Last Updated February 26, 2024.
Earning your trust by ensuring your privacy and safety is extremely important to us.
This Privacy Policy ("Privacy Policy" or the "Policy") explains:
This Policy applies to all products and services offered by Grouper Education, Inc. (hereinafter referred to as "Grouper," "we," "us," "our," also including our subsidiaries or affiliates). We have done our best to write it in simple, clear terms, and we encourage you to read it carefully, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information. This Privacy Policy shall be supplemented by the Data Processing Addendum where any of the following rules applies to your use of the Service: (A) the Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, ("GDPR"); (B) the United Kingdom's European Union (Withdrawal) Act of 2018, which saves the GDPR into United Kingdom law ("UK GDPR"), or (C) the Swiss Federal Data Protection Act ("Swiss DPA").
If you have any questions, we are here to help. To learn more about how we protect your privacy, send us an email at privacy@grouper.school. BY USING THE SERVICE, YOU ACKNOWLEDGE THAT YOU ACCEPT AND AGREE TO THIS PRIVACY POLICY.
Personal information is any information you provide to us that personally identifies you, like your name or email address, or any other information which we could reasonably link to your identity. We will only collect, use, and share your personal information in accordance with this Privacy Policy. This Policy applies whether you use Grouper through grouper.school (the "Grouper Website"), our mobile applications (the "Grouper Apps"), your school's Learning Management Systems (LMS) with which Grouper has been integrated (e.g., Google Classroom, Canvas, Schoology, etc.) or any of our other products or services that link to this Privacy Policy (collectively, the "Service"). In addition, this Privacy Policy also covers Grouper's treatment of any personal information about our users that our partners or other services might share with us.
This Policy does not apply to websites, services or practices of companies that Grouper does not own or control, such as third-party services you might access through links or other features (e.g., social media buttons; third-party integrations) on the Service. These other services have their own privacy policies, and we encourage you to review them before providing them with personal information. At the end of this Privacy Policy you will find a list with our third-party service providers and a link to their privacy policies, as well as an overview to how, why and under which conditions they might process your personal information.
Grouper is a simple, easy-to-use platform for small-group learning that helps teachers engage and manage their students. In the classroom, teachers use Grouper to create groupings of students, present activities and timers to students and monitor student progress in real time. If multiple devices are used, they will all sync with each other. Grouper collects records of students' progress through activities, which teachers can view instantly.
As further explained below in the "What are Grouper's Commitments to providing Transparency and Choice" section of this Privacy Policy, if the school or teacher elects to utilize Grouper with students under a specific age, Grouper will rely on school consent to utilize the Service in an educational context with children, in accordance with both COPPA and FERPA regulations. No teachers or school members will be provided with a unique code for their students unless they consciously agree to this Policy, by reading and accepting the Privacy Policy notice given prior to signing up and in the verification email sent upon sign-up.
In collecting and processing your personal information, we will comply with the data protection laws and regulations in force at the time. This requires that the personal information we hold about you must be:
First and foremost, you should know that Grouper does not sell or rent any of your, or your students' personal information to any third party for any purpose, including for advertising or marketing purposes. We use the information we collect from you to provide the Service and offer the best Grouper experience possible. Concretely, the personal information of students and teachers is collected and used for the following purposes:
Your rights relating to your personal information include:
We require that your personal information is accurate. Please let us know if the personal information you provided us for creating your account has changed. If we do not have the correct information, we cannot take responsibility for information-related errors.
Additionally, if we determine that you are in violation of this Policy, you will be subject to disciplinary action that could eventually lead to the banning of your account as foreseen in section "Account Bans" of our Terms of Service.
We try to be transparent about what information we collect, so that you can make meaningful choices about how it is used. For example, you can:
When providing you with information on the processing of your personal information, such as its collection, transfer to other countries, types or identity of third parties to which we disclose that information and the purposes for which we do so, we will make sure that such information is provided in clear and understandable language. Also, initial notice on our practices and policies will be provided when you are first asked to provide personal information to us, or as soon as practicable thereafter, and in any event before we use the information for a purpose other than that for which it was originally collected.
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason which is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
When, as a teacher or school representative, or when acting on behalf of a company or other organization, you create a Grouper account, you provide your first and last name and an email address. We require those data elements for you to enter into the Terms of Service agreement with us, and we process those elements on the basis of performing that contract.
