Effective: June 3, 2020
Notice for European Union Residents
Notice to Residents of the State of California
If you are a resident of the State of California, in the United States of America, and you purchase a Service or otherwise subject to our TOS, you have additional privacy rights described here.
Data Processor (or Service Provider) means any natural or legal person who processes the data on behalf of the Data Controller. We may use the services of various Service Providers in order to process your data more effectively.
Personal Data is any information about an individual from which that individual can be identified. Your name, address, phone number and bank account number are examples of personal data. It does not include data where the identity has been removed (anonymous data). We collect Personal Data from you in various ways, including when you visit the Site(s), create an account with us, purchase, enroll in and use our Services, use our Apps, answer surveys, participate in our social media communities, such as on Facebook, and when you send us feedback.
Data Subject is any living individual who is using our Service and is the subject of Personal Data.
Information we Collect
When you create an account with Seshhub, we collect the information you provide us, such as your name, email address, phone number, birth date, and payment information. You may choose to share additional info with us and set up other preferences (such as your preferred pronouns).
Ratings and Feedback
When you rate and provide feedback, we collect all of the information you provide in your feedback for marketing purposes.
When you contact us or we contact you, we collect any information that you provide, including the contents of the messages or attachments you send us.
Video and Audio Data
When you use the Services via the video camera or microphone on your device, whether computer or mobile phone, you agree and consent that we may use such applications on your devices to operate the Services. Further, you consent and agree that we may collect this information, including video and audio content. However, Seshhub is not permitted to sell any of the above-described information in this paragraph, including video and audio content.
Children under the age of 13 are not permitted to purchase or use the Services. Children under the age of eighteen (18) may provide information to Seshhub and participate in the Service only with consent of a parent or guardian.
Information about your Device
When you log-on to our websites or to our App(s), we automatically receive information from your device, including your IP address and location. We and our service providers may use “Cookies” to keep, and sometimes track, information about you, and to create a personalized web experience.
When you access the Service with a mobile device, this Usage Data may include information such as the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data.
We may use and store information about your location if you give us permission to do so (“Location Data”). We use this data to provide features of our Service, to improve and customize our Service. You can enable or disable location services when you use our Service at any time by way of your device settings.
A pixel tag is an electronic image, often a single pixel (1×1), that is ordinarily not visible to Site visitors and may be associated with cookies on the visitors’ hard drives. Pixel Tags allow us to count users who have visited certain pages of the Site, to deliver branded services, and to target our promotional or advertising campaigns and determine their effectiveness.
Examples of Cookies we use:
- Session Cookies. We use Session Cookies to operate our Service.
- Preference Cookies. We use Preference Cookies to remember your preferences and various settings.
- Security Cookies. We use Security Cookies for security purposes.
- Advertising Cookies. Advertising Cookies are used to serve you with advertisements that may be relevant to you and your interests.
If your parent, school, employer or other third-party purchases Programs on your behalf, or if an agent refers you to Seshhub, such third parties may provide us with Personal Data about you, including your first name, last name and email address. We may also collect Personal Data about you from our business partners and other Seshhub owned companies.
Use of Information
Use of Data
Seshhub uses the collected data for various purposes:
- To provide and maintain our Service;
- To notify you about changes to our Service;
- To allow you to participate in interactive features of our Service when you choose to do so;
- To provide customer support;
- To gather analysis or valuable information so that we can improve our Service;
- To market and advertise our services;
- To monitor the usage of our Service To detect, prevent and address technical issues; and,
- To provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information.
Seshhub Inc. will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer periods.
Disclosure of Service Providers
We may employ third party companies and individuals to facilitate our Service (“Service Providers”), provide the Service on our behalf, perform Service-related services or assist us in analyzing how our Service is used.
These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
We may use third-party Service Providers to monitor and analyze the use of our Service.
For more information on the privacy practices of Google, please visit the Google Privacy & Terms page: Here
For more information on the privacy practices of Facebook, please visit Facebook’s Data Policy page: Here
Other Service Providers
We may use third-party Service Providers to monitor and analyze the use of our Service. These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
Disclosure to Third-Party Processors, Processing in U.S
Transfer of Data Outside of Canada
Your Personal Data will be held in the Canada.
