de-identification) is owned by us.

You have the right to know what we collect and have collected about you. You have the right to opt-out of providing us information and you have the right to request its removal. We may however not be able to provide you with our products in these circumstances.

End Users and consent
Our products may be used by you to monitor and filter the activity of End Users such as students (at a school), your children, guests on your network, your staff or you.

We provide our products to you under our agreement with you. You are responsible for informing your End Users and obtaining necessary consents from them or their parents/guardians with respect to the application of our products and with respect to our collection, use and disclosure of information associated with them in accordance with this Privacy Policy.

PRIVACY & SCHOOLS

In providing our products to school clients we will collect personally identifiable information with respect to students, their parents and guardians and school staff (“School Data”).
We appreciate that schools have unique circumstances and specific obligations with respect to privacy and in particular in relation to information associated with students.
If you are a school account holder, this section applies to you.

For schools in the United States

Our role in USA schools
As a provider of cyber safety products to schools in the United States we act as a school official, operating under your direction and control. In this capacity, we have a legitimate educational interest in the collection, use, disclosure, and retention of information with respect to your students and staff.

Regulations & Pledges
We are committed to complying with the Family Education Rights and Privacy Act (“FERPA”), the Children’s Online Privacy Protection Act (“COPPA”) and the UK/EU General Data Protection Regulations (“GDPR”) in all applicable respects with regards to the collection, use, disclosure, and retention of School PII.
We have also taken the Student Privacy Pledge introduced by the Future of Privacy Forum (FPF) and The Software & Information Industry Association (SIIA).

For Schools in New York
We confirm that we comply with the applicable state law and regulations, including Education Law section 2-d and its implementing regulations at Part 121, and the “bill of rights” required therein. We will train all employees with access to your data on the requirements of state and federal law governing the confidentiality of such data. We will require all subcontractors to comply with the terms of this Privacy Policy, including its terms on data breach.

For Schools in California
Our Agreement and this Privacy Policy meet the requirements under California Education Code § 49073.1 and all other applicable state privacy laws.

For schools in the United Kingdom and European Union

Our role in UK and EU schools
For customers within the United Kingdom and the European Union, with respect to the GDPR, we act in the capacity of a data processor and you are the data controller with respect to any data captured, used and disclosed by us. These terms are defined in GDPR.

Other specific terms for schools

Consents from parents, students and staff
On your behalf we monitor, filter activity and capture, use and disclose School Data with respect to your End Users. We require you to obtain and maintain all necessary consents from these parties, in accordance with your local regulations (e.g. as required by COPPA in the US).

Extended data storage
By default, we store school Cyber Safety Data for 12 months however you may request us to extend that period. Where you do so, and where we can do so, then you acknowledge that you are responsible and agree to indemnify us and hold us harmless whatsoever, for any implications under relevant privacy laws in relation to the duration of storage of personally identifiable information; and you undertake to reflect your policy with respect to the duration of storage of personally identifiable information in your privacy policy and to communicate this to your End Users and their parents.

Safety & security incidents
You may subscribe to advanced cyber safety and security technology from us which monitors end-user activity for the purpose of identifying or recording concerning activity. You are responsible for the efficacy and disclosure of your use of such services to affected parties. Information collected by us using these advanced services is treated as Cyber Safety Data in accordance with this privacy policy. Where disclosures of harm are identified our End User Policy applies.

Marketing to Parents and Children
We will not directly market our products or offers to parents/guardians associated with your end-users without your permission unless we have permission from them or another legitimate source. We will not knowingly market to students or engage in targeted advertising. We will also not engage in targeted advertising on any site based on information we receive through our agreement. We will not use information gathered through our agreement to amass a profile about a student except in furtherance of the purposes of our agreement with you.

Review, Correction or Removal of Data
We only accept requests to review, change or remove School Data from our main contacts with you and your identified administrators. Parents or legal guardians who request changes to or removal of School Data should go through you.

School Community Products
Our products permit you to refer parents / guardians to us to create personal accounts with us. When doing so, you are obliged to have or obtain consent from them before taking this action.
Our products provide you and the parents/guardians of your students to share information on school calendars and student use of and access to the internet and devices. We call this the School Community feature. Such data is considered by us Cyber Safety Data and is subject to our privacy policy.

For the purpose of clarity, Cyber Safety Data collected during the application of school policies is owned by the school (not the associated parent) and is subject to our agreement with you.
Sharing of safety data is subject to an opt-in by each party, which can be revoked at any time.

Messaging Services for Schools
Our products permit the exchange of messages between End Users eg between teachers and students. Messaging services are provided under our arrangement with you (the “account holder”). You are required to obtain and maintain required parental/guardian consent.

