Dear [Parent or Guardian’s Full Name],
We are writing to you in connection with our school’s new online learning resource – BrainPOP – a cross-curricular interactive online teaching and learning website that we would like to use in lessons, projects, homework, assessment and more. We refer to this as the BrainPOP platform in this letter. The BrainPOP platform includes learning videos, quizzes and concept maps to enhance your child’s learning and understanding of the subjects we cover in class. We plan to use the BrainPOP platform as part of our teaching and, as part of this, the school will, if you consent to this (more details below), arrange a log-in and password for your child to access their own online BrainPOP platform account.
Teachers will tailor the content and quizzes available on the BrainPOP platform to what is being taught in class at the time. When they access their account using their log-in details, your child will be able to access the content tailored for them by their teacher, including taking part in quizzes.
The school will have oversight and control of log-in details and access to your child’s BrainPOP platform account. Your child’s teacher will be able to access their BrainPOP platform account to review your child’s learning and test scores.
What follows is a privacy notice from the company which operates the BrainPOP platform.
PARENT/GUARDIAN PRIVACY NOTICE FROM BRAINPOP
The purpose of this notice
The purpose of this notice is to explain the BrainPOP platform to you so that you can then decide whether to give your parental consent to the school and BrainPOP so that your child can use this resource in class to enhance their learning. This notice explains the limited personal data that BrainPOP will collect in respect of your child as part of the BrainPOP activities, how it will be used, and your child’s rights in relation to it under applicable data protection laws. If you have previously provided consent to your child’s use of BrainPOP, then this will serve as an update to our practices. If you have not previously provided consent to your child’s use of BrainPOP, please read, sign and return the consent letter included with this notice.
Please note that this notice does not apply to what the school does with the personal data that the teacher(s) see(s) in the BrainPOP platform. The school has its own privacy notice relating to its own use of personal data. This notice is all about what BrainPOP does with personal data.
Who is BrainPOP, who operates the BrainPOP platform, and how to contact BrainPOP?
BrainPOP LLC (“BrainPOP”, “we”, “us”, “our”) is the data controller of the limited personal data it holds in respect of your child as part of the school’s subscription to BrainPOP. This means that BrainPOP is the organisation that determines how and why your child’s limited personal data is used for the purposes relating to the BrainPOP platform.
BrainPOP can be contacted on email@example.com on Toll-Free (Freephone) +1.866.54.BRAIN (+1.866.542.7246) with any queries you have, including queries about this privacy notice or if you wish to exercise any of the rights mentioned in this privacy notice on behalf of your child.
The personal data we will process about your child
Through your child’s use of the BrainPOP platform, BrainPOP may collect:
- Your child’s full name;
- Which class your child is in and the year that they will finish school;
- Your child’s BrainPOP username and password;
- The work under your child’s account (student record); and
- If your child creates a movie with the Make-a-Movie tool within the BrainPOP platform, the child’s recorded voice may also be collected as part of the movie file that will be saved in their student record.
Note that we refer to all the above as your child’s limited personal data for the remainder of this notice.
How will your child’s limited personal data be used by BrainPOP?
It is important that you understand that BrainPOP only captures students’ limited personal data so that teachers can review and communicate with the students about their learning. Therefore, your child’s limited personal data is only used for the operational and educational purposes of the BrainPOP platform.
Your child’s school will have oversight and control of log-in details and access to your child’s BrainPOP platform account. Your child’s teacher will be able to access their BrainPOP platform teacher account to review your child’s learning and offer feedback.
BrainPOP will not use your child’s limited personal data for any marketing communications. The BrainPOP platform does not have any advertising or website message board, such as bulletin boards or chat rooms.
What is our lawful reason for processing your child’s limited personal data (including when we share it with others)?
Under data protection laws in the EU, we need to explain what our lawful reason is to justify our use of the limited personal data that we hold in respect of your child in the ways described above. We need to do this by referring to the relevant lawful reason(s) set out in those data protection laws, as follows. BrainPOP will use your child’s limited personal data in the ways described in this notice on the basis of consent (there is a separate consent form for this). Some if its use will be necessary for our legitimate interests of providing the BrainPOP platform services to your child. For example, your child’s limited personal data will be shared with BrainPOP’s partners, business affiliates and third party service providers who work for BrainPOP and operate some of its functionalities, such as hosting services and streaming services. Our lawful reason for this is our legitimate interests.
In addition, some processing may be necessary to comply with our legal obligations and this means we may have to use it to comply with laws that apply to us. It is necessary to use your child’s limited personal data for this, since without it, we would not be able to operate the BrainPOP platform.
It is important to understand that the parental consent you give to allow your child to use the BrainPOP platform in class to enhance their learning is a consent under data protection laws. Consent is needed for this under data protection laws.
How to withdraw consent
You can do this at any time. Contact BrainPOP for this – our details are as above. The consequence is that we will no longer permit your child to access the BrainPOP platform unless and until they are of the correct age to consent for themselves (see the consent form for more details about age).
