Last updated: 29 March 2021
PLEASE READ THE FOLLOWING CAREFULLY
THIS STATEMENT PROVIDES GENERAL INFORMATION ABOUT THE PRIVACY STATEMENT OF THIS WEBSITE. IF YOU ARE UNDER 13 YEARS OF AGE, PLEASE BE SURE TO READ THIS PRIVACY STATEMENT WITH YOUR PARENTS OR GUARDIAN AND ASK THEM QUESTIONS ABOUT WHAT YOU DO NOT UNDERSTAND.
YOUR USE OF THIS SERVICE CONSTITUTES ACCEPTANCE BY YOU OF THIS PRIVACY STATEMENT.
COSMOURSE LTD (collectively, “COSMOURSE”, “we”, “our” and “us”.) has created this privacy statement (“Statement”) in order to demonstrate its firm commitment to the privacy of the details that you provide to us when using www.cosmourse.com, (“the webpage” or “site”, collectively “the website”) , as the data controller for the purposes of the GDPR (General Data Protection Regulations EU 2016/679) and the UK data Protection Act of 2018.
At COSMOURSE, we are committed to maintaining the trust and confidence of all visitors to our website. In particular, we want you to know that the website is not in the business of selling, renting or trading email lists with other companies and businesses for marketing purposes.
We believe your business is no one else’s. Your Privacy is important to you and to us. So, we’ll protect the information you share with us. To protect your privacy, COSMOURSE follows different principles in accordance with worldwide practices for customer privacy and data protection.
- We won’t sell or give away your name, mail address, phone number, email address or any other information to anyone.
- We‘ll use state – of – the – art security measures to protect your information from unauthorized users.
We take your privacy seriously and take measures to provide all visitors and users of the website with a safe and secure environment.
The Personal Information on the website is collected, controlled and processed by the following entities:
COSMOURSE LTD ("The Data Controller")
International House, 64 Nile Street, London, United Kingdom, N1 7SR
This Policy explains our processing of your personal data and your rights according to UK DATA PROTECTION ACT and the EU GDPR. COSMOURSE reserves the right to modify this Statement at any time without notice by posting the changes on this webpage.
“Personal Data” means any information which relates to a living, identifiable person. It can include names, addresses, telephone numbers, email addresses etc but it is wider than that and includes any other information relating to that person or a combination of information which, if put together, means that the person can be identified.
“Special Category data” means personal date about a person’s race, ethnic origin, politics, religion, trade union membership, genetics, biometrics (where used for ID purposes), health, sex life or sexual orientation.
“Processing” covers all activities relating to the use of personal date by an organization, from its collection through to its storage and disposal and everything in between.
“Data subject” means the person whose personal data is being processed.
“Consent” any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
"Controller” the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
"Data handling” any set of operations or operations performed in an automated or not automated manner on personal data or files, thus collection, capture, systematization, distribution, storage, transformation or alteration, query, introspection, use, communication, forwarding, distribution or by any other means of making data available, coordination or interconnection, restriction, deletion or destruction;
"Data controller” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
"Addressee” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not;
"Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
"Profiling” any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements and;
"Privacy data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
RULES OF DATA HANDLING
The Data Controller recognizes the contents of this Data Management Guide as binding on itself, and states, that all data management related to his/her own activity is consistent and complies with the legal provisions as stated in the normative GDPR laws and with the applicable domestic sectoral laws, so especially as provided in the UK Data Protection Act, 2018.
The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR).
Everyone responsible for using personal data has to follow strict rules called ‘data protection principles’. They must make sure the information is:
- used fairly, lawfully and transparently
- used for specified, explicit purposes
- used in a way that is adequate, relevant and limited to only what is necessary
- accurate and, where necessary, kept up to date
- kept for no longer than is necessary
- handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage
There is stronger legal protection for more sensitive information, such as:
- ethnic background
- political opinions
- religious beliefs
- trade union membership
- biometrics (where used for identification)
- sex life or orientation
There are separate safeguards for personal data relating to criminal convictions and offences.
The Data Controller defines his / her data management in such a way that it is with the principles set out in the GDPR/DPA - legality, fairness and transparency, purpose limitation, data saving and accuracy, limited storage, integrity and confidentiality, as well as accountability – complies fully.
Accordingly, the Data Controller handles the collected, stored (managed) personal data solely for the clear and legitimate purposes defined and described below in subsequent paragraphs and only for the time stated. Thus, the subjects can read in detail about each of the data management activities in the mentioned points.
The legal basis for data management of the Data Controller is typically the consent of the data subject, the fulfilment of the contract concluded with the data subject, its preparation and the fulfilment of the legal obligation.
The legal basis for data management will be the fulfilment of the contract if the data subject orders the service from the Company, for example through the Website, i.e. a contractual relationship between the concerned (user) and the Company.
We're talking about statutory data management when a law obliges Data Controller to include some data as well as the duration of data storage.