Unless agreed with you otherwise:

  • Users cannot delete messaging content. We will retain messaging content under the same arrangements agreed with you for Cyber Safety Data or otherwise as agreed with you or until you ask us to delete it.
  • Messaging content exchanged between students and teachers is private to the student and you. We will not share it with other End Users or other parties (eg parents) unless permitted by you.

PRIVACY & PERSONAL ACCOUNTS

In providing our products to parents & guardians (personal accounts) we will collect personally identifiable information with respect to account holders and End Users being users of devices or home networks where our products are installed.

If you are a personal account holder, this section applies to you.

End User Consent
We provide our products under our agreements with you, the account holder. You are responsible for obtaining consent for relevant End Users for our products to operate and their Cyber Safety Data to be captured, used and shared in accordance with this Privacy Policy.

Our role under GDPR
For the purpose of clarity, under GDPR we act as a “data controller” with respect to delivery of products to parents. In this capacity, we have a legitimate interest in the collection, use, disclosure, and retention of information with respect to your family.

Data requests
We only accept requests to review, change or remove data from authorised account holders. This includes any user on your account with a “Parent” role. You should be careful when assigning parent roles.

School community
Our products permit parents and schools to collaborate and share information with respect to student activity. We call this the School Community feature. Such data is considered by us Cyber Safety Data and is subject to our privacy policy.
For the purpose of clarity, Cyber Safety Data collected during the application of parent policies is owned by the parent (not the school) and is subject to our agreement with you.
Sharing of safety data is subject to an opt-in by each party, which can be revoked at any time.

Disclosures of harm
Our products may from time to time identify concerning activity. Where disclosures of harm are identified our End User Policy applies.

THE INFORMATION WE COLLECT

Account and user related information

Contacts: When you sign-up we will ask for information to establish an account including your name and contact details. If you are a company or business, we will ask you for your business and tax registration details.
Addresses: We do not typically seek your address however we may if you order a physical product; if you request on-site support; if we need to communicate to you in writing or if our payment provider requires your address, post code or zip for verification purposes.
Payment Method: If you are paying us via electronic funds transfer, we will require a payment method (such as a credit card). We do not store this information. We will pass you to a compliant payment gateway.
Timezone: When you sign up we will capture your time zone. If we can, we will estimate this through geo-IP (through your internet session). We need a timezone to enable us to pre-configure our Products for you and for your account to function.
Support: When you use our support channels we will capture the information you share with us through emails, support tickets, over the telephone or in online chat services.
Admin users: When you sign up we will create an administrative user for your account. You may create additional administrative users. We will require their name and security information such as a password and PIN.
End Users: End Users are those persons that are affected by our products (e.g. authentication, filtering, device management). End Users may be students (at a school), your children, guests on your network, your staff or you.

  • Consumer accounts: When parents or guardians register End Users we will ask you for their name and date of birth. Date of birth helps us pre-configure settings for them. We ask for additional optional information so you can access optional features such as a security PIN (for device borrowing) and the name of the school they attend (for school community collaboration). When devices such as tablets and personal computers connect to our products we will ask for them to be registered along with device name, type and End User. In some of our products you may be permitted to add pictures for your End Users. This is optional and you may remove them.
  • School accounts: Where school institutions register End Users we will also ask for information about their role in the school, groups they are part of (e.g. class), classroom schedules and for identifiers such as student IDs or email address. If the school uses third party authentication services such as Google for Education then we will also capture identifiers to permit us to interact with those services but strictly only for the purposes of supporting your requirements.

Credit Information: If you are a company or an unincorporated organisation we may complete a credit review on you and source information available publicly or properly available for such purposes from credit reporting, law enforcement or government agencies.
Resellers: We provide our products through resellers such as telecommunications companies and technology vendors. If you have purchased our products through a reseller then they may pass to us your account set up information and in some circumstances End User and device registration information. We require our resellers to have authorisation from you before doing so.
School communities: We work with schools and businesses to provide cyber safety products to them and their communities. These organisations may refer us to parents/guardians or refer parents/guardians to us by providing us with relevant contact & student details. We require these parties to confirm to us that they have permission or a right under law to do this.
Submissions: We may provide opportunities for you or your end-users to post submissions in a forum, comments in a blog, or to complete surveys and forms. These services are inherently public, and we are not responsible for what is submitted or any third-party use of what has been submitted.
Sensitive Information: Unless permitted by law and requested by you or required by law, we will not deliberately record or use sensitive information. For the purpose of this policy sensitive information means information or an opinion about an individual’s racial or ethnic origin; political opinion; membership of a political association; religious beliefs or affiliations; philosophical beliefs; membership of a professional or trade association; membership of a trade union; sexual preferences or practices; or criminal record.

