Try IMPACT BY INSTRUCTURE Today
Effective starting: May 25, 2018
What this policy covers
The privacy of your end-users is important to us, and so is being transparent about how we use, collect, and share information about them. This policy is intended to help you understand:
This policy also explains your choices about how we use information about your users. Your choices include how you can object to certain uses of information about your users and how you can access and update certain information about them.
What information we collect about your users
We collect information about your users when they interact with your Learning Management System (to be referred to as LMS) environment and when we synchronize data from the LMS environment.
Account and Profile Information: We collect information about your users’ LMS Account and Profile when the users interact with your LMS environment and when they modify their profile or set their preferences.
Information we collect automatically when you use the Services: When the end-users use your LMS environment, we collect information about what tools they use and how they interact with the environment (clickstream).
Device and Connection Information: We collect information about your end-users computer, phone, tablet, or other devices they use to access the Services. This device information includes connection type and settings. We also collect information through the devices about the operating system, browser type, and IP address.
How we use information we collect
To provide the Services and personalize your end-users experience: We use information about your end-users to provide the Services to them, including authenticating them when they log in, providing customer support, and operating and maintaining the Services.
For research and development: We are always looking for ways to make our Services smarter, faster, secure, integrated, and useful to you. We use collective learning about how people use our Services and feedback provided directly to us to troubleshoot and identify trends, usage, activity patterns and areas for integration and improvement of the Services.
Customer support: We use the gathered information to resolve technical issues, to respond to requests for assistance, to analyze crash information, and to repair and improve the Services.
For safety and security: We use the gathered information to verify accounts and activity, to monitor suspicious or fraudulent activity and to identify violations of Service policies.
Legal bases for processing (for EEA users): If you are an individual in the European Economic Area (EEA), we collect and process information about you only where we have legal bases for doing so under applicable EU laws. The legal bases depend on the Services you use and how you use them. This means we collect and use your information only where:
If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your information because we have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the Services.
How we share information we collect
We make collaboration tools, and we want them to work well for you. This means sharing information through the Services and with certain third parties. We share information we collect about you in the ways discussed below, including in connection with possible business transfers, but we are not in the business of selling information about you to advertisers or other third parties.
For collaboration: You can create content, which may contain information about you, and grant permission to others to see, share, edit, copy and download that content based on settings you or your administrator (if applicable) select. Some of the collaboration features of the Services display some or all of your profile information to other Service users when you share or interact with specific content.
Sharing with third parties:We share information with third parties that help us operate, provide, improve, integrate, customize, support and market our Services. The particular third parties differ by institution due to different needs. Thus, upon your request, we will provide you with a list of the specific third-party tools with whom we share your information.
Service Providers: We work with third-party service providers to provide website and application development, hosting, maintenance, backup, storage, virtual infrastructure, analysis and other services for us, which may require them to access or use information about you. If a service provider needs to access information about you to perform services on our behalf, they do so under strict instructions from us, including policies and procedures designed to protect your information.
Compliance with Enforcement Requests and Applicable Laws; Enforcement of Our Rights: In exceptional circumstances, we may share information about you with a third party if we believe that sharing is reasonably necessary to (a) comply with any applicable law, regulation, legal process or governmental request, including to meet national security requirements, (b) enforce our agreements, policies and terms of service, (c) protect the security or integrity of our products and services, (d) protect Atlassian, our customers or the public from harm or illegal activities, or (e) respond to an emergency which we believe in good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person.
How we store and secure information we collect
Information storage and security
We use data hosting service providers in the United States, Australia, United Kingdom, Frankfurt, and The Netherlands to host the information we collect, and we use technical measures to secure your data.
While we implement safeguards designed to protect your information, no security system is impenetrable and due to the inherent nature of the Internet, we cannot guarantee that data, during transmission through the Internet or while stored on our systems or otherwise in our care, is absolutely safe from intrusion by others.
How long we keep information
How long we keep information we collect about you depends on the type of information, as described in further detail below. After such time, we will either delete or anonymize your information or, if this is not possible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible.
Account information: We retain your account information for as long as your account is active and a reasonable period thereafter in case you decide to re-activate the Services. We also retain some of your information as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations, and to continue to develop and improve our Services. Where we retain information for Service improvement and development, we take steps to eliminate information that directly identifies you, and we only use the information to uncover collective insights about the use of our Services, not to specifically analyze personal characteristics about you.
How to access and control your information
You have certain choices available to you when it comes to your information. Below is a summary of those choices, how to exercise them and any limitations.
Your Choices: You have the right to request a copy of your information, to object to our use of your information, to request the deletion or restriction of your information, or to request your information in a structured, electronic format. Below, we describe the tools and processes for making these requests. You can exercise some of the choices by logging into the Services and using settings available within the Services or your account. Where the Services are administered for you by an administrator, you may need to first contact your administrator to assist with your requests. For all other requests, you may contact us as provided in the Contact Us section below to request assistance.
Your request and choices may be limited in certain cases: for example, if fulfilling your request would reveal information about another person, or if you ask to delete information which we or your administrator are permitted by law or have compelling legitimate interests to keep. If you have unresolved concerns, you may have the right to complain to a data protection authority in the country where you live, where you work or where you feel your rights were infringed.
Deactivate your account: If you no longer wish to use our Services, you or your administrator may be able to deactivate your Services account. If you can deactivate your own account, that setting is available to you in your account settings. Otherwise, please contact your administrator. If you are an administrator and are unable to deactivate an account through your administrator settings, please contact Impact support. Please be aware that deactivating your account does not delete your information. For more information on how to delete your information, see below.
Delete your information: Our Services give you the ability to delete certain information about you from within the Service. For example, you can remove content that contains information about you using the key word search and editing tools associated with that content. Please note, however, that we may need to retain certain information for record keeping purposes, to complete transactions or to comply with our legal obligations.
Request that we stop using your information: In some cases, you may ask us to stop accessing, storing, using and otherwise processing your information where you believe we don’t have the appropriate rights to do so. Where you gave us consent to use your information for a limited purpose, you can contact us to withdraw that consent, but this will not affect any processing that has already taken place at the time. When you make such requests, we may need time to investigate and facilitate your request. However, we comply with the guidelines of GDPR for any requests we may receive. If there is delay or dispute as to whether we have the right to continue using your information, we will restrict any further use of your information until the request is honored or the dispute is resolved, provided your administrator does not object (where applicable).
International transfers of information we collect
Data about your end-users are stored on designated servers. You will always know where the servers are located, and the data will not be transferred to another location without your prior written consent.
Other important privacy information
Your information is controlled by Impact. If you have questions or concerns about how your information is handled, please direct your inquiry to Impact support, firstname.lastname@example.org, which we have appointed to be responsible for facilitating such inquiries.