If you are a teacher or school representative, or use the Service on behalf of a company or other organization, note that Grouper provides its Service upon explicit consent given by you when signing up. Prior to signing up, we will direct you to our Terms of Service and this Privacy Policy. When signing up, you will be declaring to have read such policies and to consent to them. Remember, nonetheless, that you will be able to withdraw your consent at any time by deleting your account in accordance with this Policy's Managing My Information section.
EDUCATIONAL INSTITUTIONS UTILIZING THE SERVICE MUST MONITOR THE RIGHTS AND INTERESTS OF THEIR STUDENTS AND MUST THEREFORE TAKE SPECIAL CARE WHEN REVIEWING THIS PRIVACY POLICY. GROUPER SHALL NOT BE RESPONSIBLE FOR ANY NEGLIGENCE OF THE EDUCATIONAL INSTITUTION IN THE REVIEWING OF THIS PRIVACY POLICY. WHERE APPLICABLE AS PER PRIVACY REGULATIONS, PERTINENT CONSENT FROM PARENTS, LEGAL GUARDIANS OR ELIGIBLE STUDENTS PRIOR TO UTILIZING THE SERVICE MAY BE REQUIRED.
U.S. Educational Institutions and Parental Consent: If you or your school decide to utilize the Service with students under the age of thirteen (13), COPPA requires to either obtain parental consent or for the school to consent on behalf of the children's parents, which is commonly referred to as "School Consent." At the same time, yet subject to exceptions, FERPA prohibits schools from disclosing personally identifiable information from a student's education record to a third party without written consent from the parent or eligible student. Typically, schools are exempted from obtaining parental consent under FERPA when Grouper is identified as a "school official," meaning Grouper is performing an institutional service or function for which the school would otherwise use its own employees. Grouper complies with both COPPA and FERPA regulations when it comes to parental consent required to utilize the Service in an educational context. Please note, however, that the previous statements do not constitute legal advice, and we recommend you seek guidance from the school's designated legal counsel if you have any concerns or inquiries regarding compliance with COPPA, FERPA, and other applicable privacy regulations.
European Educational Institutions and GDPR: According to article 8 of the GDPR, minors shall be entitled to give valid consent only if they are 16 years old or older (unless Member States have set a lower age limit which, nonetheless, cannot be under 13 years old). Under that age limit, processing of personal information related to minors shall be subject to parental consent when consent is the lawful basis to process children's education data. Schools are in control of their students' personal information and are obliged to take all necessary measures for protecting said information. In terms of the GDPR, schools are data controllers and thus determine the purposes and means of the processing of student personal data. As a consequence, and as per GDPR/UK GDPR regulations, European educational institutions must inform students and their parents accordingly about what personal data is processed, the lawful basis for processing, which are the purposes of collection, how data is used, and to which third parties it is disclosed, including Grouper. Please note, however, that the previous statements do not constitute legal advice, and we recommend you seek guidance from the school's designated Data Protection Officer/legal counsel if you have any concerns or inquiries regarding compliance with GDPR/UK GDPR and/or other applicable regulations.
Generally, the remainder of the processing of personal information we perform is necessary for the purposes of our legitimate interests or those of third parties. For example, for legal compliance purposes or to maintain ongoing confidentiality, integrity, availability and resilience of Grouper's systems, website, and overall services, we must keep logs of technical information; and, in order to respond to legal process, we are required to keep records of users who have sent and received copyright takedown notices.
As foreseen in the "Use Restrictions" and "Account Bans" sections of our Terms of Service, the breach of certain rules in the use of the Service may lead to the suspension or indefinite ban of your account, depending on the severity of the offense. In the event of an indefinite account ban, Grouper may keep part of your personal information, such as, but not limited to, IP address and email address, to prevent you from accessing or using the Service.
We may occasionally update this Privacy Policy. You can see when the last update was by looking at the "Last Updated" date at the top of this page. We will not reduce your rights under this Privacy Policy without your explicit consent. If we make any significant changes, we will provide prominent notice by posting a notice on the Service and/or notifying you by email (using the email address you provided and thereafter verified) prior to and after changes taking effect, so you can review and make sure you're aware of them.