Cyber Safety Data
Our products enable you to monitor and control the use of the internet and devices by End Users. This includes use of networks and devices not owned by you. Our products necessarily capture usage and device information. We call this Cyber Safety Data and it may include:

  • Internet Usage: Use of the internet including online search terms, sites visited and blocked and related meta-data such as device, protocol, website, location, time and date.
  • Mobile Apps: Use of applications, including what applications are installed or attempted to be installed, are used and for how long, are blocked or permitted to be used and related information such as device details, time and date.
  • Device Location: Geo-location information derived from GPS services available on smart devices.
  • Events: Actions taken or patterns of actions which are indicative of behaviour. For example, if an End User installs or deletes an App. Such actions can be logged by us and made available to you.
  • Incidents: Records of identified incidents detected by our products or recorded by you or your end-users.
  • Calendars: Records of school and student schedules collected to support teachers to manage classroom activity.

System related information and analytics

Diagnostic Information: Our products log system level activities. We capture this information for quality assurance purposes only. It is stored for a short period of time.
Transactional records: Our products log certain transactions for the purpose of notifying and reporting system events. For example, where a device connects to your network or an End User seeks to borrow a device. Transactional data is required for the function of our products.
Web Analytics: Like most organisations, we use automatic data collection technology (such as Google Analytics) when you visit our websites. We may collect information such as your IP address, Internet service provider, browser type, operating system and language, referring and exit pages and URLs, date and time, amount of time spent on particular pages, what sections of the website you visit, number of links you click while on the website, search terms, and other data. This information is collected automatically and pseudonymised. By accessing and using our website, you consent to the processing of this data by our analytics partners in the manner and for the purposes set out in this policy. Analytics are collected through services we obtain from third party providers, such as Google. Where possible we will provide at familyzone.com/tracking details of our providers and guidance on how to opt-out from data collection.
Cookies and other Tracking Technologies: We and our advertising and analytics partners, use cookies and other tracking technologies (e.g., web beacons, device identifiers and pixels) to provide functionality and to recognise you across different services and devices. We will not use them to market third party products or to gather information on you or your End Users to sell to others. For more information, please see our Cookies and Tracking Notice below or visit familyzone.com/tracking.
Third party authentication services: For your convenience we may offer you the ability to sign-in to our products using third party authentication services provided by organisations such as Google and Facebook. Where you choose such services, we will exchange authentication information with them such as your email address. You will be required to accept their terms of use and policies with respect to the exchange of information. We only use these services for the purpose of authentication. You may disable authentication services at any time through your account.

Messaging

We may make available to you services which permit the exchange of messages between End Users. Such messaging services are provided to and under our arrangements with you (the account holder). These arrangements include terms for whom can interact and the monitoring and retaining of message content. We are not responsible for the content submitted.
If an End User on your account is enrolled in a school institution that is a client of ours then their messaging services will be managed under our agreement with that school institution.

Privacy & Mobile Device Management

We use Mobile Device Management (‘MDM’) in some of our products. MDM is a powerful tool which allows remote access to devices to monitor and control the functions available on them.
We use MDM for specific and limited purposes in the delivery of products to parents and schools (collectively ‘you’, ‘your’). We only ever use MDM for the purposes of providing the products requested by you which may be:

  • Scanning devices for new Apps so we can notify you;
  • Enabling or disabling access to device features such as the camera; screenshots; access to adult content and so on; and
  • Delivering a VPN profile to enable our web filtering services.

Account holders may disable any or all of these functions individually within their account or on the relevant device.
Unless required by law or with your express consent, we will never sell or disclose any data collected by MDM to any third party.

Purposes for processing your data

The table set out below identifies the data we collect, the purpose for which it is collected and our basis for doing so.

Purpose Data Collected Legitimate interest or basis for doing so
To register you as a new customer, bill you and support your use of our services Contacts, Addresses, Timezone, Payment Method So we can perform in our agreement with you.
To communicate with or seek feedback from you with respect to our services and policies Contacts, Addresses, Submissions, Support So we can perform in our agreement with you.
So we can comply with relevant legal obligations (eg notifications).
So we can keep our records updated and to monitor and improve our services.
To deliver, support, secure and administer our services Contacts, Addresses, Timezone, Support, Admin user, End user, Cyber safety data, Diagnostic information, Web Analytics, Cookies and other Tracking Technologies, Third party authentication services. So we can deliver services in accordance with our agreement with you.
So we can comply with relevant legal obligations (eg data and security).
To provide a website which provides information on our services Web Analytics, Cookies and other Tracking Technologies So we can analyse our website activity to tailor it to what is of more interest to users. Because you consent to us capturing this.
To notify you of changes to and new services that may be of interest to you Contacts, Cyber safety data
Web Analytics, Cookies and other Tracking Technologies
So we can deliver services in accordance with our agreement with you, improve our services, offerings and relationship with you. Because you consent to us doing this.
To assess your creditworthiness Credit Information So we can assess whether we may offer you commercial credit.

