NEW! L&D Impact Awards: See which Schoox customers are showcasing outstanding results and ROI. View the winners!

Get a demo

Search Schoox

LAST UPDATE: MARCH 8, 2024

Privacy Policy

Introduction

Schoox takes your privacy seriously and the use, disclosure and protection of your information is important to us. This notice covers how Schoox, collects, uses, discloses, transfers, stores, and protects your personal information. We encourage you to take a moment and familiarize yourself with our privacy practices and contact us at privacy@schoox.com for any further clarification. Schoox services are offered by Schoox, LLC, which is located at 3112 Windsor Rd. #A108, Austin, Texas 78703, United States of America, email privacy@schoox.com (“Schoox, LLC”). For purposes of this Privacy Notice, Schoox is referred to as “Schoox,” “we” or “us”.

This Privacy Notice has been developed in accordance with the requirements of relevant data protection laws including but not limited to EU GDPR, UK GDPR, CCPA/CPRA, CDPA.

 

1. Site Security and Data Protection Principles

Site Security: For site security purposes and to ensure that this service remains available to all users, the platform for which schoox.com resides on – commonly known as a “production environment,” utilizes a wide-range of software tools and programs for the ultimate goal of ensuring its confidentiality, integrity, and availability (CIA) – a concept known as the CIA triad of information security. Tools which are currently in use, or are to be deployed, if necessary, for the security of schoox.com are to include, but are not limited to, the following:

  • Network Security and Network Monitoring: Tools that assist in securing the network for which schoox.com resides on. Such tools include network and perimeter firewalls, web application firewalls, routers, switches, intrusion detection systems, and other related tools.
  • Network Performance: Tools that assist in monitoring all aspects of schoox.com, such as performance monitoring for website uptime, etc.
  • Other: Additionally, a variety of physical, electronic, and procedural safeguards are implemented for helping ensure the safety and security of schoox.com.

 

Information Security: Schoox implements appropriate technical and organizational measures to ensure the security of data processed. Schoox adheres to the following data protection principles as a best practice and in accordance with applicable data protection laws:

  • Lawfulness, fairness and transparency
  • Purpose limitation – Data is processed only for valid purposes that have been clearly explained by us and not used in any way that is incompatible with those purposes
  • Data minimization – Data is adequate, relevant and limited to what is necessary for the purposes for which they are processed.
  • Accuracy – Data processed is accurate and kept up-to-date.
  • Storage limitation – Data is kept only for as long as necessary for the purposes we have communicated.
  • Integrity and confidentiality (security) – Data is processed in a manner that ensures appropriate security of the personal data, using appropriate technical or organizational measures.
  • Accountability – Schoox maintains appropriate measures and records in compliance with data processing principles.

 

2. Data We Collect

2.1 Summary

Schoox SaaS Application: The Schoox Application is a SaaS-based Learning Management System which is hosted within the United States (US) and United Kingdom (UK) in mutually exclusive environments. Personal Data may be input and transferred by the client to the application from the originating country, which may be outside of the U.S. or UK for the purpose of supporting the Learning Management requirements of the client. Additionally, Schoox may be required on the explicit direction on behalf of the client to transfer personal data from locations outside of the US or UK to the Schoox application in the US. In this role, Schoox provides support to the application as a Data Processor. As a standard practice, as a Data Processor, Schoox does not access or disclose personal information within the Application unless directed by the Client or in support of the Contract and agreement.

Schoox as a Company: Schoox may collect or obtain Personal Data about you, if you are located outside of the United States this information may be transferred from a location outside of the U.S. to the U.S. through the following methods: directly from you (e.g., where you contact us); in the course of our relationship with you (e.g., if you make a purchase); when you make your Personal Information public, when you download, install, or use any of our Services; when you visit our Services; when you register to use any part of the Services; when you volunteer Personal Data about yourself in public areas of the Services; when you interact with any third party content or advertising; we may also receive Personal Information about you from third parties.

 

2.2 Types Of Personal Data We Collect

The types of personal data collected are listed as follows:

1. Name (First Name, Last Name)

2. Business Email Address

3. Country

4. Digital Identifiers, such as usernames, and passwords.

5. Personal data required by various form fields, and/or for purposes of searching, retrieving, and downloading data from schoox.com.