We encourage you to review this Privacy Policy from time to time, to stay informed about our collection, use, and disclosure of personal information through the Service. If you do not agree with any changes to the Privacy Policy, you may delete your account (although we will be sad to see you go!). By continuing to use the Service after the revised Privacy Policy has become effective, you acknowledge that you accept and agree to the current version of the Privacy Policy.
Grouper collects the minimal amount of information from students necessary to create accounts on our Service: we ask students to provide a unique username, a unique email (the student email is only collected when using our Service through an LMS integration or Single Sign-On solution), a password, their first and last name and a unique code they have been given by their teacher to join a class. Beyond this information, students can also submit responses, comments, preferences, audios, images, or videos, all of which will remain private between teacher and student. All this information will only be used for the purposes of the school/teacher. In addition to the information entered by the student, we automatically collect some information from any use of our Service as set forth in the "Information Collected Automatically" section.
We use this information to provide the Service to the student, for security and safety purposes, or as required by law or to enforce our Terms. We will not require students to provide more personal information than is reasonably necessary in order to participate in the Service. If we discover that we have collected information from a student in a manner inconsistent with COPPA, FERPA, GDPR, or any other applicable laws or regulations, we will take appropriate steps to delete the information. We do not disclose any personal information about children to third parties, except to service providers necessary to provide the Service, as permitted by law, or to protect the security of the Service or other users. Information collected from students (including personal information and information collected automatically) is never used or disclosed for third-party advertising, including any kind of first- or third-party behaviorally targeted advertising, and children's personal information is never sold or rented to anyone, including marketers or advertisers.
No student's profile is made available or visible to the public through Grouper. Students' names and progression through tasks, as well as certain student responses and engagement in activities, may be visible to other students in their group and sometimes to their entire class during an activity known as a Live Session. Grouper also may provide leaderboards to show points and rewards accumulated. Students may also be able to message each other through the platform for purposes related to teachers' lessons. Teachers may share their classes, including grades or scores, with other teachers they co-teach with in their school, to help them collaborate. Students physically present in the classroom may see also other students' names, responses, comments or scores if the teacher chooses to display Grouper in their classroom, for example by projecting via a smartboard or interactive whiteboard.
EDUCATIONAL INSTITUTIONS AND TEACHERS SHALL MAKE A RESPONSIBLE USE OF THE SERVICE AND AVOID COMPROMISING STUDENT'S PERSONAL INFORMATION AT ALL TIMES WHEN DISPLAYING GROUPER IN THE CLASSROOM. GROUPER SHALL NOT BE HELD LIABLE FOR THE INAPPROPRIATE USE OF THE SERVICE BY THE EDUCATIONAL INSTITUTION OR THE TEACHER.
We only keep student personal information for as long as the student account is active, unless we are required by law to retain it, need it to ensure the security of our community or our Service, or to enforce our Terms of Service:
After deletion of the student's account, Grouper may retain copies and/or backups of the mentioned information for a maximum term of six (6) months. Nevertheless, Grouper shall not be responsible for the accidental loss or destruction of data on behalf of users. Grouper will not be obliged to recover erased data stored in backups when erasure is attributable to users.
EDUCATIONAL INSTITUTIONS UTILIZING THE SERVICE ARE RESPONSIBLE FOR COMPLYING WITH THE RETENTION OF STUDENT EDUCATION RECORDS FOR AS LONG AS LEGALLY APPLICABLE.
GROUPER SHALL NOT BE RESPONSIBLE FOR ERASURE OF STUDENT PROGRESS DUE TO ACCOUNT DELETION AFTER AN EXTENDED PERIOD OF INACTIVITY OR BECAUSE OF THE TEACHERS' VOLUNTARY ELECTION TO DELETE THEIR ACCOUNTS.
Any parents who want copies of their children's personal information that we may have stored can contact their children's school personnel to that end. At any time, the school can also refuse to permit us to collect further personal information from its students, and can request that we delete the personal information we have collected from them by contacting us at privacy@grouper.school. Please keep in mind that deleting records may require us to terminate the account in question. Also remember that before we can share the information with the school, or delete it per your request, we will, by reasonable means, proceed to verify the identity of the requester.
