Privacy Policy

Emotional ABCs, Inc. (hereafter “Company”) has adopted the following Privacy Policy applicable to all visitors or users of this website ("Users"). Users who do not agree with the terms of this Privacy Policy should immediately exit the website.

1. TYPES OF DATA COLLECTED AND PROCESSED.

Company stores and processes the information Company collects in the United States in accordance with this Privacy Statement. Company's sub-processors may store and process data outside the United States. User data collected on the site includes the User’s name, address, e-mail addresses, credit card information, order information, browser type, and the date and time of each User request. Company also collects potentially personally- identifying information like Internet Protocol (IP) addresses, and any other information voluntarily provided (hereafter "Personal Information"). Company understands that Users may be from different countries and regions with different privacy laws and expectations, and Company tries to meet or exceed those expectations even when the United States may not have the same privacy regulations as other countries. Company provides the same standard of privacy protection — as described in this Privacy Statement — to all Users around the world, regardless of their country of origin or location. Company strives to implement and adhere to the strictest standards of notice, choice, accountability, security, data integrity, access and recourse practically available. Company's vendors or User's school or educational institutions that have access to User Personal Information are also required to maintain the security and integrity of any User Personal Information. Company provides clear methods of unambiguous, informed consent at the time of data collection, when Company collects User's Personal Information using consent as a basis. Company collects only the minimum amount of Personal Information necessary for Company's purposes unless Users choose to provide more. Company offers Users simple methods of accessing, correcting, or deleting the User Personal Information collected by Company. Company provides Users notice, choice, accountability, security, and access, and limits the purpose for processing. Company also provides Users a method of recourse and enforcement. Company collects and stores Personal Information about Users of the site on third party servers to enable transactions and for site security and analytics.

Company may collect and store Personal Information or other data about patterns of usage and order history; which activities a User starts and finishes; when the User starts and stops an activity, and which areas of the site a User visits. Only Personal Information or other data necessary to the operation, maintenance, and improvement of Company’s business is collected.

Names of Users or children on Unit completion Certificates do not include last names or any other identifying information. Similarly, User's or children's names and passwords within the website only include first names, avatars, and picture passwords. No last names or other information is collected or stored by Company other than in connection with credit card payment information including first and last names of credit card holder, card number, expiration date, CCV number and billing address. Also, the website does not require the full name or age or any other information about any User or child. Only information of the parent, guardian or other individual over the age of 18 using a credit card to register at the website is taken by Company. Only a first or nickname for a child's log in information is required. Company collects and stores the following data: On Paid Family or Individual accounts: parent emails and passwords, all credit card related payment data, child username and picture password. On Free Parent accounts: parent emails and passwords, child username and picture password. On Free Teacher accounts: teacher email address and password, school and headmaster name, address, and phone number. On Paid Premium Classroom accounts: school email address and password, school name and other school identifying information, and all credit card related payment data, student rosters with student's first name and first three letters of student's last name, parent's email address once input by the school, and parent password once a parent has agreed to sign up for program use at home. During the course of providing the service, Company also collects information about the Users use of the service and information submitted such as progress within the consecutive learning program for the purpose of awarding online and printable certificates to the students at the end of each unit.

Premium Classroom account holders represent and warrant that they have obtained written permission and consent for the student to use the service from the student user's parent or legal guardian. Users may review this data and request it be removed or corrected by contacting Company’s webmaster at: Privacy@EmotionalABCs.com. Company is not responsible for, and has no control over, Personal Information or other data collected by Schools or provided by Users to Schools or other third parties.

2. STUDENT PRIVACY PLEDGE

Company adheres to the Student Privacy Pledge, an industry standard approach to privacy for K-12 service providers ("The Pledge"). The Pledge was created by the Future of Privacy Forum (FPF) and The Software & Information Industry Association (SIIA) and has been endorsed by the National School Boards Association (NSBA), the National Parent-Teacher Association (PTA), and the White House.

As part of Company's commitment to The Pledge, when Company has access to User or student Personal Information through the provision of Company's Services, the following principles guide Company's practices regarding data, security, and technology:

Company commits to:

  • Not collect, maintain, use or share student Personal Information beyond that needed for authorized educational/school purposes, or as authorized by the parent/student.

  • Not sell student Personal Information.

  • Not use or disclose student information collected through an educational/school service (whether Personal Information or otherwise) for behavioral targeting of advertisements to students.

  • Not build a personal profile of a student other than for supporting authorized educational/school purposes or as authorized by the parent/student.

  • Not make material changes to school service provider consumer privacy policies without first providing prominent notice to the account holder(s) (i.e., the educational institution/agency, or the parent/student when the information is collected directly from the student with student/parent consent) and allowing them choices before data is used in any manner inconsistent with terms they were initially provided; and not make material changes to other policies or practices governing the use of student Personal Information that are inconsistent with contractual requirements.