 

Highly Sensitive Information: Schoox does not collect sensitive personal information such as: personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or sexual orientation, for any purpose.

 

3. How We Collect Data

We may collect your personal data when you:

  • visit our website
  • visit our Schoox Branded Social Media pages
  • visit our Schoox Offices
  • receive or provided communication from or to us through:
    • Email
    • Phone
    • Texts/SMS
    • Other electronic communication
  • use our cloud products and services as an authorized user
  • register for or attend Schoox events, webinars, or free trials

 

3.1 Information Collected by Automated Means (Web Analytics Data)

When you visit schoox.com, we may store some or all the following:

1. The IP address from which you access schoox.com.

2. The date and time of access.

3. The Internet address of the website from which you linked to schoox.com.

4. The name of the file or words you searched; items clicked on a page.

5. The browser and operating system used, and any other related information.

This information is used for our legitimate purpose of measuring the number of visitors to the various sections of our site and identifying system performance or problem areas. We also use this information to help us develop the site, analyze patterns of usage, and to make the site more useful. This information is not used for associating search terms or patterns of site navigation with individual users. No data is sold to any third party.

 

Cookies: When you visit some websites, their web servers generate pieces of information known as cookies. Cookies are commonly used to recognize your computer in the future. Schoox.com uses session cookies for its legitimate interest of pursuing technical purposes, such as providing seamless navigation through our site, allow you to carry information across pages of our site and avoid having to re-enter information. Schoox.com session cookies are available only during an active browser session. When you close your browser, the session cookie disappears.

Schoox.com also uses persistent cookies for a number of legitimate interests, such as to be able to track the number of unique visitors to the site. Additionally, persistent cookies enable Schoox to tailor content and related subject matter to match your preferred interests and/or for the purposes of not showing you the same content and related subject matter repeatedly.

We may also employ cookies to compile anonymous, aggregated statistics that allow us to understand how users use our site and to help us improve the structure of our website. We cannot identify you personally in this way.
If you’d like to delete cookies or instruct your web browser to delete or refuse cookies, please visit the help pages of your web browser. Please note, however, that if you delete cookies or refuse to accept them, you might not be able to use all the features we offer, you may not be able to store your preferences, and some of our pages might not display properly.

 

Browser Information Collected on the Website: Various elements of data sets may be collected to track the usefulness of certain actions and to ultimately improve the value of schoox.com. Please note that Schoox does not gather, request, record, require, collect, or track any type of Internet users’ personal data (as listed above) through these processes.

 

Google Play Store Android App: The Schoox app uses Google API user data, which is subject to and adheres to Google’s API User Data Policy (including the Limited Use requirements). Specifically, the app only collects and uses user data for limited purposes, such as to provide the service you have requested or to improve our app’s performance. We do not sell or share your data with any third party, except as required by law or to comply with legal process.

 

Google Pixel Usage: Website pages may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count users who have visited those pages and for other related statistics (for example, recording the popularity of certain content and verifying system and server integrity). We also use these technical methods to analyze the traffic patterns, such as the frequency with which our users visit various parts of the Services.

 

4. Purposes of Data Collection

Data collected may be used for the following purposes:

  • Provision of Services to you
  • Offering and Improving the Service
  • Surveys
  • Communication
  • Advertising
  • User Engagement
  • Marketing
  • Lead Generation
  • Legal Compliance

 

Information collected is used in order to take steps to conclude a contract with you, or to provide our services to you, as well as to enable you to use them. We may also use these personal data for our legitimate purpose of contacting you with newsletters, marketing or promotional materials and other information concerning our activities that may be of interest to you.

 

HR Schoox Employee Data:

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Schoox commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF in the context of the employment relationship.

  • As a USA based corporation Schoox, collects personal information regarding employees as required for HR and employment-based obligations. Personal data is kept for only HR-related purposes and is not disclosed to third parties for purposes other than HR and employment required use. No personal employee data is provided to third parties for marketing, or non-HR related purposes.
  • For all EU based employees, local law and jurisdiction takes precedence over what personal data is provided and disclosed.
  • Restriction of personal data by the individual for non-HR /direct employment requirements is provided to the data subject and does not in any way hinder or restrict employment, or employment opportunities.

