As a dad of 3, I worry about my kids’ privacy online — and I hate long, unreadable privacy policies that are just a bunch of legalese.
So as the CEO of Legends and a fellow parent, I wanted to write to you — in plain language — about what data we collect from your kids and how we will (and won’t) use it.
Here’s what I want you to know:
- We will never sell your child’s data. Ever.
- You deserve to have control over your child’s data. You can email us at any time (firstname.lastname@example.org) and ask to see or delete your family’s data, and our team will help. And because we’ve designed the program for parents and kids to start together, when we’re asking them for information about themselves, you’re right there with them.
- We take data security seriously. We follow best practices for storing your data securely, and only trusted members of our team can access or share it.
- We’ll collect only the data we need to:
- ~Sign your child up for Legends: Your name, their name, their birthday, your phone number and your email address — just the basics.
- ~Process your credit card payments: This information (credit card number and address) is collected by our external credit card processor, Stripe. It is never stored on our servers, and we chose Stripe because they have strong privacy policies themselves, which you can view here.
- ~Personalize Legends for your child: We’ll keep track of your child’s responses to our activities and assessments - and use that to personalize the program to their interests and needs, give you updates on their progress, and make the program better for all kids.
- ~Recognize you when you come back: That might mean collecting identifiers like your IP address, so that we can recognize you when you come back on the same device and sign you right back in quickly.
- We think data can help improve learning, so we might share program data like survey responses with researchers so they can learn how to teach confidence more effectively. However, any data we share with others will be anonymized — meaning we won’t share personally identifiable information like names or contact information along with your child’s responses.
Finally, we’re an open book. If you have any questions about privacy, or anything else, just ask! You can send an email to email@example.com.
Thanks for reading,
For the purposes of the GDPR, Legends is considered the personal data controller. This means that we are responsible for deciding how we use the personal data that we hold. We are a Delaware corporation registered in the United States with an office at Legends, Inc. 330 N Brand Blvd Ste 700 Glendale, CA 91203.
The GDPR applies to you if you are located in the European Economic Area, the United Kingdom or Switzerland (an “EEA Individual”).
This policy applies to personal data we collect or may collect:
- In accessing and using the Site.
- In accessing Legends Apps.
- In accessing and using the other Legends Services.
- In email, text and other electronic messages sent through or use of the Site, Legends Apps and the other Legends Services.
- Through services provided to us or to you by third-party companies, agents or contractors. It does not apply to personal data collected by:
- Us offline or through any other means, including on any other website operated by Legends or any third party; or
- Any third party.
Minors under the Age of 13
We do not knowingly collect personal data from children under 13 except as provided in the COPPA Policy.
If you are under 13:
- do not provide any personal data or other information about yourself to us, including your full name, address, telephone number, email address or any screen name, username you may use or any pictures of you
If we learn we have collected or received personal data from a minor under 13 without verification of parental consent, we will delete that personal data and other information. If you believe that we might have any personal data from or about a child under 13, please contact us at firstname.lastname@example.org.
Protecting the privacy of our students is extremely important to us. Legends complies with the Children’s Online Privacy Protection Act (as amended, “COPPA”) To review our COPPA Policy, which applies to the personal data and other information that we knowingly collect from or about children under 13, please go to https://www.buildlegends.com/coppa-policy.
Legends complies with all applicable provisions of the United States Family Educational Rights and Privacy Act, 20 U.S.C. 1232g, 34 CFR Part 99 (as amended, “FERPA”) in receiving and handling personally identifiable personal data and information from education records as a “school official” under FERPA. If you are a parent and would like more information on parental rights with respect to your child’s educational record under FERPA, please visit the FERPA site.
Personal Data We Collect About You and How We Collect It
We collect or may collect several types of personal data from and about you, your child who participate in Legends Apps and the other users of the Site and the other Legends Services, including:
- For parents, personal data by which you may be personally identified, including personal data such as email address;
- For children, the child’s first name and gender;
- Device, internet and mobile information such as the hardware model, operating system version, unique device identifiers, browser type, language;
- Information that is about you but individually does not identify you, such as the date and time of visit;
- IP address;
- Information that is about you but individually does not identify you, such as the date and time of visit;
- Geo-location information;
- When you report a problem with Legends Apps or any of the other Legends Services;
- Details of transactions you carry out through, the Site and any of the other Legends Services.
