Privacy & Cookie Policies
Effective Date: 12/01/2019
For individuals located outside of the United States, please note that your Personal Information will be collected, processed and stored in the United States, which may have data protection laws that are different from (and sometimes less protective than) the laws of your country or region, such as the GDPR, as further described below.
Who We Are / Data Controller
1260 45th Street
Emeryville. CA 94608
Our Services are not intended for individuals under the age of 18, and Mindful Schools does not target the Services to minors.
Mindful Schools does not knowingly collect Personal Information from children under the age of 18. If you are under the age of 18, please do not register to use the Services and do not provide us with any personally identifiable information.
When and How Do We Collect Personal Information?
Depending on who you are and why you are using our Services, we collect different types of information.
Generally speaking, “Personal Information” means any information about an individual from which that person may be identified. For example, it may include your name, telephone number, email address, payment information, and your IP address, device ID and location information. It does not include data from which the identity of an individual has been definitively removed along with any identifiers connected to such individual.
When you visit or use our Services, we collect Personal Information directly from you when you provide it to us, as well as indirectly through automated technologies such as cookies. We also rely on third-party service providers to help us collect Personal Information and provide our Services.
Information We Collect Directly From You
To participate in our community platform, to purchase courses or to make a donation, we request certain Personal Information from you:
- employer or organization;
- professional experience; and
- mindfulness-related personal experiences
In addition, payment information will be collected and handled by third-party service providers, as explained below.
When you contact us via email, submit contact forms on our Services or otherwise, we also collect and process any additional information, which may include Personal Information, that you voluntarily submit to us in those emails, contact forms or other communications.
Discussion Forum/Board Information
If you post any content to our discussion forums/boards, we will collect any such information, which may include Personal Information. This information will be publicly available to other members of the forums/boards, and as such we recommend that you carefully consider what Personal Information you post.
Information Collected Indirectly
Device and Usage Information
When you download, use or interact with the Services, even if you do not have an account, we, or our authorized third-party service providers, may automatically collect information about your use of the Services via your device, some of which information is Personal Information. Device and Usage Information that we collect consists of:
Information About your Device: information about the devices and software you use to access the Services – primarily the internet browser or mobile device that you use, the website or source that linked or referred you to the Services, your IP address or device ID (or other persistent identifier that uniquely identifies your computer or mobile device on the Internet), the operating system of your computer or mobile device, device screen size, and other similar technical information.
Usage Information: information about your interactions with the Services, including access dates and times, hardware and software information, device event information, crash data, cookie data. This information allows us to understand the screens that you view, how you’ve used the Services (which may include administrative and support communications with us or whether you have clicked on third-party links), and other actions on the Services. We, or our authorized third parties, automatically collect log data when you access and use the Services, even if you have not created an account or logged in. We use this information to administer and improve the Services, analyze trends, track users’ use of the Services, and gather broad demographic information for aggregate use.
Cookies and Similar Technologies
With the Device and Usage Information collected by our third-party analytics services, we generate and process aggregated information, such as statistical or demographic data. Aggregated Information may be derived from Personal Information, but is not considered Personal Information under the law if it does not directly or indirectly reveal your identity. For example, we may track the total number of visitors to our Services or the number of visitors to each page of our Services, and we may aggregate usage data to calculate the percentage of users accessing a specific feature of the Services and analyze this data for trends and statistics.
Information from Third Parties
In some instances, we process Personal Information from third parties, which consists of data from our partners, such as transactional data from providers of payment services.
Why We Collect Your Personal Information and How We Use It
Our mission is to provide safe, efficient and high-quality Services, and we, or our authorized third-party service providers who assist us in providing the Services, process your Personal Information for this purpose. Personal Information is generally processed in order to:
- Enable you to register for the Services, purchase our courses, subscribe to community membership plans, or make donations;
- Improve the content and general administration of the Services and enhance user experience;
- Provide customer support;
- Identify leads;
- Detect fraud, illegal activities or security breaches;
- Provide you with notices regarding purchases;
- Enable donations;
- Ensure compliance with applicable laws;
- Respond to your queries and requests, or otherwise communicate directly with you;
- Perform system maintenance and upgrades, and enable new features;
- Conduct statistical analyses;
- To send you marketing messages if you have opted in to receive; and
- Provide information to regulatory bodies when legally required, and only as outlined in this Privacy Notice.