Data Controller ensures data security and proper management. The Data Controller ensures that the data is stored in a form that allows identification of data subjects only for the time necessary to achieve the purposes for which personal data are processed. He/she also takes the technical and organizational steps to ensure that the data processed is adequately protected. Within this framework, he/she will take reasonable measures to prevent unauthorized access, alteration of use, transmission, disclosure, deletion or destruction, as well as unavailability of accidental destruction and damage resulting from changes in the technique used.
Therefore the Data Controller's staff shall ensure that unauthorized persons do not access personal data and that the storage and placement of personal data is designed in such a way that it is not accessible, accessible, alterable, destroyed, or destroyed by an unauthorized person.
The Company undertakes that the personal data of the data subjects will only be forwarded to the addressee (third party or data processor) who also handles the personal data provided or transmitted to them in accordance with these principles. The Company does not sell the data of the affected persons.
The users of the Website are also responsible for the security of their data. For protecting Your username and password, please be careful about the security of these data and not give it to third parties.
INFORMATION WE COLLECT
When you interact with us through the Services, we may collect information that, alone or in combination could be used to identify you (“Personal Data “) and other information from you, as further described below:
Personal Data That You Provide Through the Site: We collect Personal Data from you when you voluntarily provide such information, such as when you contact us with inquiries or register for an Cosmourse account to access the Services. We may collect the following information from you in order to provide our Services:
- Name or publicly posted name from a Facebook linked account;
- Email address;
- Phone number;
- Zip code or city and state you are located in;
- Credit card or other payment information;
- Your child’s first name;
- Your child’s age or birthday;
- Your child’s email address;
- Video recordings of your child during classes;
- Your voluntarily provided profile picture or your Facebook picture linked to your account;
- Information voluntarily provided in the “about me” section of your profile;
- Information voluntarily provided through reviews; and
- Notes you provide to teachers about yourself or your child when enrolling a student.
Passively Collected Data: When you interact with us through the Site, we receive and store certain data automatically. Cosmourse may store such passively collected data itself or such information may be included in databases owned and maintained by our affiliates, agents or service providers. We may use such information and pool it with other information to track, for example, the total number of visitors to our Sites, the number of visitors to each page of our website, and the domain names of our visitors' Internet service providers.
Aggregated Personal Data: We may aggregate data, including Personal Data, and use such aggregated data for any purpose. This aggregate information does not identify you personally.
HOW WE USE INFORMATION
We, our authorized partners and our representatives store and use Your Personal Information only for providing and improving the website. In particular, we use Users' Personal Information for the following purposes:
- provide the COSMOURSE Services;
- process your payment for the Services;
- send you emails or newsletters that you signed up for;
- improve the COSMOURSE Services; and
- analyze website usage.
COSMOURSE Teachers receive recordings of their classes and may use the recordings to improve their curriculum and classes, and may provide the recording to Parents and the participants in the class to view. Please note that in some cases, Classes are taught by a “Teacher” that is actually an organization, group, or team of instructors (“Teacher Organization”). In such cases, Class Recordings may be accessed by the entire Teacher Organization, and access would not necessarily be limited to a single individual instructor. COSMOURSE may also use Class Recordings to provide feedback to Teachers, for customer support, and for compliance purposes.
COSMOURSE will obtain additional parental consent before we use any Class Recordings for promotional or other purposes. COSMOURSE and its affiliates may use your Personal Data to contact you in the future to tell you about services we believe will be of interest to you. If we do so, each promotional communication we send you will contain instructions permitting you to "opt-out" of receiving future promotional information. In addition, if at any time you wish not to receive any future communications or you wish to have your name deleted from our mailing lists, please contact us at email@example.com. Please note that we will continue to contact you via email to respond to requests and provide our Services.
HOW LONG WE RETAIN YOUR DATA
We will retain your information for as long as your account is active, your information is needed to provide you services, or as required to fulfill our legal obligations.
By contacting us at firstname.lastname@example.org at any time to obtain the confirmation whether or not the personal data concerning you is being processed.
We may retain records where necessary to fulfil our regulatory or statutory duties.
WHAT ARE YOUR RIGHTS TO YOUR DATA?
All Your Personal Information we collect will always belong to you. However, we are a collector and a processor of Your Personal Information. That implies on us obligations to respect your rights to Personal Information and facilitate the exercise of your rights thereto. In order to use any of your rights at any time please contact us and we will facilitate the exercise of your rights free of charge. We will inform you on the actions taken by us under your request as soon as practically possible, but in any case, not later than in 30 (thirty) calendar days.
In accordance with effective regulations you have a significant number of rights related to your Personal Information, such as e.g.:
Right to access. You may obtain from us the confirmation as to whether or not personal data concerning you is being processed and get an access to such personal data. You are entitled to view, amend, or delete the personal information that we hold. Email your request to our data protection office at email@example.com and we will work with you to remove any of your personal data we may have.