We collect this personal data:
- Directly from you when you provide it to us.
- Automatically as you navigate through or use Legends Apps, the Site or any of the other Legends Services.
- From third parties, such as our customers, business partners and other third parties that provide us or you with certain services.
Certain transactions may also involve you calling us or our calling you. Please be aware that we may monitor, and in some cases, record such calls for staff training or quality assurance purposes.
Personal Data Minimization
We take every reasonable step to limit the volume of your personal data that we process to what is reasonably necessary.
We do not Engage in Automated Decision-making without Human Intervention
We do not use automated decision-making without human intervention, including profiling, in a way that produces legal effects concerning you or otherwise significantly affects you.
Consequences of not providing Personal Data
You are not required to provide all personal data identified in this policy to use our Site or to interact with us offline, but your child will not be able to participate in Legends Apps if you do not provide the required personal data. In addition, if you do not provide the personal data, we may not be able to respond to you.
We do not currently use technologies (e.g., cookies, etc.) for automatic personal data collection.
Do Not Track Policy
Your web browser may offer you a “Do Not Track” option, which allows you to signal to operators of websites and web applications and services (including behavioral advertising services) that you do not wish such operators to track certain of your online activities over time and across different websites. We do not honor any web browser “Do Not Track” signals or other mechanisms that provide you with the ability to exercise choice regarding the collection of personally identifiable personal data about your online activities over time and across third-party websites or online services. At present, no universally accepted standards exist on how companies should respond to do-not-track signals. In the event a final universally accepted standard is established, we will assess and provide an appropriate response to these signals.
Third-party Responsibilities and Services.
We may use or partner with other third-party companies, agents or contractors for various purposes in connection with our business and operations (“Service Providers”), including, invoicing and payment processing, instant messaging and communications, sending marketing communications and application notifications, collecting and storing personal data, social media marketing, relationship building, the marketing and growth of our business and the performance of services on our behalf, such as gathering and analyzing information and the provision of services to you. In the course of performing these responsibilities and providing such services, these other companies may have access to your personal data. We may also share personal data, including your personal data, with these Services Providers in order to enable them to perform these responsibilities and to provide these services. These Services Providers may have adopted their own privacy policies, which are not subject to control by Legends. You should always review the policies of these Service Providers to make sure that you are comfortable with the ways in which they collect, use, maintain, protect and disclose your personal data. We do not list our current Service Providers because they change from time to time. If you would like the names of any of Service Providers, please email us at email@example.com. The Service Providers may also transmit cookies to your computer or device when you click on ads that appear on or through the Service.
As a convenience to you, we may in the future also provide links to other third-parties from within the Site or the other Legends Services. If you click on one of these links, you will be redirected to that third-party’s site (via affiliate cookies) and such third party may also transmit cookies to you. We do not have any control over that or how they collect, use, maintain, protect and disclose your personal data. Please be aware that cookies placed by third parties may continue to track your activities online even after you are no longer using any of the Legends Services, and those third parties may not honor “Do Not Track” requests you have set using your web browser.
We will generally use your personal data on the following legal grounds:
- Where the use of your personal data is necessary for the performance of a contract we are about to enter into or have entered into with you or pursuant to which we are providing services to you or on your behalf;
- Where the use is necessary for the purposes of our legitimate interests (or those of a third party);
- Where we need to comply with a legal or regulatory obligation; or
- Where you have given your consent (which can be withdrawn at any time).
We use personal data that we collect about you or that you provide to us, including any personal data:
- To provide Legends Apps to you.
- To provide the Site and the content that is on it to you.
- To provide the other Legends Services to you.
- For login and security associated with Legends Apps.
- To process and complete transactions, including the application for participation in Legends Apps and sending you related information.
- To ensure compliance with the Terms, including responding to any alleged Prohibited Behavior.