HOW WE SHARE YOUR INFORMATION

How we share your information
In order to deliver to you the services requested and for us to meet our obligations we may from time to time share your information with others as described below.
Related companies: As a global company we have a number of corporate entities. We may need to share your information among these related companies. We will do so only to support your use of our products. All of our corporate entities and staff operate under our internal policies, procedures and standards which enforce the level of protection for your data reflected in this policy.
Service partners: You may request products that require us to direct you to third party providers such as cyber safety experts and providers of technology and equipment. If so, we will need to share relevant information with them. We only work with reputable organisations and when we partner with them, we subject them to checks which require them to have appropriate standards in place to manage your data. We encourage you to read their privacy policies and ensure you are fully informed.
Operational service providers: We work with third-party service providers to provide website and application development, hosting, maintenance, backup, storage, virtual infrastructure, payment processing, analysis, customer, technical and sales support services. If a service provider needs to access information about you to perform services on our behalf, they do so under instruction from us, including abiding by policies and procedures designed to protect your information.
Resellers: We provide our products through third party resellers such as telecommunications companies and technology vendors. If you have purchased our products through a reseller then we will exchange information with them for the purpose of setting up your account, billing you and other operational purposes.
App stores: Where you acquire or download our products from app stores (e.g. Google Play, Google Web Store or Apple App Store) we will exchange limited information with them to support the app, extension or application’s installation, update, support and operation. You will be required to agree terms including privacy terms with the relevant store or marketplace owner. The information you share with them is governed by their privacy policies, not ours.
Authentication providers: If you have enabled a “sign in with” service (e.g. through Google or Facebook) then we will exchange authentication information with them such as end-user name and email address. You and your end-users will be required to accept their terms of use and policies with respect to the exchange of information.
Learning system providers: If you have subscribed to learning services provided by us then we will exchange limited information with our chosen learning management system such as end-user name, email address and group (eg class).
Third party widgets: We may present you with social media widgets such as Facebook “like” or Twitter “tweet” buttons. We will not knowingly present these to minors. These widgets capture your IP address, the page you are visiting, and may set a cookie to enable the feature to function properly. Your interactions with these widgets is governed by the privacy policy of the company providing it.
Third party sites: Our products may contain links to websites owned or operated by third parties. Your use of sites and services and any information you submit to them is governed by their privacy policies, not ours.
Schools & parents: Where both a parent/guardian (account holder) and a school (account holder) opt-in then we will share chosen sets of Cyber Safety Data between them with respect to relevant students.
Hot-spots: When End Users connect to our networking products (e.g., access points, network gateways) an authentication process will be triggered. Device and/or authorisation tokens/certificates or a sign-in will allow our products to identify an End User (where possible). This is fundamental for the operation of our products. Once registered, devices can be recognised by participating network gateways. We may share your End Users masked names (first name and first initial of last name) and device identification information where they connect to participating networks.
Shared End Users: Should you request to share Cyber Safety Data associated with or control of an End User with another account holder then we will disclose your name to that other party. This is required to assist them to determine whether your request should be granted.
Legal reasons: We may disclose your information without your consent if we reasonably believe that doing so is necessary to:

  • satisfy any applicable law, regulation, legal process, or governmental request;
  • enforce applicable Customer Terms, including investigation of potential violations or breaches;
  • detect, prevent, or otherwise address illegal or suspected illegal activities, security or technical issues; or
  • protect against harm to the rights, property or safety of us, our users or the public as required or permitted by law.

If we share School Data pursuant to a court order or legal process, we will provide you with notice unless notice is expressly prohibited by law or court order.
Business transfer: We may share or transfer information we collect under this policy in connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our businesses to another company. You will be notified via email and/or a prominent notice if such an event takes place, as well as any choices you may have regarding your information.

International Privacy

We are a global provider. We seek to store data in the country associated with the account holder however this is not always practicable. Accordingly, we may transfer, process and store some of your information outside of your country. We will only do so for the purpose of providing you products. Whenever we transfer your information, we will take steps to protect it and we will capture, store and deal with it in accordance with this policy.
To ensure that your data is protected and transferred in a manner consistent with legal requirements:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data; and
  • Where applicable, we may use specific contracts which give personal data an appropriate level of protection;

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data.

HOW WE SECURE YOUR INFORMATION

Information Storage

We use reputable data hosting service providers (such as Google and Amazon Web Services) to host the information we collect, and we use technical measures to secure your data.
While we implement safeguards designed to protect your information, no security system is impenetrable and due to the inherent nature of the Internet, we cannot guarantee that data, during transmission through the Internet or while stored on our systems or otherwise in our care, is absolutely safe from intrusion by others. We will respond to requests about this within a reasonable timeframe.