We collect three types of information about you: (1) information that you voluntarily provide to us by using the Grouper Service (described below under "Information you provide to us"); (2) information collected automatically as result of your use of the Service (described below under "Information collected automatically"); and (3) information obtained through third-party sources (further outlined in "Information Provided by Others"). The types and amounts of information collected will vary depending on whether the user is a teacher or student (e.g. we collect minimal information from students) and how they use Grouper (e.g. if teachers join their school, we may need to collect school address information).
There are currently two categories of users on our Service: teachers and students. We collect and store the following types of information from each type of user:
In teacher logged-in areas, teachers using the Services may invite others either by sharing a public link to Grouper on social media (e.g., Twitter or Facebook) or by providing us with the recipient's email address. Non-user email addresses collected through this feature will be processed for the purpose of delivering an email invitation. Grouper may also follow-up with outreach to those email addresses to explain the benefits of Grouper to those non-users and invite them to create accounts.
Like most web-based services, we (or our service providers) may automatically receive and log information on our server logs from your browser or your device when you use the Service. For example, this could include the frequency and duration of your visits to Grouper (similar to TV ratings that indicate how many people watched a particular show). If you use Grouper on different devices, we may link the information we collect from those different devices to help us provide a consistent Service across your different devices. If we combine any automatically-collected information with personal information, we will treat the combined information as personal information, and it will be protected as per this Privacy Policy.
The technologies and information we automatically collect include:
Automated Decision Making (ADM) refers to a decision which is taken solely on the basis of automated processing of your personal data. This means processing using, for example, software code or an algorithm, which does not require human intervention.
Profiling means using automated processes without human intervention (such as computer programmes) to analyze your personal information in order to evaluate your behavior or to predict things about you which are relevant in the context of using Grouper, such as what kind of videos you used.
As profiling uses automated processing, it is sometimes connected with automated decision-making. Not all profiling results in automated decision-making, but it can.
If you are a teacher, we may use profiling or other forms of automated processing to show you personalized content and make recommendations through the web and/or email based on, but not limited to, your usage, subject area, school and country.
If you are a student (or the parent or legal guardian of a student), we may use profiling or other forms of automated processing to provide your teacher or teachers with analytics on your progress, depending on the videos you have watched and responses to quizzes you have submitted.
We do not collect or process sensitive personal information/special category data or biometric data. Additionally, we do not process data from parents of student users, and therefore we do not engage in any marketing communications with them.
We store your personal information for as long as it is necessary to provide products and Services to you and others, including those described above. As a general rule, if your account is inactive for eighteen (18) months or more (meaning you have not logged into your account during that time), Grouper will automatically delete your account. Deletion will affect any on-going paid subscriptions, which will be immediately canceled. Following deletion, Grouper may retain specific portions of data in the terms outlined in section "How can I delete my account?" of this Privacy Policy.
In addition to the policy above that applies to all users, we only keep a student's personal information while the student's account is active, unless we are required by law to retain it or need it to ensure the security of our community or our Service, or to enforce our Terms.
As stated in previous sections Grouper does not sell or rent your, or your students' personal information to any third party for any purpose - including for advertising or marketing purposes. Furthermore, we do not share personal information with any third parties except in the limited circumstances described in this Privacy Policy:
Grouper does not track its users over time and across third-party websites to provide targeted advertising and therefore does not respond to Do Not Track (DNT) signals.
Third parties that have content embedded on our website, such as a social feature, may set cookies on a user's browser and/or obtain information about the fact that a web browser visited the Grouper website from a certain IP address. Third parties cannot collect any other personally identifiable information from Grouper's website unless you provide it to them directly.
It is important to us that we keep your information safe and secure. To best provide our services, and keep your information safe, we work with a few other companies. These companies ("third-party service providers", "collaborators" or "agents") will only have access to the information they need to provide the Grouper service.
Below is a list of the service providers which, subject to their terms of service and privacy policies as linked below, may have access to personal data of teachers and/or students, depending on the service and/or the context to process on our behalf in accordance with our instructions, Privacy Policy and any other requirements regarding confidentiality, security or integrity:
This list may change over time, and we will work hard to keep it up-to-date. However, disclosure of your personal information to additional third parties or use of it for different purposes than those indicated in this Privacy Policy shall only be done after notifying you of all necessary information on any key elements affecting the processing of your personal data, either by directly emailing you with it or by updating this Policy and giving appropriate notice of it. You will then have the right to exercise an 'opt out' choice if your personal information is about to be used and/or disclosed in a way that you believe is not consistent with this Policy.