 

4.1 Retention Period

We will keep your personal data only for as long as necessary to fulfill the purposes for which we are processing it unless the law permits or requires longer. For example, we might need to keep your personal data to defend future legal claims or to comply with a legal obligation.

 

5. Third Party Disclosures

Schoox as. Processor: As a standard practice Schoox does not disclose personal information to any third-party or unauthorized party for any reason. Should Schoox be required to disclose any personal data to third parties, it will not do so unless fully authorized by the client agreement or in accordance with support of the agreement, or applicable law.

Schoox as a Controller: Schoox’s direct methods of personal data collection include through our website, marketing, sales outreach, and third party provided information. This information is used solely to contact individuals and or organizations about sales, advertising or marketing prospects of Schoox products. Any disclosure of personal information to a third party is relegated to only be used on behalf of Schoox and at Schoox’ direction, and not for any other purpose.

 

5.1 Compliance With Laws

  • Except for authorized law enforcement investigations by local, state, and/or federal agencies, no other attempts are made by Schoox to identify individual users and/or their usage habits on schoox.com.
  • Schoox as required by local, state, country or federal law will disclose your personal information where required to do so by law or subpoena or if we believe that such action is necessary to pursue our legitimate interest of complying with the law and the reasonable requests of law enforcement or of protecting the security or integrity of our services.

 

6. External Links

Schoox.com may contain links to websites created and maintained by other public and/or private organizations. schoox.com therefore provides these links as a service to our users, and when users click on a link to an external website, they are leaving schoox.com and are thus subject to the privacy and security policies/related terms and conditions of these external websites.

 

7. Children’s Policy

Schoox.com complies both with the Children’s Online Privacy Protection Act of 1998 (COPPA) and, with regards to EU data subjects, with GDPR. While children under the age of eighteen (18) may use the Site only with the consent of his or her parent or legal guardian, please be advised that this Site is not directed or otherwise promoted for use by children under the age of sixteen (16). By using the Service, you represent that you are at least sixteen (16) years of age. If you are between sixteen (16) and eighteen (18) years of age, you will need to have parental consent to use the Service. If you are below sixteen years of age, you should stop using the Site and Service immediately. Personal data from children under 16 is not knowingly collected, nor are children under 16 knowingly contacted by schoox.com. To be clear, schoox.com does not intend to solicit information of any kind from children under 16. It is possible that schoox.com may receive emails pertaining to children under 16. If this is the case and schoox.com is notified of this, as soon as the information is verified, parental consent will be immediately obtained, or the email will be deleted from any services being offered and/or performed by schoox.com.

We will make reasonable efforts to verify in such cases, where appropriate, that consent is given or authorized by the holder of parental responsibility over the child, taking into consideration available technology.

 

8. Your Choices

Opt-Out: You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send or by contacting us as specified in the Contact Us section of this notice. You as an individual retain the right to withhold in part or in full your personal information in order to limit our use of your data. Please note that refusal to provide Personal Information may result in our inability to provide the Services to you, to manage our relationship with you, or to improve the Services provided to you.

 

9. International Data Transfers

Your Personal Information may be transferred to, and maintained on, systems located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those from your jurisdiction. If you are located outside the United States and choose to provide information to us, please note that we may transfer the information, including Personal Information, to the United States and process it there. If you are in the EU, in transferring your Personal Information to countries outside of the EU, we will take appropriate steps to ensure that such recipients act in accordance with applicable laws. To the extent that we transfer the personal data to recipients who are located outside the European Union or the European Economic Area, we will provide an adequate level of protection for your personal data, including appropriate technical and organizational security measures and through the implementation of appropriate contractual measures to secure such transfer, in compliance with applicable law. Security Management at Schoox is designed to protect personal information of its employees and customers. Security processes and measures are further explained in the updated Standard Contractual Clauses (SCC) for our EU, UK, and Swiss customers. Please reach out to us at privacy@schoox.com for more details. Please also read our Data Privacy Framework disclosure, below, for further information about our self-certification under the EU-U.S. and the UK Extension to the EU-U.S., and the Swiss-U.S. Data Privacy Frameworks.