  • Not knowingly retain student Personal Information beyond the time period required to support the authorized educational/school purposes, or as authorized by the parent/student.

Company affirmatively commits to the following:

  • Collect, use, share, and retain student Personal Information only for purposes authorized by the User, School, agency, teacher or parent/student.

  • Disclose clearly in contracts or privacy policies, including in a manner easy for parents to understand, what types of student Personal Information Company collects, if any, and the purposes for which the Personal Information Company maintains is used or shared with third parties.

  • Support access to and correction of User/student personally identifiable information by the User/student or their authorized parent, either by assisting the School in meeting its requirements or directly when the information is collected directly from the User/student with student/parent consent.

  • Maintain a comprehensive security program that is reasonably designed to protect the security, privacy, confidentiality, and integrity of User/student Personal Information against risks – such as unauthorized access or use, or unintended or inappropriate disclosure – through the use of administrative, technological, and physical safeguards appropriate to the sensitivity of the information.

  • Require that Company's vendors with whom student Personal Information is shared in order to deliver Company's educational services, if any, are obligated to implement these same commitments for the given User/student Personal Information.
  • Allow a successor entity to maintain the student/User Personal Information, in the case of Company's merger or acquisition by another entity, provided the successor entity is subject to these same commitments for the previously collected student Personal Information.

3. CROSS-BORDER DATA TRANSFERS

For cross-border data transfers from the European Union (EU) and the European Economic Area (EEA), Canada or Australia, in addition to providing Users methods of unambiguous, informed consent and control over their data, Company is committed to subject any Personal Information received from the EU, EEA, Australia, Canada or anywhere else to the same stringent protections and limitations. Company adheres to the federal privacy protection standards in the Children’s Online Privacy Protection Act (COPPA), the California Online Privacy Protection Act of 2003 ("CalOPPA"), the Student Privacy Pledge, the Family Educational Rights and Privacy Act ("FERPA"), The Student Online Personal Information Protection Act ("SOPIPA"), California Assembly Bill 1584 ("AB 1584") and the California Consumer Privacy Act ("CCPA" - AB 375). Further, Company uses reasonable efforts to comply with the General Data Protection Regulation ("GDPR"), the Canadian Personal Information Protection and Electronic Documents Act (PipEDA"), the Australian Commonwealth Privacy Act, as amended, the EU – U.S. Privacy Shield Framework and the Swiss – U.S. Privacy Shield Framework, and other applicable laws, statutes, regulations and treaties worldwide. See our certification page at http://www.privacyshield.gov. Company does not intentionally collect Personal Information online from children without their parent’s consent other than as described herein. Children may visit any area of the site and may participate in activities without providing any Personal Information or other data. Online orders, however, may only be placed by adults over the age of 18 or by minors under the age of 18 with the consent of the minor’s parent or legal guardian. In authorizing persons under 18 to place orders through the site, the parent or legal guardian consents to the collection of Personal Information or other data necessary to process and complete the transaction and for security purposes. If a person under 18 sends a request to Company, Company webmaster will keep their e-mail address for long enough to respond to them. Company may delete this information from its system in the ordinary course of business, generally after the question is answered. Parents may request to review or delete any information submitted by his or her child by sending an email to Company's webmaster at "Privacy@EmotionalABCs.com" or by sending a written, postpaid request addressed to: Emotional ABCs, Inc., 3435 Ocean Park Blvd #107-259, Santa Monica, CA 90405-3300 - Attn: Webmaster, Children’s Online Privacy Act - Delete Request. Requests must include proof verifying that the requester is the parent of the child whose information is requested.

4. COOKIES, TRACKING

In addition to Personal Information, Company’s web servers automatically identify computers by their IP addresses. Company may use IP addresses to administer the site or gather other information. Further, the site may use “cookies” during the session transaction process to enable ordering. By using Company's website, Users agree Company can place these types of cookies on User's computer or device. If User disables User's browser or device's ability to accept these types of cookies User will not be able to login or use Company's website services. Company currently does not respond to Users' browser's Do Not Track signal. Company does not permit third parties other than Company's analytics and service providers to track Users' activities on the site. Company does not track Users' online browsing activities on other online sites or services. Company does not disclose cookie data to any third party.

5. USE OF DATA

Company may use Users’ Personal Information to identify Users for online activities such as online ordering or any other online interactive activities, to respond to specific requests from Users, to obtain parental consent from Users under 18 years of age when necessary and to protect the security or integrity of the website.