We will transfer your personal information to third-party service providers only for limited and specific purposes. We will obtain contractual assurances from our collaborators that they will safeguard personal information in a manner consistent with this Policy and that they will provide the same level of protection as per best industry standards. We recognize our responsibility and potential liability for onward transfers to agents. Where we have knowledge that an agent is using or disclosing personal information in a manner contrary to this Policy and/or level of protection as required by applicable laws and regulations, we will take reasonable steps to prevent, remediate or stop such use or disclosure. If we transfer personal information to non-agent third parties, that is to say, any new collaborators that are not included in the previously mentioned list, we will (1) notify you with all necessary information on any key elements affecting the processing of your personal data, and (2) obtain contractual assurance from these parties that they will provide the same level of security as per best industry standards and in accordance with any applicable laws and regulations.
Your Grouper account is protected by a password. You can help us protect your account from unauthorized access by keeping your password secret at all times. The security of your personal information is important to us. We work hard to protect our community, and we maintain administrative, technical and physical safeguards designed to protect against unauthorized use, disclosure of or access to personal information, such as:
Although we make concerted good faith efforts to maintain the security of personal information, and we work hard to ensure the integrity and security of our systems as per best industry standards, no practices are 100% immune, and we can't guarantee the security of information. Outages, attacks, human error, system failure, unauthorized use or other factors may compromise the security of user information at any time.
Initial Notice: Upon the discovery of a security breach that results in the unauthorized release, disclosure or acquisition of personal information, we will notify electronically, no later than forty-eight (48) hours of such discovery to all affected users, schools and districts so that you can take appropriate protective steps. This initial notice will include, to the extent known at the time of the notification, the date and time of the breach, its nature and extent, and the Service's plan to investigate and remediate the breach. Schools and districts will also be provided with a list of students and employees whose data was released, disclosed or acquired.
Detailed Notification: Upon discovery of a breach, we will conduct a deep investigation in order to electronically provide, no later than five (5) calendar days, all affected users, schools and districts with a more detailed notice of the breach, including but not limited to the date and time of the breach; nature and extent of the breach; and measures taken to ensure that such breach does not occur in the future. Schools and districts will also be provided with the name(s) of student(s) and employee(s) whose data was released, disclosed or acquired. We may also post a notice on our homepage (grouper.school) and, depending on where you live, you may have a legal right to receive notice of a security breach in writing. When it is not possible to provide all of the aforementioned information at the same time, we will provide you with the remaining information without undue further delay.
Both notifications will be written in plain language, will be titled "Notice of Data Breach" and will present the information described above under the following heading: "What Happened," "What Information Was Involved," "What We Are Doing," "What You Can Do" and "For More Information". Additional information may be provided as a supplement to the notice.
Upon request and in accordance with the applicable laws and regulations, we will grant you reasonable access to your personal information that is held by Grouper. In addition, we will take reasonable steps to permit you to correct, amend, or delete your personal information that is demonstrated to be inaccurate, incomplete or processed in violation of this Privacy Policy. It is Grouper's goal to provide you with easy access to any personal information we have collected about you. If that information is incorrect, we also want to make sure to give you easy ways to update it, or delete it, unless we have to keep that information for legal purposes.
Accessing Your Information: To request access to the personal information we have about you on file, any school personnel can contact us at privacy@grouper.school. In some cases, we will not be able to guarantee complete access due to legal restrictions; for example, you will not be allowed to access files that contain information about other users or information that is confidential to us. Furthermore, we may not be able to fulfill requests that are unreasonably repetitive, require disproportionate technical effort or would be extremely impractical.
Updating Your Information: You may update, correct, or delete some of your profile information or your preferences at any time by logging into your account on Grouper and accessing your account settings page. You may also, at any time, update, correct, or delete certain personal information that you have provided to us. To that end, any school official can contact us at privacy@grouper.school. Please note that while your changes may be reflected promptly in active content, users that have previously accessed the content may still have access to old copies cached on their device or may have copied and stored your content. In addition, we may retain a backup copy of the prior version for a limited period of time (maximum six (6) months) or for legal purposes.