Your Personal Data may also be stored, processed and accessed in other countries where you are located. You consent to the transfer of your Personal Data outside your country, including Canadas
Disclosure of Data
Disclosure for Law Enforcement
Under certain circumstances, Seshhub may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
If you are using the Services as a tutor, Seshhub may disclose an image that may contain your facial features, likeness or any other personal detail pertaining to you, including but not limited your full name, your employment title, or your employer, for marketing purposes.
Seshhub may disclose your Personal Data in the good faith belief that such action is necessary to:
- To comply with a legal obligation
- To protect and defend the rights or property of Seshhub
- To prevent or investigate possible wrongdoing in connection with the Service
- To protect the personal safety of users of the Service or the public
- To protect against legal liability
Security of Data
The security of your data is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
Our Policy on “Do Not Track” Signals under the California Online
Protection Act (CalOPPA)
We do not support Do Not Track (“DNT”). Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.
Payments and Processing of Payments
We may provide paid products and/or services within the Service. In that case, we use third- party services for payment processing (e.g. payment processors).
PCI-DSS requirements help ensure the secure handling of payment information.
European Union GDPR Data Processing Addendum
The Provider requires the Customer to accept the provisions of this Data Processing Addendum (“DPA“) which is intended to meet the data protection adequacy and security requirements of the GDPR-Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC. Therefore, if the GDPR applies to the Customer’s activity (for instance because the Customer is established in the European Union or established outside the European Union but the Customer offers good or services to data subjects who are in the European Union) — the Customer needs to accept these Data Processing Addendum terms to be compliant with GDPR so that the Customer can process such GDPR-eligible personal data with the Provider. Unless the Customer accepts the Agreement involving this DPA, the Customer’s contract with the Provider will lack those terms therefore if GDPR applies to the Customer’s activity the Customer must refrain from using the Provider’s Service unless the Customer accepts this DPA.
- The terms “personal data“, “data subject“, “processing“, “controller“, “processor” and “supervisory authority” as used in this DPA have the meanings given in the GDPR.
- For the reasons mentioned above, if the Customer with any connection to the EEA, as stated above, chooses to accept Terms and Conditions and enter the Agreement, the Customer enters this Data Protection Agreement which reflects the conditions governing processing and security of the personal data the Customer submits to the Provider’s system or which may be processed by the Customer when connect the Customer’s e-mail account thereto, i.e. submitted, stored, sent or received via our Platform and App, hereinafter referred to as the “Customer Data”. Please note that whenever the word “the Customer” is used in this DPA, it means any persons who use the Services on the Customer’s behalf, including the Customer’s employees, subcontractors and other personnel members.
- In accordance with the GDPR regulations, this DPA shall be governed and construed in accordance with the laws of Ireland as a European Union’s member state. The DPA is concluded for the whole period from the acceptance of the Agreement and this DPA until the end of the Provider’s provision of the Services under the Agreement, which shall include periods of suspension of Services’ provision or other post-termination periods when the Provider may refrain from deleting the Customer’s data.
- The Provider shall not be the controller of the Customer Data the Customer may submit to the Provider’s Services and will process such information within the Services solely in the processor’s role and – depending on the scope of the Customer’s activity – the Customer may be the controller or processor of this data. If the GDPR applies to the processing of Customer Data and the Customer is the processor, the Customer explicitly warrants the Provider that the Customer’s instructions and actions with respect to that Customer Data processing, including hereby appointment of the Provider as another processor, have been authorized by the relevant controller.
- The personal data which may be processed (i.e. submitted, stored, sent or received) by the Customer when the Customer uses the Services may include the following categories of data: names, e-mail address, telephone, profession, company’s name and address, city and country of the company, user IDs, presentations, images, calendar entries and other data which may be relevant for the Customer’s purposes of permitted usage of the Provider’s Services.
- The Customer Data which the Customer may process might concern the following categories of data subjects: users of the Services who may include the Customer’s employees and contractors, the personnel of the Customer’s customers, suppliers and subcontractors or any other person who transmits data via the Services, including any individuals collaborating and communicating with users of the Services.
- If the explicit consent of data subject is the legal basis to process the Customer Data via the Provider’s Systems, the Customer represents and warrants the Provider that each such consent is freely given and taken in accordance with applicable laws. In this context the Customer indemnify the Provider of all claims and actions of third parties related to the processing of Customer Data via Services without explicit consent or other legal basis under the respective laws.