Our Security Procedures

We take information security seriously and have a security program which includes administrative, technical, physical and managerial measures that is reasonably designed to protect the information we collect from loss, misuse and unauthorised access or disclosure. For example we:

  • Use Secure Sockets Layering to encrypt communication between us.
  • Do not store your payment information. Instead we use a third PCI-DSS compliant party payment provider.
  • Require you to provide a unique username and set a password and other security measures from time to time such as PINs.
  • Hold passwords encrypted and do not re-issue them (instead you must enter a new one).
  • De-identify your information where possible, and in particular End User records.

Your Security Procedures

We urge you to be diligent in securing your computing networks, devices, usernames and passwords. Should other parties obtain access to these or guess them (because they are too simple) then your information may be compromised.

For convenience we make certain technologies available to you to make it easier to log in to your account or be authenticated to access the network or internet. For example, cookies, remember-me and single-sign-on type technologies. If you use these technologies, then we urge you to use device PINs and to log off your device when you’re not using it.

If you intend to sell or return a device which you have used with us you should remove our application/s, log-out and clear the cache, all browsing information and cookies before doing so.
You are responsible for maintaining the confidentiality of your account access information and for restricting access to your computer or device through which an account is accessed.

How Long We Keep Information

We retain information to provide you with the services and features you have requested and to support the ongoing improvement of our products. We take steps to secure and obfuscate your identity and once it is no longer needed, to de-identify your information or delete it.
How long we keep information depends on the type of information collected.

  • We will keep information relating to you and your End Users for as long as it remains necessary for its identified purpose or as required by law, which may extend beyond the termination of our relationship with you. We retain de-identified information for as long as we consider necessary for our business purposes.
  • On cancellation of your account we will not automatically delete or de-identify the information we hold relating to you or your End Users. We need to retain some of your account information to comply with our legal obligations such as ensuring we’re capable of resolving disputes, enforcing our agreements and collecting outstanding payments.
  • There is some information we hold on you which for legal and legitimate business reasons, we will not be able to delete, even if you request us to do so. For example, under taxation laws we need to maintain a record of your account and the financial transactions we’ve completed. We have obligations to retain information to ensure we’re capable of resolving disputes, enforcing our agreements and collecting outstanding payments.
  • When we delete information, it may continue to be stored in backup archives. We will securely store such information and isolate it from any further use until deletion or de-identification is possible.
  • If an End User associated with your account is also an End User in another account (e.g. a shared parenting arrangement or school student account) then deletion in your account will not automatically delete them in the other account.
  • Our standard policy is to store Cyber Safety Data for 30 days on personal accounts and 12 months for school & business accounts. After that time related records are aggregated and de-identified. We may offer you the option to extend this storage period.
  • For the purpose of quality assurance, or due to technical limitations we may capture temporal Cyber Safety Data even when End Users have set by you to be “not tracked”. We will however purge such data as soon as practical.
  • If you acquired our services through a reseller, cancellation of your account with us and requests for us to remove records of you will not automatically remove records of you in the reseller’s platforms. This is because you were a customer of theirs.
  • If you have elected to receive marketing emails from us, we retain information about your marketing preferences unless you specifically ask us to delete such information. We retain information derived from cookies and other tracking technologies for a reasonable period of time, from the date such information was created.
  • Notwithstanding the foregoing, Personally Identifiable Information stored by us, relating to End Users under the age of 18 will be deleted in all cases (to the extent that it is reasonably and commercially possible to do so) when it is no longer needed for the purpose for which it was collected.

YOUR RIGHTS

You have a range of options available to you when it comes to your information. Below is a summary of those choices. Where you request action from us, we will respond within a reasonable timeframe.

Access

You can access and modify the information in your account at any time, this includes all data that is required to provide the services.

Rectification

You can access and modify the information in your account at any time.
Relevant browser-based cookie controls are described in our Cookies & Tracking Notice.
Some browsers have incorporated “Do Not Track” (DNT) features that can send a signal to the websites you visit indicating you do not wish to be tracked. Because there is not yet a common understanding of how to interpret the DNT signal, our Services do not currently respond to browser DNT signals. You can use the range of other tools we provide to control data collection and use, including the ability to opt out of receiving marketing from us as described above.
We offer you the ability to disable tracking of some Cyber Safety Data in your account.

Erasure

You can delete End Users from your account. Please note if the End User is also in another account (e.g. a shared parenting arrangement or school student account) then deletion in your account will not automatically delete them in the other account.

You can delete End User avatars from the product you loaded it into.
In some cases, you may ask us to stop accessing, storing, using and otherwise processing your information where you believe we don’t have the appropriate rights to do so. For example, if you believe an account was created for you without your permission or you are no longer an active user, you can request that we delete your account as provided in this policy.