6. TYPE AND IDENTITY OF THIRD PARTIES TO WHOM DATA IS DISCLOSED

Company does not disclose the personally identifiable information of any User to third parties for any marketing or promotional purposes. Company may disclose de-identified and/or aggregated User information for any other purpose as permissible by applicable law—for example, the distribution of de-identified User records to outside researchers or the distribution of reports containing aggregate user demographic and traffic patterns—provided that no individual User or any specific end user device can be readily identified.

Company does not sell, rent, loan, transfer, or otherwise disclose any Personal Information to third parties except as set forth in this Privacy Policy. Company shares with third-party payment services (such as PayPal and its subsidiary companies) Users personal information related to credit card payments (cardholders first and last names, card number, expiration date, CCV code, and billing address) only to the extent necessary to process payment and for site security. Company may also share Personal Information with third parties with or without notice to User in connection with a court order, subpoena, government investigation, when otherwise required by law. Subject to confidentiality agreements, the terms of this Privacy Policy and applicable law, Personal Information may be disclosed to service providers and advisors to support the website's technical operation or to execute a specific program. Any third parties with whom Personal Information is shared shall be bound by this Privacy Policy. Personal Information may also be shared with potential transactional partners or other third parties in connection with the consideration, negotiation, or completion of a corporate transaction in which Company is sold in whole or part to, acquired by, or merged with, another entity, or Company sells, liquidates, transfers, or licenses all or a portion of Company's assets in bankruptcy or otherwise. If some or all of Company's assets are acquired or otherwise transferred or licensed, including in bankruptcy, the entity or person acquiring Company's assets shall be subject to the same commitments stated under this Privacy Policy. Certain data related to User Personal Information which data does not necessarily identify specific Users names, such as the length of interaction, volume and frequency of site activity, etc. may be stored and used by Company in connection with site analytics to understand and improve Company services, products and the User experience, detect security incidents, conduct research, prevent fraud, debug, repair errors, maintain Users account, provide user/customer service, activities to improve Company's services.

7. PURPOSES FOR WHICH DATA IS PROCESSED

Under certain international laws (including GDPR), Company is required to notify you about the legal basis on which we process User Personal Information. Company processes User Personal Information on the following legal bases: When Users create a Company account, Users provide username and an email address. Company requires those data elements for User to enter into the Terms of Service agreement with Company, and Company processes those elements on the basis of performing that contract. Company also processes Users' username and email address on other bases. Company does not collect or process a credit card number, but our third-party payment processor does.

Company does not permit children under the age of 13 to create an account and does not knowingly collect personally identifying information from children under the age of 13 without the consent and at the direction of a parent. Company permits parents to set up child profiles associated with the parent account so that the children may access the service under the parents’ supervision. We take special precautions to collect only as much information as is reasonably necessary for the child to use the service and to ensure the parents have access to and control of their child use of the service. By creating a child profile associated with a parent account or permitting your child to use the Companies of service you expressly agree to the practices described in this Privacy Policy and consent to the collection, use, and disclosure of your child's Personal Information as described herein.

On Individual or Family accounts, the parent uses the parent's own email, password and credit card information. Parents and children together create a username of their own choice and choose a picture password. Child Users require the parent's email and parent's password to begin using the service. On Free Teacher accounts, teachers get a single user account for themselves. Teachers use their own email address and password and create a single user account for themselves.

On Premium Classroom accounts teachers or administrators use their school email address and password and school related information when they sign up for the service. School administrators or teachers are able to add student rosters which include student first names in the first three letters of student last names but no other identifying information about students. Teachers assign students into their accounts with a QR code or a website link in the classroom. Parents get an email from the school or the teacher allowing them to sign into the Premium Classroom individual student account with the parents own email and password to allow the child/student to use their school account from home.

When Users fill out the information in User's user profile, Users have the option to provide User Personal Information such as User's full name, an avatar, and first name or nickname. Company processes this information on the basis of consent. All of this information is entirely optional, and Users have the ability to access, modify, and delete it at any time. Generally, the remainder of the processing of Personal Information by Company is necessary for the purposes of Company's legitimate interests. For example, for security purposes, Company must keep logs of IP addresses that access Company, and in order to respond to legal process, Company is required to keep records of users who have sent and received DMCA takedown notices. If you would like to request erasure of data we process on the basis of consent or object to our processing of Personal Information, Users or Parents of Users may request to review, correct or delete any information submitted by User or User's child by sending an email to Company webmaster at: "Privacy@EmotionalABCs.com" or a written request addressed to Emotional ABCs, Inc., 3435 Ocean Park Blvd #107-259, Santa Monica, CA 90405-3300 - Attn: Webmaster, Children’s Online Privacy Act - Delete Request. Requests must include proof verifying that the requester is the User or parent of the child whose information is requested.