 

9.1 Data Privacy Framework

Data Privacy Framework: Schoox, LLC complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Schoox, LLC has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Schoox, LLC has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/

 

Data Subject Rights: Pursuant to the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), EU, UK, and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under DPF, should direct their query to privacy@schoox.com. If requested to remove data, we will respond within a reasonable timeframe.

We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to privacy@schoox.com.

In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Schoox’s accountability for personal data that it receives in the United States under the Data Privacy Frameworks and subsequently transfers to a third party is described in the Data Privacy Framework Principles. In particular, Schoox remains responsible and liable under the Data Privacy Framework Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless Schoox proves that it is not responsible for the event giving rise to the damage.

 

Complaint Process and Independent Recourse Mechanism: In compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) Principles, Schoox, LLC commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the DPF Principles. European Union, UK, and Swiss individuals with DPF inquiries or complaints should first contact Schoox at: privacy@schoox.com.

Schoox, LLC has further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information and to file a complaint. This service is provided free of charge to you.

 

Binding Arbitration: If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2.

 

HR Data Recourse: If your complaint involves human resources data transferred to the United States from the EU, or the United Kingdom in the context of the employment relationship, and Schoox does not address it satisfactorily, Schoox commits to cooperate with the panel established by the EU data protection authorities (DPA Panel) [the UK Information Commissioner’s Office, and Information Commissioner, as applicable] and to comply with the advice given by the DPA panel [ICO, as applicable] with regard to such human resources data. Additionally, Schoox has committed to cooperate with EU data protection authorities (DPAs) and comply with the advice given by such authorities with regard to human resources data transferred from the EU in the context of the employment relationship. To pursue an unresolved human resources complaint, you should contact the state or national data protection or labor authority in the appropriate jurisdiction. Complaints related to human resources data should not be addressed to the BBB National Programs Data Privacy Framework Services. Contact details for the EU data protection authorities can be found at https://edpb.europa.eu/about-edpb/board/members_en.

 

Jurisdiction: The Schoox Self-Certification to the EU and Swiss Data Privacy Frameworks is governed by the Federal Trade Commission (FTC).

 

10. Your Rights under Applicable Privacy Regulations

10.1 EU GDPR/UK GDPR Data Privacy Rights

If you are a UK or EEA resident and Schoox is processing your personal data, then you as a data subject may be entitled to the following rights and privileges under the General Data Protection Regulation (GDPR) or UK GDPR.

  • Right of Access: you have the right to obtain from us confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the following personal data and information:
    • the purposes of the processing
    • the categories of personal data concerned
    • the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations’
    • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
    • the existence of the right to request from us rectification or erasure of personal data or restriction of processing of personal data concerning you or to object to such processing
    • the right to lodge a complaint with a supervisory authority (for a list of supervisory authorities, see https://edpb.europa.eu/about-edpb/board/members_en)
    • where the personal data are not collected from you, any available information as to their source
    • the existence of automated decision-making, including profiling, along the lines indicated by Article 22(1) and (4) GDPR, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
  • Right to Rectification: you have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
  • Right to Erasure (‘Right to be Forgotten’): you have the right to obtain from us the erasure of your personal data without undue delay, and we have the obligation to erase personal data without undue delay when: a) your data are no longer necessary for the purposes for which they were collected; b) you had consented to the processing; c) you have objected to the processing, as per below; d) your personal data had been unlawfully collected; e) your personal data need to be erased as a matter of compliance with a legal obligation.
  • Right to Restriction of Processing: you have the right to obtain from us the restriction of processing if you: a) contest the accuracy of the personal data, until this is verified; b) the processing is unlawful but you don’t want erasure; c) we no longer need the personal data, but you require them to establish, exercise or defend a legal claim; d) you have objected to processing but there is a need to verify whether our legitimate grounds override your rights to object.
  • Right to Data Portability: where your personal data have been provided on the basis of your consent or for the performance of a contract, and their processing occurs in an automated way, you have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format and have the right to transmit those data- or have directly transmitted – to another controller.
  • Right to Object: you have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data based on a legitimate ground point (e) or (f) of Article 6(1), including profiling based on those provisions. In this case, we can no longer process your personal data unless we show that there is a compelling legitimate ground for the processing which override your interests, rights, and freedoms or for our establishment, exercise, or defense of legal claims.