For users located in the EEA, please see below for more information on our legal bases for processing.
Managing Your Preferences
If your Personal Information changes, or if you no longer desire to use our Services, you may contact us at firstname.lastname@example.org. We will respond to your request within a reasonable timeframe.
Disclosure of Your Personal Information
We disclose your Personal Information to the third parties indicated below:
- Companies that do things to help us provide the Services: hosting service providers, user engagement and customer support providers, job application service providers, payment service providers, communication tools, and analytics tools;
- Professional service providers, such as auditors, lawyers, consultants, accountants and insurers;
- Governments, regulators, law enforcement and fraud prevention agencies, but only as authorized.
- Third party organizations, in the event of a business transfer, sale, merger or bankruptcy;
Third-Party Service Providers
- Community platform management
- Hosting and content delivery network services
- Course content delivery services
- Email marketing distribution service
- Cloud-based file storage system
- Work productivity services
- Social networking platforms
- CRM services
As we continue to grow, we may purchase websites, applications, subsidiaries, other businesses or business units. Alternatively, we may sell businesses or business units, merge with other entities and/or sell assets or stock, in some cases as part of a reorganization or liquidation in bankruptcy. As part of these transactions, we may transfer your Personal Information to a successor entity upon a merger, consolidation or other corporate reorganization in which Mindful Schools participates, or to a purchaser or acquirer of all or a portion of Mindful Schools’ assets, bankruptcy included.
Legal Obligations and Security
If we are required to disclose Personal Information by law, such as pursuant to a subpoena, warrant or other judicial or administrative order, our policy is to respond to requests that are properly issued by law enforcement within the United States or via mutual legal assistance mechanism (such as a treaty). Under such circumstances, we may attempt to provide you with prior notice that a request for your information has been made in order to give you an opportunity to object to the disclosure. However, government requests may include a court-granted non-disclosure order, which prohibits us from giving notice to the affected individual. In cases where we receive a non-disclosure order, we notify the user when it has expired or once we are authorized to do so.
Note that if we receive information that provides us with a good faith belief that there is an exigent emergency involving the danger of death or serious physical injury to a person, we may provide information to law enforcement trying to prevent or mitigate the danger (if we have it), to be determined on a case-by-case basis.
We do not directly collect your payment information and unless you elect for us to do so for the purpose of automatically renewing your community platform membership, we do not store your payment information. We use Stripe and Authorize.net, both third-party, PCI-compliant, payment processors, which collect payment information on our behalf in order to complete transactions. While our administrators are able to view and track actual transactions via their respective customer portals, with the exception of the last 4 digits of your credit card, credit card type, zip code and expiration date, we do not have access to or process your credit card information. Please review Stripe’s and Authorize.net’s privacy policies to learn more about how they collect, process and protect your Personal Information.
“Do Not Track”
Mindful Schools currently does not respond to Do Not Track (“DNT”) signals. For more information on DNT settings generally, please visit https://allaboutdnt.com.
How Long Do We Keep Your Personal Information?
General Retention Periods
We use the following criteria to determine our retention periods: the amount, nature and sensitivity of your information, the reasons for which we collect and process your Personal Information, the length of time we have an ongoing relationship with you and provide you with access to our Services, and applicable legal requirements. We will retain Personal Information we collect from you where we have an ongoing legitimate business need to do so (for example, to comply with applicable legal, tax or accounting requirements). Additionally, we cannot delete information when it is needed for the establishment, exercise or defense of legal claims (also known as a “litigation hold”). In this case, the information must be retained as long as needed for exercising respective potential legal claims.
When we have no ongoing legitimate business need to process your Personal Information, we will either delete or anonymize it or, if this is not possible (for example, because your Personal Information has been stored in backup archives), we will securely store your Personal Information and isolate it from any further processing until deletion is possible.
For community platform accounts, you must contact email@example.com to have your account deleted. Upon deletion of your account, we will delete your community profile and anonymize your posts and other content submissions so that they are no longer attributable to you.
If you have questions about, or need further information concerning, our data retention periods, please send an email to firstname.lastname@example.org.
Time Frame of Deletion
If Personal Information can no longer be retained or is no longer necessary, it will be erased without undue delay, generally within one month, unless exceptions apply.