When Company changes or deletes any Personal Information at User's request, Company will make good faith efforts to make the changes in our then-active databases as soon as reasonably practicable, generally within 24–48 hours. Changing setting options may not result in immediate changes to the settings, which are subject to our operations and maintenance schedules. Please note that information may remain in backup or archive records, and Company may retain certain data relevant to preventing fraud or future abuse or for legitimate business purposes, such as analysis of aggregated, nonpersonally-identifiable or de-identified data, account recovery, or if required by law. All retained data will continue to be subject to the Privacy Policy in effect at that time.

Upon Account cancellation, de-identified User Personal Information may nonetheless persist internally in Company's archive files or similar databases, and may still be used, on a de-identified basis, for Company's internal support, administrative, and record-keeping purposes including, but not limited to, allowing Company to improve its site and services and other services provided through research, evaluation, and analytics as permissible by applicable law. Please note that following a request to delete User Personal Information or other information information including Personal Information may remain in backup or archive records, and Company may retain certain data if required by law, relevant to preventing fraud or future abuse, or for legitimate business purposes, such as account recovery and customer support, and all subject to our internal records retention periods. All retained data will continue to be subject to the Privacy Policy in effect at that time and applicable law.

Company will not retain Personal Information longer than necessary and will delete all student Personal Information at the termination of the contract or when it is no longer needed by Company.

8. SECURITY

Company uses appropriate physical, technical, and administrative security measures to protect and safeguard all Personal Information collected in a secure, controlled environment to which third parties are generally not permitted access. Other security safeguards include but are not limited to, data encryption, firewalls, and physical access controls to buildings and files. Company will notify affected Users if any User data is lost, stolen or compromised and will take all appropriate steps to avoid any further unauthorized disclosure or dissemination. No data transmissions over the internet can be guaranteed to be 100% secure. Consequently, Company cannot ensure or warrant the security of any information Users transmit to Company and Users agree to do so at their own risk. Company has multiple security measures in place to protect the loss, misuse or alteration of information under its control. This website is hosted in the United States. If you are visiting from the European Union or other regions with laws governing data collection and use that may differ from U.S. law, please note that you are transferring your personal data to the United States, which does not have the same data protection laws as the EU or other regions; by providing your personal data you consent to the use of your personal data for the uses identified above in accordance with this Privacy Policy and the transfer of your personal data to the United States as indicated above.

9. LINKING

This website may contain links to other websites that may not be owned or operated by Company. This Privacy Policy applies solely to Personal Information collected on this site. These links are provided for User's convenience to provide further information. They do not signify that Company endorses the website(s). Company has no responsibility for the content of the linked website(s). Company will only link to businesses that have privacy practices consistent with Company’s Privacy Policy, or have agreed to be bound by Company's Privacy Policy.

10. PASSWORDS

Users to the website select a password to access the Materials and Content and other features of the website and allow Users to review and change the information Company collects about them or their child. Users' passwords should be kept confidential.

11. CHANGES TO PRIVACY POLICY

If you have any further questions concerning Company's Privacy Policy and the use of your Personal Information, please contact Company's webmaster at: "Support@EmotionalABCs.com". This Privacy Policy was last updated, and its Effective Date is April 21, 2020. Company will post any changes on the site's homepage. For certain other changes, including all material changes, to its Privacy Policy Company will give notice and obtain consent by either 1) displaying an alert and an "Agree" button next to the Privacy Policy, or 2) displaying an alert and an "Agree" button upon login, or 3) directly communicating with Users through the email address associated with the User account.

12. DISPUTE RESOLUTION

Company and User agree to all terms and conditions regarding dispute resolution and arbitration set forth in Company's Terms of Use, which terms and conditions are incorporated herein by reference.

13. CALIFORNIA PRIVACY RIGHTS

Effective January 1, 2020, the California Consumer Privacy Act California Civil Code §§ 1798.100 et seq. ("CCPA") provides California residents with specific rights regarding their Personal Information. This section describes User CCPA rights and explains how to exercise those rights. The CCPA can be reviewed at oag.ca.gov/privacy/ccpa. In this section "User" or "Users" refers to California residents. Under the CCPA Company is required to disclose categories of sources from which Company collects Personal Information, and the third parties with whom Company shares such information. Company is also required to communicate information about rights Users have under California law, such as:

Right to access Personal Information. [CC § 1798.100] Users may be entitled to receive the specific pieces of User Personal Information Company holds.

Right to data portability. [CC § 1798.100] Users may be entitled to receive a copy of User electronic Personal Information in a readily usable format.