You should also contact the school if you withdraw consent.
Does this mean we transfer your child’s limited personal data abroad?
BrainPOP is based in the US, and so your child’s limited personal data will be transferred outside of the European Economic Area (EEA) to the US, where it is hosted on industry standard secure servers. There may be other transfers too outside the EEA from time to time.
When your child’s limited personal data is processed within Europe or other parts of the European Economic Area (EEA) then it is protected by European data protection standards. Some countries outside the EEA do have adequate protection for personal information under laws that apply to us. This is not the case for the US. We will make sure that suitable safeguards are in place before we transfer your personal information to countries outside the EEA which do not have adequate protection under laws that apply to us. Safeguards include requiring the recipient to subscribe to ‘international frameworks’ which are intended to enable secure data sharing and where the framework is the means of protection for the limited personal data and where the framework is the means of protection for the personal information. An example of an ‘international framework’ is the EU-US Privacy Shield. BrainPOP is self-certified under the EU-US Privacy Shield. To learn more about the Privacy Shield, visit the U.S. Department of Commerce’s Privacy Shield List. https://www.privacyshield.gov/list.
How long will BrainPOP retain your child’s limited personal data?
Unless we explain otherwise, BrainPOP retains your child’s limited personal data for as long as the school holds a subscription to BrainPOP, and for a period of 2 years thereafter. After such period, all information is automatically disposed and deleted; first it is deleted from the server and two weeks thereafter it is deleted from any backup server and cannot be restored. Your child’s school has the ability to delete your child’s personal data at any time during such period.
What are your child’s rights under data protection laws in respect of the personal data provided to BrainPOP?
Your child has the following rights under the data protection laws in the EU, but please be aware that not all of these will be engaged in all circumstances (this means that we will explain upon receipt of a rights request from you on behalf of your child if all of the requirements necessary to use the relevant right under the data protection laws have been satisfied):
- The right to be informed about our processing of their personal data;
- The right to have their personal data corrected if it is inaccurate and to have incomplete personal data completed;
- The right to object to processing of their personal data;
- The right to restrict processing of their personal data;
- The right to have your personal data erased (the “right to be forgotten”);
- The right to request access to their personal data and to obtain information about how we process it;
- The right to move, copy or transfer their personal data (“data portability”); and
If you are in the UK, your child has the right to complain to the Information Commissioner’s Office which enforces data protection laws: https://ico.org.uk/.
If you are in EU countries (not the UK), your child has the right to complain to the local privacy regulator there, as follows:
- Austria – the Österreichische Datenschutzbehörde: http://www.dsb.gv.at/
- Belgium – Commission de la protection de la vie privée/Commissie voor de bescherming van de persoonlijke levenssfeer: http://www.privacycommission.be/
- Bulgaria – Commission for Personal Data Protection: http://www.cpdp.bg/
- Republic of Cyprus – Commissioner for Personal Data Protection: http://www.dataprotection.gov.cy/
- Czech Republic – The Office for Personal Data Protection: http://www.uoou.cz/
- Denmark – Datatilsynet: http://www.datatilsynet.dk/
- Estonia – Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon): http://www.aki.ee/en
- Finland – Office of the Data Protection Ombudsman: http://www.tietosuoja.fi/en/
- France – Commission Nationale de l'Informatique et des Libertés – CNIL: http://www.cnil.fr/
- Germany – Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit: http://www.bfdi.bund.de/ Note that the competence for complaints is split among different data protection supervisory authorities in Germany. Competent authorities can be identified according to the list provided under: https://www.bfdi.bund.de/bfdi_wiki/index.php/Aufsichtsbeh%C3%B6rden_und_Landesdatenschutzbeauftragte
- Greece – Hellenic Data Protection Authority: http://www.dpa.gr/
- Hungary – National Authority for Data Protection and Freedom of Information: http://www.naih.hu/
- Ireland – Data Protection Commissioner: http://www.dataprotection.ie/
- Italy – Garante per la protezione dei dati personali: http://www.garanteprivacy.it/
- Latvia – Data State Inspectorate: http://www.dvi.gov.lv/"
- Luxembourg – Commission Nationale pour la Protection des Données: http://www.cnpd.lu/
- Malta – Office of the Data Protection Commissioner: http://www.dataprotection.gov.mt/
- Netherlands – Autoriteit Persoonsgegevens: https://autoriteitpersoonsgegevens.nl/nl
- Poland – The Bureau of the Inspector General for the Protection of Personal Data – GIODO: http://www.giodo.gov.pl/
- Portugal – Comissão Nacional de Protecção de Dados – CNPD: http://www.cnpd.pt/
- Romania – The National Supervisory Authority for Personal Data Processing: http://www.dataprotection.ro/
- Slovakia – Office for Personal Data Protection of the Slovak Republic: http://www.dataprotection.gov.sk/
- Spain – Agencia de Protección de Datos: https://www.agpd.es/
- Sweden – Datainspektionen: http://www.datainspektionen.se/