In some instances, we may choose to anonymize your Personal Information instead of deleting it, for statistical use, for instance, or in the case of community platform accounts to maintain the flow of discussion board conversation threads, for example. When we choose to anonymize, we make sure that there is no way that the Personal Information can be linked back to you or any specific user.
Protecting Your Personal Information
No method of transmission over the Internet, or method of electronic storage, is 100% secure, however we take steps that are reasonably necessary to securely provide our Services. We have put in place reasonably appropriate security measures designed to prevent your Personal Information from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. We limit access to Personal Information only to those employees, agents, contractors and the third parties who have a business need-to-know.
We also have procedures in place to deal with any suspected data security breach. If required, we will notify you and any applicable regulator of a suspected data security breach. We also require those parties to whom we transfer your Personal Information to provide acceptable standards of security.
The information that we collect on or in connection with the Services or that is otherwise provided by you to Mindful Schools is processed in the United States, which may not offer an equivalent level of protection as the European Union or other regions and countries. Some jurisdictions around the world only allow for outward transfers of Personal Information to third countries, such as the United States, in certain situations. By using the Services, you consent and agree to the transfer of all such information to the United States and to the processing of that information by Mindful Schools on servers located in the United States, subject to this Privacy Notice. Mindful Schools will take reasonable steps as may be required to comply with onward transfers of Personal Information.
How To Contact Us About Privacy
Mindful Schools Labs, Inc.
1260 45th Street
Emeryville, CA 94608
Additional Information for Users in the European Economic Area
Categories of Recipients of Personal Information
The categories of recipients of Personal Information with whom we may share your Personal Information are listed in Disclosure of Your Personal Information above.
Purpose of the Processing and Legal Bases
Mindful Schools uses your Personal Information for a number of different purposes, as explained here. Some are essential for us to provide the Services you use or to fulfill our legal obligations, some help us run the Services efficiently and effectively and some enable us to provide you with more relevant and personalized offers and information. In all cases we must have a reason and a legal ground for processing your Personal Information. Some of the most common legal grounds we rely on are briefly explained below.
Performance of a Contract
We may process your Personal Information for the purposes of a contract to which you are a party, in other words your ability to use the Services. For instance, if you want to purchase a Community Platform membership, we need to process your Registration Information in order to enable you to do so.
We may process personal information where it is necessary for our legitimate business interests, but only to the extent that they are not outweighed by your own interests or fundamental rights and freedoms. We generally rely on legitimate interests to provide and maintain Services that work well and securely, comply with applicable laws, carry out fraud prevention, and generally improve the Services. When we rely on this legal basis, if required, we’ll carry out a legitimate interest assessment to ensure we consider and balance any potential impact on you (both positive and negative), and your rights under applicable data protection laws.
Mindful Schools may rely on consent where it is required, such as with respect to certain Device and Usage Information collected via cookies and similar technologies (other than strictly necessary cookies), or when we’re asking you to confirm your marketing preferences. When we rely on consent, you’ll be asked to confirm that you give your permission to Mindful Schools to process your Personal Information. Details of the processing, such as why Mindful Schools would like to process your data, how it will be used and if your Personal Information will be shared, will be provided at the time of asking you for your consent.
You have the right to withdraw your consent at any time if you no longer wish to have Mindful Schools process your Personal Information.
Mindful Schools will on occasion be under a legal obligation to obtain and disclose your Personal Information. Where possible, we will notify you when processing your data due to a legal obligation, however this may not always be possible. For instance, Mindful Schools may need to provide your data in order to prevent criminal activity or help to detect criminal activity, in which case we may share information with law enforcement. This is done in a safe and secure manner. It’s essential that Mindful Schools complies with its legal, regulatory and contractual requirements, so if you object to this processing, Mindful Schools will not be able to provide its Services to you.