Right to disclosure. [CC §§1798.110, 1798.115] User may be entitled to receive information regarding the categories of Personal Information Company collected, the sources from which Company collected Personal Information, the purposes for which Company collected and shared Personal Information, the categories of Personal Information that Company sold, the categories of third parties to whom the Personal Information was sold, and the categories of Personal Information that Company disclosed for a business purpose in the 12 months preceding the User request. In the 12 months preceding January 1, 2020, Company did not disclose to any third party any categories of User Personal Information for business purposes or otherwise, including without limitation: identifiers, commercial information, electronic network and Internet activity information, geolocation data, or inferences about Users drawn from such data.

Right to deletion. [CC § 1798.105] Users may be entitled to request that Company delete the Personal Information that Company has collected from User. Company will use commercially reasonable efforts to honor User requests in compliance with applicable laws. Please note, however, Company may need or be required to keep such information, such as for Company's legitimate business purposes or to comply with applicable law.

Right to opt-out of certain sharing with third parties. [CC § 1798.120] Users are entitled to direct Company to stop disclosing User Personal Information to third parties for monetary or other valuable consideration. Company does not currently disclose any User Personal Information to any third parties for monetary or other valuable consideration. If Company ever does disclose any User Personal Information to third parties, Users can exercise such right to opt-out by clicking on the link on Company's homepage titled “Do Not Sell My Personal Information,” which will direct Users to an Internet Company page that enables Users, or a person authorized by the User, to opt-out of the sale of the User's Personal Information. Company does not require a User or consumer to create an account in order to direct Company not to sell the User's/consumer’s Personal Information. User/consumers can also opt-out by sending an email to Company's webmaster at Support@EmotionalABCs.com, sending a written, postpaid request addressed to: Emotional ABCs, Inc., 3435 Ocean Park Blvd #107-259, Santa Monica, CA 90405-3300- Attn: Company webmaster, or by calling toll-free (877) 399-8763.

Company will never monetize User Personal Information by providing it to a third party in exchange for money. The CCPA has a broader definition of the term "sell" which includes disclosing Personal Information to any third party for valuable consideration. Company does not share any Personal Information with any of Company's advertising partners, nor does Company disclose any of its cookie data to any third parties.

In addition, Company is required to provide User certain information about the business and commercial purposes for which Company collects and shares User Personal Information. Company may use or disclose User Personal Information Company collect for the business purposes described in this policy, including but not limited to: processing payments, conducting research, detecting security incidents, preventing fraud, debugging and repairing errors, maintaining User account, providing customer service, and other activities to improve Company's service, show advertising, market Company's services, and understand how Users interact with Company's services. Non-Discrimination. [CC § 1798.125] Company fully supports User privacy rights and will not discriminate against Users for exercising any of User CCPA rights.

Exercising Access, Disclosure, Data Portability, and Deletion Rights
To exercise the access, disclosure, data portability, and deletion rights described above, please submit a verifiable consumer request by either contacting Company by email to Company's webmaster at Privacy@EmotionalABCs.com, or send a postpaid written, request addressed: to Emotional ABCs, Inc., 3435 Ocean Park Blvd #107-259, Santa Monica, CA 90405-3300 - Attn: Webmaster, or by calling toll-free: (877) 399-8763.

Privacy Portal
Only a User or a person registered with the California Secretary of State that User has authorized to act on User's behalf may make a verifiable consumer request related to User Personal Information. Users may also make a verifiable consumer request on behalf of User's child.

Users may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must: i) Provide sufficient information to allow Company to reasonably verify User is the person about whom Company collected Personal Information or an authorized representative of User; and ii) describe User's request with sufficient detail to allow Company to properly understand, evaluate, and respond to it.

Company cannot respond to User requests or provide Users with Personal Information if Company cannot verify User's identity or authority to make the request and confirm the Personal Information relates to User. Making a verifiable consumer request does not require Users to create an account with Company. Company will only use Personal Information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.

14. PRIVACY SHIELD

Company Privacy Shield Statement

WHAT, WHY AND HOW PERSONAL DATA IS COLLECTED AND USED.
Company complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of data and other Personal Information from European Union member countries and Switzerland transferred to the United States pursuant to Privacy Shield. Company has certified that it adheres to the Privacy Shield Principles with respect to such data. If there is any conflict between the policies in this privacy policy and rights under the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view Company's certification page, please visit https://www.privacyshield.gov/.

PURPOSES WE PROCESS PERSONAL DATA RECEIVED IN RELIANCE ON PRIVACY SHIELD
The purpose of this Company Privacy Shield Statement ("Statement") is to outline how Company complies with the Principles with respect to the Personal Information Company collects. Users that would like additional information regarding Company's privacy practices in connection with Personal Information collected on this website in general, please refer to Company's Privacy Policy. If there is any conflict between this Statement and Company's Privacy Policy, this Statement shall prevail.