- By entering this DPA the Customer instructs the Provider to process Customer Data only in accordance with applicable laws and only to:
- Provide the Services’, App’s and Website’s functionalities and related customer and technical support;
- To provide you with our actions, services and support specified by your usage of the Services and demanded when you use the Services (such as sending e-mail messages, campaign settings, etc.); or,
- By entering this DPA the Customer instructs the Provider to process Customer Data only in accordance with applicable laws and only to:
- We will comply with your instructions (including with regard to international personal data transfers) unless any European Union or European Union member states’ law we could be potentially subject to requires us to otherwise process the Customer Data. If this is the case, we will inform you on this obligation (unless law prohibits us from doing so on important grounds of public interest). We will also inform you if your instructions for data processing if we believe it may infringe regulations of the GDPR.
- We enable you to delete Customer Data during this DPA by using functionalities within Services – including moving data to archive for limited periods or by instant permanent deletion. If the term indicated above expires or you choose to delete data permanently, the Customer Data may not be recovered. Each of such actions will be acknowledged as your instructions to delete relevant Customer Data you submitted or keep within our systems. When the Agreement is terminated or otherwise expires, we shall delete your data, including Customer Data, and/or give you their copy (return them) subject the terms of Agreement.
- Under this DPA the Customer authorities the Provider to engage any other third parties as other processors and therefore –the Provider will inform the Customer about such planned engagement and the Customer is authorized to object to such appointment terminating the Agreement within 90 days written notice. If the Provider engages another processor for carrying out specific processing activities on the Customer’s behalf (which is unlikely), the same data protection obligations as set out in the DPA will be imposed on that other processor, including in particular providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that the processing will meet the requirements of the GDPR.
- The Provider has implemented and will maintain all the appropriate technical and organizational measures to protect Customer Data to ensure a level of security against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to Customer Data, including encryption of personal data, introducing and maintaining systems ensuring the ongoing confidentiality, integrity, availability and resilience of processing, systems ensuring ability to restore the availability and access to Customer Data in the event of a physical or technical incident.
- The Customer shall acknowledge that the above-mentioned technical and organizational measures to protect Customer Data involve i.a.: physical security, logical security, separation of databases, policy regarding the removal of magnetic and optical data (including hard drives, portable storage media, backup platforms, etc.), procedures regarding database management, provisions regarding the collection, marking, verification, processing, and distribution of the data, management of access to personnel, including determination of the methodology for providing access to data, restrictions upon access, and keeping an updated list of persons with access rights, confidentiality undertakings for those persons with access rights, encryption of personal data, provisions regarding operations of the systems and maintaining ongoing data integrity, confidentiality, availability and resilience of processing systems and services, monitoring for the discovery of breaches of data integrity and methodology for reparation of such breaches, provisions regarding employee reliability and record of data misuse in accordance with the level of data sensitivity. We shall also regularly test, assess and evaluating the effectiveness of technical and organizational measures for ensuring the security of the Customer Data processing.
- If the Customer has further questions on the Provider’s technical and organizational means for personal data protection, the Customer shall inquire the Provider to provide the Customer with additional information prior to submitting Customer Data to the Provider’s systems or it shall be otherwise considered that the Customer agreed that taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing of Customer Data as well as the risks to individuals our data protection standards are appropriate to the risk in respect of the Customer Data.
- The Provider also ensures that their employees, contractors and sub-processors have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality to the extent applicable to their scope of performance.
- If the Provider becomes aware of a data incident – meaning a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Data on systems managed by or otherwise controlled by the Provider, excluding unsuccessful attempts or activities that do not compromise the security of Customer Data, unsuccessful login attempts, pings, port scans, denial of service attacks, and other network attacks on firewalls or networked systems – we will notify the Customer of the Data Incident promptly and without undue delay and promptly take reasonable steps to minimize harm and secure Customer Data. Such Data Incident notification will describe, to the extent possible, details of the Data Incident, including steps taken to mitigate the potential risks and steps the Provider may recommend addressing the Data Incident. The Provider will deliver such notification to the Customer’s e-mail address or, at the Provider’s discretion, by phone call or other direct communication. It is the Customer’s sole responsibility to provide the Provider with and update the Customer’s current and valid contact information. Neither of the Provider’s notifications or communications regarding Data Incidents shall be construed as an acknowledgement of fault or liability with respect to the Data Incident.