- To provide technical and other support to you.
- To send you news or information about us that may be of interest to you.
- To enable Service Providers to perform certain responsibilities and provide certain services in connection with Legends Apps and our business and operations.
- To fulfill any other purpose for which you provide it.
- To provide you with notices about your account.
- To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
- To notify you about changes to Legends Apps, the Site and the other Legends Services.
- For quality control and to improve Legends Apps and the other Legends Services.
- To enhance the safety and security of Legends Apps and the other Legends Services.
- To verify your identity and prevent fraud or other unauthorized or illegal activity.
- In any other way we may describe when you provide the information.
- For any other purpose with your consent.
Some of the personal data that we collect automatically is statistical personal data and does not include personal data, but we may maintain it or associate it with personal data we collect in other ways or receive from third parties or you provide to us. It helps us to improve Legends Apps, the Site and the other Legends Services, and to deliver a better and more personalized service, including enabling us to:
- Estimate our audience size and better understand usage patterns.
- Store personal data about your preferences, enabling us to customize the Site according to your individual interests.
- Speed up your searches.
- Recognize you when you return to Legends Apps and the Site.
Storage and Transfer of Your Personal data
We may store any personal data or other information that we collect (personal or otherwise) ourselves or in personal databases and servers owned and maintained by us, our affiliates, agents or Service Providers. If you access or use the Site, apply for your child’s admission to Legends Apps or access or use any of the other Legends Services or your child participates in Legends Apps outside of the United States, personal data that we collect about you may be transferred to servers inside the United States and maintained indefinitely, which may involve the transfer of personal data out of countries located in the European Economic Area and other parts of the world unless otherwise prohibited by applicable law or agreed by Legends and you. By allowing Legends to collect personal data about you and your child, you consent to such transfer and processing of such personal data without restriction. We may also store some personal data locally on your computer or other devices. For example, we may store personal data as local cache so that you can open the Site and view content faster. Although users from all over the world may apply for admission to, and participate in, Legends Apps, or access the Site and the other Legends Services, keep in mind that no matter where you live or where you happen to use our services, you consent to us processing and transferring personal data in and to the United States and other countries whose personal data-protection and privacy laws may offer fewer protections than those in your home country.
Disclosure of Your Personal Data
- To the parent of a child that has alleged a violation of the restriction on Prohibited Behavior.
- To Service Providers, contractors and other third parties we use to support Legends Apps and our business but only to the extent necessary for them to provide this support.
- To a potential or actual buyer, assignee or other successor (including its related advisors and agents) in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of Legends’ assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which personal data held by Legends about users of the Site and the other Legends Services is among the assets that may be or are actually transferred.
- To fulfill the purpose for which you provide it.
- With your consent.
We may also disclose your personal data:
- To comply with any court order, law or legal process, including to respond to any government or regulatory request.
- To enforce or apply the Terms and other agreements, including for billing and collection purposes.
- If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Legends, our customers, developers, users or others.
Choices About How We Use and Disclose Your Personal Data
We strive to provide you with choices regarding the personal data you provide to us. We have created mechanisms to provide you with the following control over your personal data:
- Promotional Offers from Legends. If you do not wish to have your email address/contact information used by Legends to market or otherwise promote our own or third parties’ products or services, you can opt-out through the unsubscribe mechanism at the bottom of the applicable email. This opt-out does not apply to personal data provided to Legends as a result of a service or product purchase, warranty registration, product service experience or other transactions.
We do not control third parties’ collection or use of your personal data to serve interest-based advertising. You may be able to opt out of receiving personalized advertisements from companies who are members of the Network Advertising Initiative or who subscribe to the Digital Advertising Alliance’s Self-Regulatory Principles for Online Behavioral Advertising. For more information about this practice and to understand your options, please visit: aboutads.info and networkadvertising.org/choices. You may also use TRUSTe’s Preference Manager at preferences-mgr.truste.com.