Scope
This Statement applies to any Personal Information received by Company from the European Union or Switzerland in reliance on Privacy Shield.

Company Data Processing Activities
Company at times acts as a data processor or a data controller when processing personal data transferred from the EEA or Switzerland. Though the types of data Company collects and processes may vary depending on the Account Terms and User/customers' preferences, data Company collects typically includes Personal Information relating to students and schools, billing and payments information, web browsing behavior and other information relating to a User's device used to access the services, and other information as described in Company's Privacy Policy. Company processes this data to provide Company's business and consumer services; billing and payments; User/customer service and product support; communications; analytics to inform and improve Company's services; and for other internal purposes.

Company processes User Personal Information on the following legal bases:
When Users create a Company account, Users provide username and an email address. Company requires those data elements for User to enter into the Terms of Service agreement with Company, and Company processes those elements on the basis of performing that contract. Company also processes Users' username and email address on other bases. Company does not collect or process a credit card number, but our third-party payment processor does.

Company does not permit children under the age of 13 to create an account and does not knowingly collect personally identifying information from children under the age of 13 without the consent and at the direction of a parent. Company permits parents to set up child profiles associated with the parent account so that the children may access the service under the parents’ supervision. We take special precautions to collect only as much information as is reasonably necessary for the child to use the service and to ensure the parents have access to and control of their child use of the service. By creating a child profile associated with a parent account or permitting your child to use the Company's service you expressly agree to the practices described in this Privacy Policy and consent to the collection, use, and disclosure of your child's Personal Information as described herein.

On Individual or Family accounts, the parent uses the parent's own email, password and credit card information. Parents and children together create a username of their own choice and choose a picture password. Child Users require the parent's email and parent's password to begin using the service. On Free Teacher accounts, teachers get a single user account for themselves. Teachers use their own email address and password and create a single user account for themselves.

On Premium Classroom accounts teachers or administrators use their school email address and password and school related information when they sign up for the service. School administrators or teachers are able to add student rosters which include student first names in the first three letters of student last names but no other identifying information about students. Teachers assign students into their accounts with a QR code or a website link in the classroom. Parents get an email from the school or the teacher allowing them to sign into the Premium Classroom individual student account with the parents own email and password to allow the child/student to use their school account from home.

When Users fill out the information in User's user profile, Users have the option to provide User Personal Information such as User's full name, an avatar, and first name or nickname. Company processes this information on the basis of consent. All of this information is entirely optional, and Users have the ability to access, modify, and delete it at any time. Generally, the remainder of the processing of Personal Information by Company is necessary for the purposes of Company's legitimate interests. For example, for security purposes, Company must keep logs of IP addresses that access Company, and in order to respond to legal process, Company is required to keep records of users who have sent and received DMCA takedown notices. If you would like to request erasure of data we process on the basis of consent or object to our processing of Personal Information, Users or Parents of Users may request to review, correct or delete any information submitted by User or User's child by sending an email to Company webmaster at: "Privacy@EmotionalABCs.com" or a written request addressed to Emotional ABCs, Inc., 3435 Ocean Park Blvd #107-259, Santa Monica, CA 90405-3300 - Attn: Webmaster, Children’s Online Privacy Act - Delete Request. Requests must include proof verifying that the requester is the User or parent of the child whose information is requested.

When Company changes or deletes any Personal Information at User's request, Company will make good faith efforts to make the changes in our then-active databases as soon as reasonably practicable, generally within 24–48 hours. Changing setting options may not result in immediate changes to the settings, which are subject to our operations and maintenance schedules. Please note that information may remain in backup or archive records, and Company may retain certain data relevant to preventing fraud or future abuse or for legitimate business purposes, such as analysis of aggregated, nonpersonally-identifiable or de-identified data, account recovery, or if required by law. All retained data will continue to be subject to the Privacy Policy in effect at that time.

Upon Account cancellation, de-identified User Personal Information may nonetheless persist internally in Company's archive files or similar databases, and may still be used, on a de-identified basis, for Company's internal support, administrative, and record-keeping purposes including, but not limited to, allowing Company to improve its site and services and other services provided through research, evaluation, and analytics as permissible by applicable law. Please note that following a request to delete User Personal Information or other information information including Personal Information may remain in backup or archive records, and Company may retain certain data if required by law, relevant to preventing fraud or future abuse, or for legitimate business purposes, such as account recovery and customer support, and all subject to our internal records retention periods. All retained data will continue to be subject to the Privacy Policy in effect at that time and applicable law.

TYPES OF DATA COLLECTED AND PROCESSED.

Company stores and processes the information Company collects in the United States in accordance with this Privacy Statement. Company's sub-processors may store and process data outside the United States.