- By entering this DPA the Customer explicitly acknowledges, agrees and confirms that the Provider will never assess the contents of Customer Data the Customer may submit, store, send or receive using the Provider’s Services in order to identify information subject to any specific legal requirements or to assess the Customer’s compliance with any laws or infringements thereof. Therefore, the Customer is solely responsible for complying with applicable incident notification laws and fulfilling any third party notification obligations related to any Data Incident(s).
- The Customer agrees that, without prejudice, the Customer shall be solely responsible for their use of the Services, including: making appropriate use of the Services and exercise adequate security controls to ensure a level of security appropriate to the risk in respect of the Customer Data, securing the account authentication credentials, systems and devices which the Customer may use to access the Services and backing up their Customer Data.
- As we provide solely online Services, we shall have no obligation to protect Customer Data that the Customer may choose to store or transfer outside of the Provider’s systems, for instance for physical storage – in any form. If the Customer has further questions on the Provider’s technical and organizational means for personal data protection, the Customer shall inquire the Provider to provide additional information prior to submitting Customer Data to the Provider’s systems or it shall be otherwise considered that the Customer agrees that taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing of Customer Data as well as the risks to individuals our data protection standards are appropriate to the risk in respect of the Customer Data.
- Notwithstanding the Provider’s obligations in respect to this DPA, the Customer shall also take all the reasonable precaution steps in order to ensure appropriate security and to prevent any destruction, loss, alteration, disclosure, unauthorized or illegal access to or acquirement of Customer Data and any other personal data the Customer may process using via the Provider’s Services. If the data the Customer processes via Services were accessed or obtained by an unauthorized person or if there occurs a breach of such personal data security, the Customer shall immediately notify the Provider on such Data Incident and shall cooperate with the Provider in order to take any steps deemed required for the mitigation of any loss or damage.
- If the Customer breaches any obligations they may have under the GDPR the Customer shall be unconditionally and solely liable and it shall compensate the Provider and any third parties or data subjects against (a) any damage, loss, costs, taxes and expenses (including legal charges related to judicial experts and lawyers), (b) the refund of any fines or penalties paid by us to the supervisory authority, (c) any other damages resulting from the negligence, fault or gross misconduct or from any breach of an obligation related to Customer Data and other personal data processed via the Services as a consequence of non-complying with this DPA and the GDPR.
- The Provider will consider any breach of any representation or provision of the DPA and the GDPR by the Customer shall represent a gross breach of the Agreement and it shall entitle the Provider to terminate the Agreement immediately by sending a termination notice, without any grace or remedy period and without any other formality, notification or intervention of any court of law or another jurisdictional body.
- To the extent necessary for the reason of this DPA, the Provider will make available for the Customer’s review the documents and information to demonstrate our compliance with our obligations under this DPA.
- If GDPR applies to the processing of Customer Data, we will also allow the Customer or the Customer’s appointed independent auditor to conduct audits (including inspections) to verify the Provider’s compliance with obligations under this DPA, including the Provider’s documentation and we will contribute to such audits. In any case such audits will be subject to prior arrangements and reasonably agreed terms for such audits and inspections which may involve fees based on our reasonable costs of such reviews. If the Customer wishes to appoint an auditor, the Provider may object to the Customer’s choice if in the Provider’s reasonable opinion the appointed auditor is not suitably qualified or independent, a competitor of the Provider or otherwise manifestly unsuitable. If this is the case the Provider will require the Customer to appoint another auditor or conduct the audit itself.
- If applicable, the Provider will assist the Customer in ensuring compliance with any of the Customer’s obligations in respect of data protection impact assessments and prior consultation, including if applicable the Customer’s obligations pursuant to Articles 35 and 36 of the GDPR, taking into account the nature of the processing and the information available to the Provider, for instance by providing additional security information or providing the information with regard to performance of the Agreement including this Data Processing Addendum.
- During the term of the Agreement, the Provider will enable the Customer to access, rectify and restrict processing of Customer Data, including deletion of this data (subject to the hereinabove terms) and to export Customer Data – in a manner consistent with the functionalities of the Services.