You may request a deletion of information we hold on you. We will delete information where it is proper and practical to do so.

Restriction

Where you gave us consent to use your information for a limited purpose, you can contact us to withdraw that consent, but this will not affect any processing that has already taken place at the time. When you make such requests, we may need time to investigate and facilitate your request. If there is a delay or dispute as to whether we have the right to continue using your information, we will restrict any further use of your information until the request is honored or the dispute is resolved.

Portability

Data portability is the ability to obtain your information in a format you can move from one service provider to another (for instance, when you transfer your mobile phone number to another carrier). Should you request it, we will provide you with an electronic file of your account and End User information.

We will provide you with basic account level information without charge, Additional information may incur a reasonable charge. It may not be practical or proper to provide you some information (for example if fulfilling a request would reveal information about or owned by another party).

Objection

If there is a concern with regard to how we are storing, using, transferring, processing or treating your data you can contact us to raise that concern, but this will not affect any processing that has already taken place at the time. When you make such requests, we may need time to investigate and facilitate your request. If there is a delay or dispute as to whether we have the right to continue using your information, we will restrict any further use of your information until the request is honored or the dispute is resolved.

However, we may be entitled to continue processing your information based on our legitimate interests or where this is relevant to legal claims.

Withdrawal of consent

Where you gave us consent to use your information for a limited purpose, you can contact us to withdraw that consent, but this will not affect any processing that has already taken place at the time. When you make such requests, we may need time to investigate and facilitate your request. If there is a delay or dispute as to whether we have the right to continue using your information, we will restrict any further use of your information until the request is honored or the dispute is resolved.
You may opt out of receiving third party promotional communications from us in your account. You may opt out of our promotions by using the unsubscribe link within each email. Even after you opt out from receiving promotional messages from us, you will continue to receive transactional messages from us. You can opt out of some notification messages in your account.

Complaints to the regulator

You also have a right to lodge a complaint with a supervisory authority, where you are located, where we are based or where an alleged infringement of Data Protection law has taken place.
Your contact options are set out below.

United Kingdom
Office of the Information Commissioner
https://ico.org.uk/make-a-complaint/

Australia
Office of the Australian Information Commissioner
https://www.oaic.gov.au/privacy/privacy-complaints

New Zealand
Office of the Privacy Commissioner
https://www.privacy.org.nz/your-rights/making-a-complaint/

United States
Each state has its own relevant body.
http://www.ncsl.org/research/telecommunications-and-information-technology/state-laws-related-to-internet-privacy.aspx

DATA BREACHES

We are committed to transparency with respect to serious data breaches.
When a data breach occurs which is likely to result in serious harm to any individuals whose personal information has been breached, then we will notify the relevant affected individuals (and other parties as required by law) and advise:

  • Our identity and contact details;
  • A description of the data breach;
  • The kinds of information concerned; and
  • Recommendations about the steps the individual should take in response to the data breach.

ADVERTISING & MARKETING POLICY

ADVERTISING TO MINORS

We will not knowingly market to minors.

COMMUNICATIONS

We will communicate with you through the contact details you provide to us. You agree that we can communicate with you electronically. Our standard communication mechanisms include email, smart device notifications, SMS, web chat and telephony.
If you are a personal account holder then you can change your contact settings in your account.
You may opt out of receiving third party promotional communications from us in your account.
You may opt out of our promotions by using the unsubscribe link within each email.
Even if you opt-out of marketing or promotional communications you will continue to receive transactional messages from us.

THIRD PARTY ADVERTISING

We will not sell or provide your information to third parties so they can market their products or services to you.
We may from time to time use display advertising on the web and on platforms like Google and Facebook. Our advertising will only be aimed at supporting your engagement with cyber safety and education (such as topical information and insights) and maximising what you get out of our Products (such as promoting features and events).
You may have options in your browser or through the websites you access to limit or avoid advertising. You may also be able to opt out of personalised advertisements through the Network Advertising Initiative or Digital Advertising Alliance’s Self-Regulatory Principles for Online Behavioral Advertising. For more information about this practice and to understand your options, please visit: http://www.aboutads.info, http://optout.networkadvertising.org/ and http://www.youronlinechoices.eu.

SPAM

SPAM is a common term for unwanted commercial electronic messages including emails, short messages, etc. In various countries around the world there are laws designed to inhibit the use of SPAM by commercial organisations.
We do not engage in SPAM;
We will not use false, or misleading subjects or email addresses;
We will identify marketing messages as such in a reasonable way;
We will include our registered address;
We will monitor Partner Marketing for compliance;
We will honor opt-out/unsubscribe requests in reasonable timeframes; and
We will provide opt-out unsubscribe options in relation to Partner Marketing.