User data collected on the site includes the User’s name, address, e-mail addresses, credit card information, order information, browser type, and the date and time of each User request. Company also collects potentially personally- identifying information like Internet Protocol (IP) addresses, and any other information voluntarily provided (hereafter "Personal Information"). Company understands that Users may be from different countries and regions with different privacy laws and expectations, and Company tries to meet or exceed those expectations even when the United States may not have the same privacy regulations as other countries. Company provides the same standard of privacy protection — as described in this Privacy Statement — to all Users around the world, regardless of their country of origin or location. Company strives to implement and adhere to the strictest standards of notice, choice, accountability, security, data integrity, access and recourse practically available. Company's vendors or User's school or educational institutions that have access to User Personal Information are also required to maintain the security and integrity of any User Personal Information.

Company provides clear methods of unambiguous, informed consent at the time of data collection, when Company collects User's Personal Information using consent as a basis. Company collects only the minimum amount of Personal Information necessary for Company's purposes unless Users choose to provide more. Company offers Users simple methods of accessing, correcting, or deleting the User Personal Information collected by Company. Company provides Users notice, choice, accountability, security, and access, and limits the purpose for processing. Company also provides Users a method of recourse and enforcement.

Company collects and stores Personal Information about Users of the site on third party servers to enable transactions and for site security and analytics.

Company may collect and store Personal Information or other data about patterns of usage and order history; which activities a User starts and finishes; when the User starts and stops an activity, and which areas of the site a User visits. Only Personal Information or other data necessary to the operation, maintenance, and improvement of Company’s business is collected.

Names of Users or children on Unit completion Certificates do not include last names or any other identifying information. Similarly, User's or children's names and passwords within the website only include first names, avatars, and picture passwords. No last names or other information is collected or stored by Company other than in connection with credit card payment information including first and last names of credit card holder, card number, expiration date, CCV number and billing address. Also, the website does not require the full name or age or any other information about any User or child. Only information of the parent, guardian or other individual over the age of 18 using a credit card to register at the website is taken by Company. Only a first or nickname for a child's log in information is required. Company collects and stores the following data: On Paid Family or Individual accounts: parent emails and passwords, all credit card related payment data, child username and picture password. On Free Parent accounts: parent emails and passwords, child username and picture password. On Free Teacher accounts: teacher email address and password, school and headmaster name, address, and phone number. On Paid Premium Classroom accounts: school email address and password, school name and other school identifying information, and all credit card related payment data, student rosters with student's first name and first three letters of student's last name, parent's email address once input by the school, and parent password once a parent has agreed to sign up for program use at home. During the course of providing the service, Company also collects information about the Users use of the service and information submitted such as progress within the consecutive learning program for the purpose of awarding online and printable certificates to the students at the end of each unit.

Premium Classroom account holders represent and warrant that they have obtained written permission and consent for the student to use the service from the student user's parent or legal guardian. Users may review this data and request it be removed or corrected by contacting Company’s webmaster at: Privacy@EmotionalABCs.com. Company is not responsible for, and has no control over, Personal Information or other data collected by Schools or provided by Users to Schools or other third parties.

TYPE AND IDENTITY OF THIRD PARTIES TO WHOM DATA IS DISCLOSED
Company does not disclose the personally identifiable information of any User to third parties for any marketing or promotional purposes. Company may disclose de-identified and/or aggregated User information for any other purpose as permissible by applicable law—for example, the distribution of de-identified User records to outside researchers or the distribution of reports containing aggregate user demographic and traffic patterns—provided that no individual User or any specific end user device can be readily identified.

Company does not sell, rent, loan, transfer, or otherwise disclose any Personal Information to third parties except as set forth in this Privacy Policy. Company shares with third-party payment services (such as PayPal and its subsidiary companies) Users personal information related to credit card payments (cardholders first and last names, card number, expiration date, CCV code, and billing address) only to the extent necessary to process payment and for site security. Company may also share Personal Information with third parties with or without notice to User in connection with a court order, subpoena, government investigation, when otherwise required by law. Subject to confidentiality agreements, the terms of this Privacy Policy and applicable law, Personal Information may be disclosed to service providers and advisors to support the website's technical operation or to execute a specific program. Personal Information may also be shared with potential transactional partners or other third parties in connection with the consideration, negotiation, or completion of a corporate transaction in which Company is sold in whole or part to, acquired by, or merged with, another entity, or Company sells, liquidates, transfers, or licenses all or a portion of Company's assets in bankruptcy or otherwise. If some or all of Company's assets are acquired or otherwise transferred or licensed, including in bankruptcy, the entity or person acquiring Company's assets shall be subject to the same commitments stated under this Privacy Policy. Certain data related to User Personal Information which data does not necessarily identify specific Users names, such as the length of interaction, volume and frequency of site activity, etc. may be stored and used by Company in connection with site analytics to understand and improve Company services, products and the User experience, detect security incidents, conduct research, prevent fraud, debug, repair errors, maintain Users account, provide user/customer service, activities to improve service, show advertising, and market Company's services.