Right to rectify your inaccurate Personal Information and to have incomplete personal data completed, including by means of providing a supplementary statement
Right to erase your Personal Information. Please note that a request to erase your Personal Information will also terminate your account on the Site. We will automatically and without undue delay erase your Personal Information when it is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
Right to restrict processing of your Personal Information;
Right to data portability. You may obtain from us the personal data concerning you and which you have provided to us and transmit it to another Personal Information Controller;
Right to object to processing of Your Personal Information,
Right to withdraw your consent to the usage of your Personal Information at any time
You also have the right to lodge a complaint with regards to the handling of your data to the U.K Information Commissioners Office (ICO);
ICO - Website - https://ico.org.uk/make-a-complaint/
Telephone: 0303 123 1113
Textphone: 01625 545860
Monday to Friday, 9am to 4:30pm
When someone visits the website, we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to track things such as the number of visitors to the various parts of the site and interactions with the site. This information is processed in a way which does not identify anyone. We do not make and do not allow Google to make, any attempt to find out the identities of visitors to our website.
To transfer data between our websites, our applications and backends, communication is encrypted using the SSL (Secure Socket Layer) encryption. We protect the systems and processing by a series of technical and organizational measures. These include data encryption, pseudonymization and anonymization, logical and physical access restriction and control, firewalls and recovery systems, and integrity testing. Our employees are regularly trained in the sensitive handling of personal data and are obliged to observe data secrecy in accordance with legal requirements.
We do not knowingly gather or otherwise process personal data of minors under the age of 13. If we notice that one of our users/visitors is a minor we’ll immediately take steps to remove their information. If you believe we have processed or still hold information on minors, please send us an email at firstname.lastname@example.org and we’ll remove it A.S.A.P.
Collection: COSMOURSE collects information about students directly from Parents, who provide us with the Child’s first name, age, type of schooling, local time zone, and additional notes for the Teacher. In addition, Children may share information about themselves during Classes. The COSMOURSE class sessions may take place over online videos in which video images and audio of the Children are recorded. No information is collected directly from Children until they are in the course session. Children cannot post personal data publicly on the COSMOURSE Services.
Use and Disclosure: COSMOURSE shares the name, age, local time zone, and any notes Parents have provided about their Child to the Class Teacher, in order to allow the Teacher to provide Classes. This information shall also be treated as part of the Parent’s “Personal Data” and may be shared as described in the Disclosure section above for business transfers; to vendors and service providers; and to comply with legal requirements. Children may also share information about themselves with the Teacher and the rest of their class during the Class session voluntarily. While COSMOURSE expects Teachers and all other Users to abide by our standards of conduct, please note that we cannot control or monitor what personal information your Child shares with Teachers or other classmates, nor what those third parties ultimately do with that information, and we disclaim all responsibility in that regard.
Class Video Recordings: As described above, COSMOURSE records video of students and teachers during COSMOURSE classes (“Class Recordings”). The Class Recordings are made available by COSMOURSE to the Teacher of the Class and may be shared by the Teacher for the entire class (and their Parents) to view (the “Permitted Recipients”). Please note that in some cases, Classes are taught by a “Teacher” that is actually an organization, group, or team of instructors (“Teacher Organization”). In such cases, Class Recordings may be accessed by the entire Teacher Organization, and access would not necessarily be limited to a single individual instructor. COSMOURSE may also use Class Recordings to provide feedback to Teachers, for customer support, and for compliance purposes. COSMOURSE will obtain additional parental consent before we use any Class Recordings for promotional or other purposes. We utilize reasonable means to (i) limit the ability of Teachers to create copies of the Class Recordings or to share the Class Recordings with anyone aside from Permitted Recipients, and also (ii) limit the ability of Permitted Recipients to download or re-share the Class Recordings. While we expect Teachers and Permitted Recipients to abide by our standards of conduct, please note that we cannot control or monitor what such third parties ultimately do with Class Recordings, and disclaim all responsibility in that regard.
Parental Consent: COSMOURSE obtains verifiable parental consent before collecting Personal Data from your Child. COSMOURSE requires that you provide your credit card information in order to register your Child for and pay for an COSMOURSE Class. If you do not consent, then we will not collect, use or disclose any personal information about your Child, and your Child will not be allowed to use the Services in any way. If you are not using our services for any other purposes and do not provide consent within a reasonable time from the date the direct notice was sent, we will also delete your online contact information from our records.
Parental Choices and Controls: At any time, you can refuse to permit us to collect further Personal Data from your Children in association with your account, and can request that we delete from our records the Personal Data we have collected in connection with that account. Please keep in mind that a request to delete records may lead to a termination of an account, membership, or other service. You may update your Child’s information by logging onto your account. You can contact COSMOURSE to request access to, change, or delete your Child’s personal information by sending an email to us at email@example.com. A valid request to delete personal information will be accommodated within a reasonable time. In addition to the foregoing, we will exercise commercially reasonable efforts to delete personal information belonging to Children when it is no longer needed for the purpose for which it was collected.
CHANGES IN THE PRIVACY STATEMENT
The effective date at the bottom of this page indicates when this Privacy Statement was last revised. We will notify you before any material change takes effect so that you have time to review the changes. Any change is effective when we post the revised Privacy Statement. Your use of the Services following these changes means that you accept the revised Privacy Statement.