- If the Provider receives any request from a data subject in relation to Customer Data the Provider may process, the Provider will advise the data subject to submit their request to the Customer and the Customer shall be responsible for responding to any such request including, where necessary, by using the functionality of the Services. Nevertheless, taking into account the nature of the processing of Customer Data via the Services, the Provider will assist the Customer in fulfilling any obligation to respond to requests by data subjects, including obligation to respond to requests for exercising the data subject’s rights laid down in Chapter III of the GDPR. Depending on the case, the Provider may provide you Services’ functionalities to perform our commitments you assist you or we may help you in other appropriate manner, including serving you with additional information on processing of Customer Data.
- Shall the Customer have any questions in respect of this Data Protection Addendum, please contact the Provider at: email@example.com.
Persons with disabilities may obtain this notice in alternative format upon request by contacting us at firstname.lastname@example.org
Your California Privacy Rights.
California residents are entitled once a year, free of charge, to request and obtain certain information regarding our disclosure, if any, of certain categories of personal information to third parties for their direct marketing purposes in the preceding calendar year. We do not share personal information with third parties for their own direct marketing purposes.
California Consumer Privacy Act
The California Consumer Privacy Act (“CCPA”) provides California residents with rights to receive certain disclosures regarding the collection, use, and sharing of “Personal Information”, as well as rights to know/access, delete, and limit sharing of Personal Information.
The CCPA defines “Personal Information” to mean “information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” Certain information we collect may be exempt from the CCPA because it is considered public information (i.e., it is made available by a government entity) or covered by a specific federal privacy law, such as the Gramm–Leach–Bliley Act, the Health Insurance Portability and Accountability Act, or the Fair Credit Reporting Act. Your rights are described below:
Right to Notice at Collection Regarding the Categories of Personal Information Collected.
You have the right to receive notice of the categories of Personal Information we collect, and the purposes for which those categories of Personal Information will be used. This notice should be provided at or before the time of collection. The categories we use to describe the information are those enumerated in the CCPA.
- Identifiers. We collect your name, phone number, contact address and e-mail address when you engage with our website. We use this information to manage and provide the Services that you request, respond to your requests, and to communicate with you about the Services. We collect your social media handle when you interact with our Services through social media. We use this information to improve the user experience and our Service.
- Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). In addition to the identifiers in the above section, we collect your credit card number to provide you with requested Services.
- Internet or other similar network activity. We automatically collect information about your browsing history and your interaction with the content of our Services to measure activity, determine the effectiveness of our Services, and improve them.
- Sensory Data. We collect your audio or voice recordings to provide you with Services.
We may use any of the categories of information listed above for other business or operational purposes compatible with the context in which the Personal Information was collected.
Right to Know/Access Information
You have the right to request access to Personal Information collected about you over the past 12 months and information regarding the source of that information, the purposes for which we collect it, and the third parties and service providers with whom we share it. You may submit such a request as described below. To protect our users’ Personal Information, we are required to verify your identity before we can act on your request.
Right to Request Deletion of Information
You have the right to request in certain circumstances that we delete any Personal Information that we have collected directly from you. You may submit such a request as described below. To protect our users’ Personal Information, we are required to verify your identity before we can act on your request. We may have a reason under the law why we do not have to comply with your request, or why we may comply with is in a more limited way than you anticipated. If we do, we will explain that to you in our response.
How to Submit a Request
You may submit a request to exercise your rights to know/access or delete your Personal Information by sending us an email at email@example.com.
Only you or your authorized agent may make a verifiable consumer request related to your personal information. If you use an authorized agent to submit a request on your behalf, we may require that you (1) provide the authorized agent written permission to do so, and (2) provide a copy of the authorization or provide a copy of a power of attorney that complies with California Probate Code sections 4000 to 4465 so that we can verify the identity of the authorized agent.
In verifying requests, we employ reasonable measures to detect fraudulent requests and prevent unauthorized access to your personal information. To meet our obligations, we are required to verify your identity, and the identity of your authorized agent, if the request is submitted via an agent, by associating the information provided in your request to personal information previously collected by us.
If we suspect fraudulent or malicious activity on or from the password-protected account, we may decline a request or request that you provide further verifying information.
You may only make a verifiable consumer request twice within a 12-month period. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify your identity or authority to make the request.
Right to Opt Out of Sale of Personal Information to Third Parties
You have the right to opt out of any sale of your Personal Information by Graham Holdings to third parties. We do not sell information to third parties.
Right to Information Regarding Participation in Data Sharing for
You have the right to be free from discrimination based on your exercise of your CCPA rights. We do not discriminate against anyone who chooses to exercise their CCPA rights.