Privacy Shield Principles

1. Notice. Company will provide individuals with notice of Company's data collection and processing practices in Company's Privacy Policy, describing what Personal Information Company collects, the purpose and use of Personal Information, the categories of third parties with whom Company may share such information (and the purposes for which Company do so), User's right to access such information, the choices and means through which Users may limit the use and disclosure of Personal Information, and other disclosures consistent with the Notice Principle. Where Company processes Personal Information on behalf of an educational or other institution (each a "School") with which User has a direct relationship, Company will assist such School upon request to provide appropriate notice to Users. Users can read about Company's data collection and processing practices in Company's main Privacy Policy.

2. Choice. Company will provide an individual opt-out or opt-in choice before Company shares and User Personal Information with third parties other than Company's agents and service providers, or before Company uses it for a purpose other than it was originally collected or subsequently authorized. To limit the use and disclosure of User Personal Information, please submit a written request to: Privacy@EmotionalABCs.com, or send a postpaid written request addressed to: Emotional ABCs, Inc., 3435 Ocean Park Blvd #107-259, Santa Monica, CA 90405-3300- Attn: Webmaster. Where Company processes Personal Information on behalf of a School, Company will work with that School to comply with User's choices for limiting use or disclosure of Personal Information, if possible.

3. Onward Transfers (Transfer to Third Parties). Company may transfer Personal Information to certain third parties (as described in Company's Privacy Policy). Where Company transfer Personal Information to a third party, will take reasonable and appropriate steps to ensure the third-party processes Personal Information for limited and specified purposes and in a manner consistent with Company's Privacy Shield obligations. Where the transfer is to a third-party agent acting on Company's behalf, Company may be liable if such third parties fail to meet those obligations, and Company are responsible for the event giving rise to the damage. In certain situations, Company may be also required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

4. Security. Company takes reasonable and appropriate measures to protect Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction. Company has implemented appropriate physical, electronic and managerial procedures to help safeguard and secure Personal Information from loss, misuse, unauthorized access or disclosure, alteration or destruction.

5. Data Integrity and Purpose Limitation. Company will process Personal Information in a manner that is compatible with, and relevant to, the purpose for which it was collected or authorized by Users. Where Company receives Personal Information from a School, it shall be the School that determines those purposes. To the extent necessary for those purposes, Company will take reasonable steps to ensure that Personal Information is accurate, complete, current and reliable for its intended use.

6. Access. EU and Swiss Users have the right to reasonable access to the relevant User Personal Information held by Company. On request, Company will also take reasonable steps to correct, update, amend or delete any User Personal Information that is demonstrated to be inaccurate, except where the burden or expense of doing so would be disproportionate to the risks to User's privacy in the case in question or where the rights of third parties would be violated. Where Company processes Personal Information on behalf of a School, Company will direct any User requests for access or to limit use or disclosure to the School, and Company will work with such School in complying with such requests in accordance with applicable law and Company's obligations under Privacy Shield. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data, should direct their query to: Privacy@EmotionalABCs.com, or send a written, postpaid request addressed to: Emotional ABCs, Inc., 3435 Ocean Park Blvd #107-259, Santa Monica, CA 90405-3300 - Attn: Webmaster. If requested to remove data, Company will respond within a reasonable timeframe.

7. Jurisdiction and Enforcement. As part of Company's participation in Privacy Shield, Company are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.

8. Lawful Requests. Company may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

9. Contact Company and Recourse. In compliance with the Privacy Shield Principles, Company commits to resolve complaints about privacy and Company's collection or use of any User's Personal Information transferred to the United States pursuant to Privacy Shield. EU and Swiss individuals with questions about this Statement or the information that Company collects from you in reliance on Privacy Shield, please contact Company at: Privacy@EmotionalABCs.com, or by sending a written request addressed to: Emotional ABCs, Inc., 3435 Ocean Park Blvd #107-259, Santa Monica, CA 90405-3300 - Attn: Webmaster. If any User is concerned about how Personal Information provided to Company has been used, please address any inquiry or complaint first to Company at the address listed above. Company takes all concerns about privacy and use of Personal Information very seriously and shall endeavor to reply within 45 days of receiving a complaint. Company has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissions (FDPIC) with regard to unresolved privacy complaints under the Privacy Shield Principles concerning data transferred from the EU and Switzerland.

If any User's Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, Users may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

Last Updated: April 21, 2020