Cookies And Tracking Technologies

We and our third party partners, such as our advertising and analytics partners, use various technologies to collect information, such as cookies and web beacons. In this notice we collectively describe these technologies as cookies.

We use cookies to improve our products and your experience. Specifically, we use cookies:

  • Where strictly necessary. These cookies are essential. They enable our Products to function, for example remembering you are signed in.
  • For functionality. These cookies remember choices you make such as language or search parameters. We use these cookies to provide you with an experience more appropriate with your selections.
  • For performance and analytics. These cookies collect information on how users interact with our Products and enable us to improve how they operate. For example, we use Google Analytics cookies to help us understand how visitors arrive at and browse our products and website to identify areas for improvement such as navigation, user experience, and marketing campaigns.
  • For promotion. These cookies permit us or a social media site to record that you have visited or used our products. We may use these to promote products we offer. We will not sell access to our cookies or use them for the purpose of promoting third party services to you.

To opt out of our use of cookies, you can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from websites you visit. If you do not accept cookies, however, you may not get the best experience out of our Products.

Many browsers include their own management tools for removing HTML5 local storage objects.

Please visit familyzone.com/tracking for more information.

END USER POLICY

LAW ENFORCEMENT REQUESTS

The following information is provided for law enforcement entities seeking information about our account holders and End Users.

All law enforcement requests for information should:

  • Be directed to us at legal@family zone.com;
  • Be written in English;
  • Include all relevant identifiers to permit us to search our records;
  • State specifically what information is being requested, why it’s being requested and how it pertains to the investigation; and
  • State the applicable act, law or ruling under which the law enforcement agency is requesting the data.

In the event of an emergency involving the danger of death or serious physical injury to a person please ensure the subject is: Emergency Disclosure Request.

We will respond to valid, properly served legal processes to the extent required by law.

It is our policy to use commercially reasonable efforts to notify affected account holders when we receive legal process requests for user data. Generally, except where a court order (and not just the request for information itself) requires delayed notification or no notification, or except where notification is otherwise prohibited by law or where we, in our sole discretion, believe that providing notice would be futile, ineffective or would create a risk of injury or bodily harm to an individual or group, or to our property, we will endeavour to provide reasonable prior notice to the relevant user of the request for user data in the event the user wishes to seek appropriate protective relief.

DISCLOSURES OF HARM

Submissions via an End User
The following relates to situations where an End User discloses to us information through a contact or feedback form and which indicates an incident or an intention to cause harm to themselves or others (a “Disclosure of Harm”).

For the purpose of clarity:

  • We do not provide mental health, crisis, counselling, or support services. Where we receive a Disclosure of Harm, we will take reasonable steps as lay persons only; and
  • Where a Disclosure of Harm is indicative of serious threat to life, health or safety of an individual then we reserve our rights to disclose such information to relevant authorities, schools and parents/guardians, subject to our obligations under relevant privacy legislation.

Disclosures of imminent and serious threat to life, health or safety
Where an End User discloses to us an Imminent and serious threat to life, health or safety then we will:

  • Seek to provide the End User with details of relevant support services;
  • Make reasonable steps to identify the End User, their School and their Parents (or guardians);
  • Make reasonable steps to contact the End User’s School and Parents (or guardians); and
  • Contact the local police and request a welfare check.

In this context Imminent means a Disclosure of Harm indicative of a Foreseeable risk which requires immediate action, as inaction is likely to result in harmful activities and Foreseeable means a future risk which can be reasonably predicted based upon a result of inferred actions, occurring as a result from a disclosure which indicates a method of harm, or a specified time, date, time-frame or location of harmful act.

Other disclosures of threats to life, health or safety
Where an End User otherwise discloses to us a serious threat to life, health or safety then we will:
Seek to provide the End User with details of relevant support services;
Make reasonable steps to identify the End User, their School and their Parents (or guardians); and
Make reasonable steps to contact the End User’s School and Parents (or guardians).

Indications based on End User activity
We may offer you features of our products which monitor End User activity for the purpose of identifying risky behaviour (“Behavioural Insights”). Such features may identify behaviour indicative of self-harm.

We do not promise that these Behavioural Insights are complete or accurate. We do not promise to monitor them or escalate issues to you or relevant authorities.

NOTICE TO END USERS

This notice is directed at End Users of our Products.

End Users are registered to account holders. You may have a primary account holder e.g. your parent or employer. You may also be associated with other accounts such as where you are a party to a shared parenting arrangement or you’re a student at a school using our Services or you’re a guest on a network using our Services.

Account holders have access to the information we hold on you and in particular the Cyber Safety Data related to you. This access is limited by and provided in accordance with this policy.

If you have queries with respect to the Products or your information, please direct your questions to the account holder/s administering you.