The following table illustrates in more detail how the above legal bases for processing may apply to our primary purposes for processing different types of Personal Information:
Staying in Control of Your Information: Your Rights
If the GDPR applies to you because you are in the EEA, you have certain rights in relation to your Personal Information:
- The right of access – your right to request a copy of the Personal Information we hold about you (also known as a ‘data subject access request’);
- The right to rectification – your right to request that we correct Personal Information about you if it is incomplete or inaccurate (though we generally recommend first making any changes in your Account Settings);
- The right to erasure (also known as the ‘right to be forgotten’) – under certain circumstances, you may ask us to delete the Personal Information we have about you (unless it remains necessary for us to continue processing your Personal Information for a legitimate business need or to comply with a legal obligation as permitted under the GDPR, in which case we will inform you);
- The right to restrict processing – your right, under certain circumstances, to ask us to suspend our processing of your Personal Information;
- The right to data portability – your right to ask us for a copy of your Personal Information in a common format (for example, a .csv file);
- The right to object – your right to object to us processing your Personal Information (for example, if you object to us processing your data for direct marketing); and
- Rights in relation to automated decision-making and profiling – our obligation to be transparent about any profiling we do, or any automated decision-making.
These rights are subject to certain rules around when you can exercise them, including without limitation our ability to verify your identity. If are located in the EEA and wish to exercise any of the rights set out above, please contact us.
You will not have to pay a fee to access your Personal Information (or to exercise any of the other rights) unless your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request under those circumstances.
We will respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated as required by law.
In addition, if you no longer wish to receive our marketing/promotional information, we remind you that you may withdraw your consent to direct marketing at any time directly from the unsubscribe link included in each electronic marketing message we send to you. If you do so, we will promptly update our databases, and will take all reasonable steps to meet your request at the earliest possible opportunity, but we may continue to contact you to the extent necessary for the purposes of providing our Services.
Finally, you have the right to make a complaint at any time to the supervisory authority for data protection issues in your country of residence. We would, however, appreciate the chance to address your concerns before you approach the supervisory authority, so please contact us directly first.
Effective Date: 12/01/2019
Types of Cookies
The following types of cookies may be used when you visit the Site:
Advertising cookies are placed on your computer by advertisers and ad servers in order to display advertisements that are most likely to be of interest to you. These cookies allow advertisers and ad servers to gather information about your visits to the Site and other websites, alternate the ads sent to a specific computer, and track how often an ad has been viewed and by whom. These cookies are linked to a computer and do not gather any personal information about you.
Analytics cookies monitor how users reached the Site, and how they interact with and move around once on the Site. These cookies let us know what features on the Site are working the best and what features on the Site can be improved.
Our cookies are “first-party cookies”, and can be either permanent or temporary. These are necessary cookies, without which the Site won't work properly or be able to provide certain features and functionalities. Some of these may be manually disabled in your browser, but may affect the functionality of the Site.
Personalization cookies are used to recognize repeat visitors to the Site. We use these cookies to record your browsing history, the pages you have visited, and your settings and preferences each time you visit the Site.
Security cookies help identify and prevent security risks. We use these cookies to authenticate users and protect user data from unauthorized parties.
Site Management Cookies
Site management cookies are used to maintain your identity or session on the Site so that you are not logged off unexpectedly, and any information you enter is retained from page to page. These cookies cannot be turned off individually, but you can disable all cookies in your browser.
Third-party cookies may be placed on your computer when you visit the Site by companies that run certain services we offer. These cookies allow the third parties to gather and track certain information about you. These cookies can be manually disabled in your browser.
Control of Cookies
Most browsers are set to accept cookies by default. However, you can remove or reject cookies in your browser’s settings. Please be aware that such action could affect the availability and functionality of the Site.
For more information on how to control cookies, check your browser or device’s settings for how you can control or reject cookies, or visit the following links:
- Apple Safari
- Google Chrome
- Microsoft Edge
- Microsoft Internet Explorer
- Mozilla Firefox
- Android (Chrome)
- iPhone or iPad (Chrome)
- iPhone or iPad (Safari)
In addition, you may opt-out of some third-party cookies through the Network Advertising Initiative Opt-Out Tool.
Other Tracking Technologies
In addition to cookies, we may use web beacons, pixel tags, and other tracking technologies on the Site to help customize the Site and improve your experience. A “web beacon” or “pixel tag” is a tiny object or image embedded in a web page or email. They are used to track the number of users who have visited particular pages and viewed emails, and acquire other statistical data. They collect only a limited set of data, such as a cookie number, time and date of page or email view, and a description of the page or email on which they reside. Web beacons and pixel tags cannot be declined. However, you can limit their use by controlling the cookies that interact with them.
1260 45th Street
Emeryville, CA, United States
Mindful Schools Homeroom, 1260 45th Street, Suite B, Emeryville, California, 94608