Our Legal Bases for Handling Your Personal Data
GDPR and the laws in some other jurisdictions require companies to tell you about the legal bases that they rely on to use or disclose your personal data. To the extent that those laws apply, we rely on the following legal grounds to process your personal data:
- Performance of a contract: In most cases, we collect and use your personal data and other information to meet our obligations under a contract to which you are a party or pursuant to which we are providing services to you or your child. For example, when you apply for admission to, or a student participates in Legends Apps or you use the other Legends Services, we will use your personal data to respond to your requests and to provide you (or your child) with these services.
Legitimate interests: We may use your personal data information for our legitimate interests on the grounds that it furthers our legitimate interests in commercial activities (but only to the extent that such interests are overridden by the interests or fundamental rights and freedoms of the affected individuals) including:
- Analyzing and improving Legends Apps, the other Legends Services and our business
- Providing the services pursuant to our contracts with our customers
Legal compliance: We may use and disclose personal data in certain ways to comply with our legal obligations under European or Member State law or other applicable law.
Consent: To the extent required by law, and in certain other cases, we handle personal data on the basis of implied or express consent.
Accessing and Correcting Your Personal Data
You may change, correct or delete any personal data that you have provided to us through your account or by emailing us at firstname.lastname@example.org.
Your California Privacy Rights
California Civil Code Section § 1798.83 permits users of the Site that are California residents to request certain information regarding our disclosure of personal data to third parties for their direct marketing purposes. To make such a request, please send an email at email@example.com.
European Privacy Rights for EEA Individuals.
You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your personal data) if we intend to use your personal data for such purposes or if we intend to disclose your personal data to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your personal data. You can also exercise the right by contacting us directly.
If you are an EEA Individual and GDPR applies and we hold your personal data in our capacity as a controller, you may request that we:
- Provide access to and/or a copy of certain personal data (including, in some cases, in portable form);
- Prevent the processing of your personal data for direct-marketing purposes (including any direct marketing processing based on profiling);
- Update personal data that is out of date or incorrect;
- Delete certain personal data which we are holding about you; provided that the personal data is not required by us for (i) compliance with a legal obligation under European or Member State law or other applicable law or (ii) the establishment, exercise or defense of a legal claim;
- Object to our processing of personal data;
- Restrict the way that we process and disclose certain of your personal data except to the extent that processing is required (i) to comply with a legal obligation under European Member State law or applicable law or (ii) for the establishment, exercise or defense of legal claims;
- Transfer your personal data to a third party to the extent that this is technically feasible; and
- Honor a revocation of your consent for the processing of your personal data (without retroactive effect).
We will consider all requests and provide our response within the time period required by applicable law. Please note, however, that certain personal data may be exempt from such requests in some circumstances, which may include if we need to keep processing your personal data for our legitimate interests or to comply with a legal obligation. We may request you provide us with additional information to confirm your identity before responding to your request. You have the right to lodge a complaint with the authorities applicable to your situation, though we invite you to contact us with any concern, as we would be happy to try to resolve it directly. You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here: https://edpb.europa.eu/about-edpb/board/members_en.
If you are an EEA Individual in France, you also have the right to set guidelines for the retention and communication of your personal data after your death.
If you reside in a jurisdiction other than the European Economic Area, you may also have similar rights to the above. Please contact us at firstname.lastname@example.org if you would like to exercise one of these rights, and we will comply with any request to the extent required under applicable law.
You can exercise any of these rights by contacting us at email@example.com.
How Long We Store Your Personal Data
We will only retain your personal data, in a form which permits us to identify you, for as long as necessary to fulfill the purposes we collected it for. We will retain and use your personal data as necessary to satisfy any legal, accounting or reporting requirements, to resolve disputes or to enforce our agreements and rights. To dispose of personal data, we may anonymize it, delete it or take other appropriate steps. Personal data may persist in copies made for backup and business continuity purposes for additional time.
Personal Data Security
We understand that the security of your personal data is important. We provide reasonable administrative, technical, and physical security controls to protect your personal data. However, despite our efforts, no security controls are 100% effective. Legends cannot ensure or warrant the security of your personal data. Any transmission of personal data is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on Legends Apps, the Site or the other Legends Services.