PRIVACY POLICY CHILDREN’S VERSION

PRIVACY POLICY FOR CHILDREN
You may be reading this document because our apps have been installed on your computer, tablet or phone. You may also have heard of us at your school.
In this document we will explain what we do and how it may impact the devices you use. We will also explain how we capture, use and share your information.

Who are we?
We are a Cyber Safety technology provider. We have apps that can be downloaded onto computing devices, smart phones and installed in home and school WiFi networks. These apps allow parents and schools to monitor and manage some of your online and device activities. Our apps have been developed so your parents and schools can look after you, support your use of technology and keep you safe online.

What do we do?

 

Function What we do
Content filtering Our apps can be installed on computers, tablets, phones  and in networks. These apps monitor and manage your internet activity based on the choices of your parents/school.
We will log the websites and Apps you access. This data is visible to your school and parents for a limited time.
Location tracking When installed on tablets and phones our apps can log your device location.
This data is visible to the owner of your device, which is usually your parents for a limited time.
Messaging If enabled by your school, our apps allow you to communicate with your parents and teachers and other students. We log messages sent and received.
We store this data for a limited time and make it available to your school. 
Device management When installed on tablets and phones our apps can log the apps installed and removed from your device. We also capture basic device information unrelated to you.
This data is visible to your school and parents for a limited time.
Classrooms When installed on your classroom computer or tablet our apps can capture and show your teachers screenshots and live views of your screens. We store this data for a limited time and make it available to your school.
Safeguarding When installed on your classroom computer or tablet our apps can log your keystrokes and capture screenshots. If our apps identify high risk activity we will escalate this to your school or parents. Otherwise this data is deleted quickly.

Online safety incidents
If our apps identify indicators or serious risk to any individual’s safety and wellbeing then we reserve the right to escalate or intervene. What we will do is detailed in our Disclosures Of Harm policy.

Consent
Consent is needed for us to perform our services. We obtain consent for our products to be installed and used on devices and networks from the device or network owner, if you are using their device or network and do not wish to be impacted by our services then you need to talk to them to have our services removed.

Our commitment to data protection

  • We will not market services to you.
  • We will not share information associated with you with other companies.
  • We only ever ask for information that we really need to know.
  • We may share information associated with you if required by law or under an agreement with your parents or school.
  • We only keep information associated with you for as long as we need it and in accordance with laws.
  • We use good practices to keep information safe and secure.

Your rights
We provide our services to your parents or guardian or school and so we do as requested by them and as required by law. You do have rights and we are committed to you understanding them. These include:

  • You have a right to know and ask for copies of what information we collect relating to you.
  • You have a right to ask us to stop collecting or storing information relating to you unless we have a legal obligation or legitimate interest in doing so.
  • You have a right to tell us if your information is wrong or incomplete and then we must correct it.
  • You can complain to us or government agencies about us.

Where you exercise your rights we will let your parents/school know.

Contacts
For customers within the Australia and New Zealand
e: privacy@familyzone.com
m: Family Zone Cyber Safety Limited, Level 3, 45 St Georges Terrace, Perth WA 6000, AUSTRALIA.
p: +61 1300 398 326

For customers within the United Kingdom:
e: privacy@familyzone.com
m: Avalon House, 1 Savannah Way, Leeds Valley Park, LS10 1AB, Leeds, United Kingdom
p: +44(0)113 539 7506

For customers within the United States
e: privacy@familyzone.com
m: 11545 West Bernardo Court, Suite 204 San Diego, CA, 92127
p: +844 SAFEWEB (844-723-3932)

CHANGES TO OUR CUSTOMER POLICIES

We may, from time to time and in our sole discretion, make changes to this policy. We will provide notice to you by email (if you have provided us with one) or when you sign in to your account for the first time after the change.

We will ask you to review and agree to the changes. If you agree to the changes, simply continue using the Products (which will be deemed acceptance of the updated policy). If you object to any of the changes, immediately notify us at the contact information below.

How To Contact Us

If you have any questions about this Privacy Statement, the information that we collect from you or your End Users, or the Products, please contact our Privacy & Data Protection Officer as follows:

For customers within the Australia and New Zealand
e: privacy@familyzone.com
m: Family Zone Cyber Safety Limited, Level 3, 45 St Georges Terrace, Perth WA 6000, AUSTRALIA.
p: +61 1300 398 326

For customers within the United Kingdom:
e: privacy@familyzone.com
m: Avalon House, 1 Savannah Way, Leeds Valley Park, LS10 1AB, Leeds, United Kingdom
p: +44(0)113 539 7506

For customers within the United States
e: privacy@familyzone.com
m: 11545 West Bernardo Court, Suite 204 San Diego, CA, 92127
p: +844 SAFEWEB (844-723-3932)

Site URL: https://www.smoothwall.com/education | Locale is :

Get Support Button