Limitations: Without prejudice to the aforementioned, please note that we may limit or deny access to personal information (a) where the burden or expense of providing access would be disproportionate to the risks to your privacy; (b) where the legitimate rights of persons other than you would be violated or if necessary to safeguard important countervailing public interests (e.g., national security) or in other limited circumstances (e.g., disclosure would breach a legal privilege), and (c) where applicable law or regulatory requirements allow or require us to refuse to provide some or all of the personal information that we hold about you. In addition, the personal information may have been destroyed, erased or made anonymous in accordance with our record retention obligations and practices. In the event that we cannot provide you with access to your personal information, we will endeavor to inform you of the reasons why, subject to any legal or regulatory restrictions.
We hope you will love using Grouper now and always. However, if for some reason you ever want to delete your account, you may do so by logging into your account and accessing your account profile page. Parents, legal guardians, or eligible students may delete their accounts by contacting their educational institution. School officials may then request student account deletion by reaching out to us at privacy@grouper.school, as indicated in section 'How long does Grouper keep student information?' above. GROUPER SHALL BE ENTITLED TO REQUIRE ASSISTANCE AND COLLABORATION FROM YOU OR YOUR EDUCATIONAL INSTITUTION AS REASONABLY NECESSARY IN ORDER TO APPROPRIATELY ATTEND ANY ACCOUNT DELETION REQUESTS.
When we delete your account, we delete any personal information that you provided in your profile (such as your name, username, password, email address, and profile photo) and depending on the category of the user you are (i.e., teacher or student), also questions, responses and comments. Please note that information that you have shared with others, that others have shared about you, or content other users may have copied and stored, is not part of your account and may not be deleted when you delete your account.
We may retain and use de-identified data (i.e., data which has been stripped off of all information that can be used to identify a person) for purposes of research, improvement of our products and services, and/or the development of new products and services. We may also have to retain some information after your account is deleted, to comply with legal obligations, to protect the safety and security of our community or our Service, or to prevent abuse of our Terms. Part of your personal information will also remain in our possession as a copy or backup that is part of our disaster recovery storage system. However, such copies and backups will be kept for a maximum term of six (6) months and they will neither be accessible to the public, nor used by Grouper in the normal course of business.
Students can access the services after the teacher uses a third-party authentication tool to provide access to students. Currently, Clever is the only third-party authentication tool available on Grouper for this purpose of providing student access.
The school is, at the same time, responsible for its students' personal information and in control of student academic records. As a consequence, modification or deletion of student personal information that is part of or affects student academic records is subject to the school's discretion.
In a co-teaching setting, all teachers are considered equally responsible and accountable for the class. Responsibility for the modification or deletion of student information, or grading of assignments among any other related features shall be exclusively of the teachers.
GROUPER SHALL NOT BE RESPONSIBLE FOR THE DELETION OF THE CLASS OR PART OF ITS CONTENT, OR FOR THE ERASURE OR DELETION OF STUDENT PROGRESS OR STUDENT ACCOUNTS, BY ANY OF THE TEACHERS PARTICIPATING IN THE CO-TEACHING CLASS.
For further information on co-teaching, please review the "Co-Teaching" section of our Terms of Service.
You may file a complaint concerning Grouper's processing of your personal data to privacy@grouper.school.
We will take steps to remedy issues arising out of Grouper's alleged failure to comply with the principles set out in this Privacy Policy. We will respond to your complaints within thirty (30) days.
If your complaint cannot be resolved through our internal processes, we will direct you to the state or national data protection authority in the jurisdiction where you reside.
European Economic Area (EEA) residents will have the right to lodge a complaint to the corresponding EU Data Protection Authorities, the UK Information Commissioner's Office (ICO) or the Swiss Federal Data and Information Commissioner (FDPIC), as applicable. Grouper will comply with the advice of competent authorities in such cases, and will provide appropriate recourse free of charge.
Grouper is also subject to the investigatory and enforcement powers of the US Federal Trade Commission.
In the event that Grouper or the aforementioned authorities determine that Grouper failed to comply with this policy, Grouper will take appropriate steps to address any adverse effects arising directly from such failure and to promote future compliance.