 

10.2 California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA)

California data protection laws grant state residents certain rights as outlined below.

  • Right To Be Informed: You have the right to be informed of the categories of your data processed, purpose for processing, how to exercise your rights, and categories of data shared with third parties, as outlined in this notice.
  • Right To Access: You have the right to access your personal data that is processed
  • Right To Rectification: Where there are inaccuracies, you have the right to request correction of your personal data.
  • Right To Erasure: You have a right to delete your personal data. Certain exceptions may apply.
  • Right To Object/Opt-Out: You have the right to opt out of the sharing of personal information to a third party for cross-context behavioral advertising (as defined under California law).
  • Right To Data Portability: You have the right to obtain a copy of your personal data in a portable and, to the extent technically feasible, readily usable format.
  • Right to Non-Discrimination: You have the right not to be discriminated against for exercising any of the rights listed above.

Where applicable, you may exercise any of these rights by contacting us as specified in the Contact Us section of this notice. Additionally, Schoox as a Service Provider, assists its Clients (Businesses) in the fulfilment of these data subject rights.

 

10.3 Virginia Consumer Data Protection Act (CDPA), Colorado Data Protection Regulation (CPA) & Connecticut Data Protection Regulation (CTDPA) , Utah Consumer Privacy Act (UCPA)

Under these regulations, data subjects are conferred the following rights:

  • Right To Be Informed: You have the right to be informed of the categories of your data processed, purpose for processing, how to exercise your rights, and categories of data shared with third parties, as outlined in this notice.
  • Right To Access: You have the right to access your personal data that is processed
  • Right To Rectification: Where there are inaccuracies, you have the right to request correction of your personal data.
  • Right To Erasure: You have a right to delete your personal data. Certain exceptions may apply.
  • Right To Object/Opt-Out: You have the right to opt out of have the right to opt out of the processing of your personal data for purposes of:
    • targeted advertising;
    • the sale of personal data; or
    • profiling in furtherance of decisions that produce legal or similarly significant effects concerning the user.
  • Right To Data Portability: You have the right to obtain a copy of your personal data in a portable and, to the extent technically feasible, readily usable format.

Where applicable, Schoox as a Data Processor, provides reasonable assistance to Clients (Data Controllers) in the fulfilment of these data subject right requests.

 

10.4 Canada Freedom of Information and Privacy Act (FOIPPA), Jamaica Data Protection Act, 2020, Barbados Data Protection Act, 2019

Under these regulations, data subjects are conferred the following rights:

  • Right To Be Informed: You have the right to be informed of the categories of your data processed, purpose for processing, how to exercise your rights, and categories of data shared with third parties, as outlined in this notice.
  • Right To Rectification: Where there are inaccuracies, you have the right to request correction of your personal data. Under the Act, the term ‘rectify’ means to amend, block, erase, or destroy and the term ‘inaccuracy’ includes any error or omission
  • Right To Object/Opt-Out: You have the right to opt out of have the right to opt out of the processing of your personal data for purposes of:
    • targeted advertising;
    • the sale of personal data; or
    • profiling in furtherance of decisions that produce legal or similarly significant effects concerning the user.
  • Right To Data Portability: You have the right to obtain a copy of your personal data in a portable and, to the extent technically feasible, readily usable format.
  • Right To Not Be Subject To Automated Decision Making: You have the right to object to having your personal data used in automated decision-making processes.

 

Where applicable, Schoox as a Data Processor, provides reasonable assistance to Clients (Data Controllers) in the fulfillment of these data subject right requests.

 

11. Changes To This Notice

The schoox.com privacy notice is to be revised and updated as necessary to ensure its adequacy and sufficiency. You are encouraged to visit this page often for the latest information and the effective date of any changes to such notice. If changes are made to this notice, a new schoox.com notice will be prominently posted on our site and you will be provided with the relevant information by e-mail, along with corresponding change of data.

 

12. Contact Us

For any questions or requests concerning this Privacy Notice or how to exercise your rights under GDPR, CCPA and Privacy Shield frameworks, please contact us at: privacy@schoox.com or by using our Contact Us form.