We have appointed Grouper BCN, S.L., as our representative in the European Union (EU), pursuant to article 27 of the GDPR, and who you may address if you are located in the EU to raise any issues or queries you may have relating to our processing of your Personal Data and/or this Privacy Policy.
Our EU representative may be reached at privacy@grouper.school.
As part of a global organization, Grouper operates both within and outside the EEA, and from time to time we may transfer your data for processing in a territory outside the EEA that does not have the same statutory levels of data protection.
When we do so, and except for transfers of EU data subjects' information to the United States, as explained below, the terms of the Data Processing Addendum, which incorporate either, as applicable to the EU, the UK and Switzerland, respectively, (A) the Standard Contractual Clauses ("SCC") approved by the European Commission, (B) the applicable standard data protection clauses adopted pursuant to Article 46(2)(c) or (d) of the UK GDPR, or (C) the standard data protection clauses issued, approved or recognized by the Swiss Federal Data Protection and Information Commissioner, shall rule the transfer of data in order to ensure that your information is made subject to adequate levels of protection.
Grouper is headquartered and hosted in the United States, as are most of our service providers (see section Security Measures for further information on Grouper's third-party service providers and the purpose of transfer and processing). Hence, personal data we collect from you will be processed in the United States.
The United States has not sought, nor received, a finding of "adequacy" from the European Union under Article 45 of the GDPR, and the Court of Justice of the European Union (CJEU) declared in its July 2020 Schrems II judgment the European Commission's Privacy Shield Decision invalid on account of invasive U.S. surveillance programs, making data transfers under the Privacy Shield Framework unlawful.
Grouper relies on derogations for specific situations under Article 49 of the GDPR for performing transfers of data to the United States. In particular, Grouper collects and transfers to the United States personal data, with your explicit consent, to perform a contract with you, and/or for reasons of public interest. The latter will apply in those instances where data is processed and logged for the purpose of protecting our community and other users' personal information from unauthorized access, disclosure and/or manipulation (e.g., advanced attacks).
If your personal data is transferred outside the EU to other Grouper affiliates or to third party service providers in the United States, we will take steps to ensure application of suitable safeguards to protect the privacy and security of your information, and to use it only in consistency with your relationship with Grouper. Please note, however, that the level of data protection in the United States is not equivalent to that in the EU. In particular, it is possible for United States government agencies to access your personal data based on statutory authorizations without you knowing about it. Additionally, there are no comparable options for legal enforcement of your rights in the United States.
Remember, your information is under your control and you may elect to stop using our Services at any time, and at your discretion. See section Grouper Privacy Principles, item "What are my rights when using Grouper?" for further detail on the rights that assist you.
Regarding California AB 1584 (Buchanan) Privacy of Pupil Records: 3rd-Party Digital Storage & Education Software (Education Code section 49073.1), Grouper will adhere to the following:
In compliance with the requirements set forth in New York Education Law § 2-D, Grouper shall incorporate a Data Privacy and Security Plan ("DPSP") to each contract or other written agreement it enters into with an educational agency from the State of New York. Such DPSP shall outline how all state, federal, and local data security and privacy contract requirements will be implemented over the life of the agreement, consistent with the educational agency's policy on data security and privacy. Such plan shall also include, but shall not be limited to, a signed copy of the parents bill of rights for data privacy and security, which shall be provided by the educational agency prior to the commencement of the agreement, and a requirement that any officers or employees of Grouper and its assignees who have access to student, teacher or principal data have received or will receive training on the federal and state law governing confidentiality of such data prior to receiving access.
In attention to the foregoing, Grouper hereby commits to:
Grouper is hosted in the United States. If you use the Service from any other regions with laws governing data collection, protection and use that may differ from United States law, please note that you may be transferring your personal information outside of those jurisdictions to the United States. By using the Service, you expressly consent to this, and to the use and storage of personal information in accordance with this Privacy Policy.
Grouper will make sure that all appropriate physical, technical and organizational safeguards are adopted in accordance with this Privacy Policy against accidental, unauthorized or unlawful destruction, loss alteration, disclosure, access, use or processing of users' personal information in Grouper's possession. Grouper will promptly notify the user in the event of any known unauthorized access to, or use of, the user's personal information as foreseen in the Security Measures section of this Privacy Policy.