Privacy Policy

This privacy policy ("Policy") applies between you, the User of this Website and the Privacy360 Platform ("Platform"), and Formiti ("Privacy360", "we", "us", "our"), the owner and provider of this Website and Platform. Privacy360 takes the privacy of your information very seriously. This Policy applies to our use of any and all Data collected by us or provided by you in relation to your use of the Website and Platform.

Please read this privacy policy carefully.

1. Definitions and Interpretation

In this Policy, the following definitions are used:

Data: Collectively all information that you submit to Privacy360 via the Website or Platform. This definition incorporates, where applicable, the definitions provided in the UK GDPR, EU GDPR, and the DPDP Act.

• Personal Data: Any information relating to an identified or identifiable natural person.
• Cookies: A small text file placed on your computer by this Website when you visit certain parts of the Website and/or when you use certain features of the Website.
• Data Fiduciary / Data Controller: The entity that determines the purposes and means of processing Personal Data (in this case, Privacy360 / Formiti).
• Data Principal: The individual to whom the Personal Data relates (as defined under the DPDP Act).
• DPDP Act: The Digital Personal Data Protection Act, 2023 (India).
• GDPR: The General Data Protection Regulation (EU) 2016/679 and the UK GDPR (Data Protection Act 2018).
• COPPA: The Children's Online Privacy Protection Act (United States).
• FERPA: The Family Educational Rights and Privacy Act (United States).
• User or you: Any third party that accesses the Website or Platform and is not either (i) employed by Privacy360 and acting in the course of their employment or (ii) engaged as a consultant or otherwise providing services to Privacy360 and accessing the Website/Platform in connection with the provision of such services.
• Website: The website that you are currently using, https://www.privacy360.io, and any sub-domains of this site unless expressly excluded by their own terms and conditions.

In this Policy, unless the context requires a different interpretation:

• the singular includes the plural and vice versa;
• references to clauses or sub-clauses are to clauses or sub-clauses of this Policy;
• a reference to a person includes firms, companies, government entities, trusts, and partnerships;
• "including" is understood to mean "including without limitation";
• reference to any statutory provision includes any modification or amendment of it.

2. Scope of this Privacy Policy

This Policy applies only to the actions of Privacy360 and Users with respect to this Website and the Platform. It does not extend to any websites that can be accessed from this Website including, but not limited to, any links we may provide to social media websites.

3. Data Collected

We may collect the following Data, which includes Personal Data, from you:

• Name;
• Contact Information such as email addresses and telephone numbers;
• IP address (automatically collected);
• Web browser type and version (automatically collected);
• Operating system (automatically collected);

in each case, in accordance with this Policy.

4. Our Use of Data & Legal Basis

For the purposes of the GDPR, Privacy360 is the "Data Controller." For the purposes of the DPDP Act, Privacy360 is the "Data Fiduciary."

We will process your Data based on one or more of the following legal bases:

• Performance of a Contract: To provide you with our services, manage your account, and fulfill our contractual obligations.
• Legitimate Interest: For our legitimate business interests, such as improving our Website and services, internal record keeping, and ensuring security, provided these are not overridden by your rights.
• Consent: Where you have given us clear, unambiguous consent to process your Personal Data for a specific purpose, such as sending you promotional materials. You may withdraw this consent at any time.
• Legal Obligation: To comply with our legal or regulatory obligations.

Any or all of the above Data may be required by us from time to time to provide you with the best possible service and experience. Specifically, Data may be used by us for the following reasons:

• internal record keeping;
• improvement of our products/services;
• transmission by email of promotional materials that may be of interest to you (where you have consented);
• to fulfill our service obligations when you use our Platform.

5. Data Retention

We will only retain your Personal Data for as long as is necessary to fulfill the purposes for which it was collected. This includes satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process it, and whether we can achieve those purposes through other means.

6. Compliance with U.S. K-12 Student Data Privacy Laws

Privacy360 is committed to protecting the privacy of students in U.S. K-12 educational institutions ("Schools"). When we provide our Platform to Schools, we are subject to laws including COPPA and FERPA.

COPPA (Children's Online Privacy Protection Act):

• Our Platform is intended for use by Schools. In this context, we act as an "operator" and collect Personal Data from students under 13 only for the use and benefit of the School and for no other commercial purpose.
• The School is responsible for obtaining any necessary verifiable parental consent as required by COPPA.
• We do not use student data for targeted advertising or build profiles for any commercial purpose.
• Parents have the right to review the Personal Data we have collected from their child, direct us to delete it, and refuse to permit further collection. To exercise these rights, parents should contact their child's School directly.

FERPA (Family Educational Rights and Privacy Act):

• When providing services to Schools, Privacy360 acts as a "School Official" and receives PII from "Education Records" as defined by FERPA.
• This data remains under the direct control of the School.
• We will only use this data for the specific, legitimate educational purpose for which it was disclosed (i.e., providing the Platform) and will not re-disclose it or use it for any other purpose.
• Upon termination of our contract with a School, we will destroy or return all student PII from education records as directed by the School, in accordance with our agreement and applicable law.

7. Third-Party Websites and Services

Privacy360 may, from time to time, employ the services of other parties (Data Processors) for dealing with certain processes necessary for the operation of the Website and Platform (e.g., payment processing, hosting). The providers of such services have access to certain Personal Data provided by Users.

Any Data used by such parties is used only to the extent required by them to perform the services that we request. We have appropriate contracts in place to ensure they protect your Data.

8. Data Storage and International Transfers

Your Data may be stored, processed in, and transferred to countries outside of your country of residence. We take steps to ensure your privacy rights continue to be protected as outlined in this Policy.

• For UK/EEA Residents: Data which we collect from you may be transferred to countries outside of the UK or European Economic Area (EEA). If we transfer Data outside the UK/EEA, we will ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) and/or the UK Addendum, or that the transfer is to a country deemed to provide an adequate level of data protection.
• For U.S. K-12 Data: All Personal Data collected from U.S. Schools (including student data) will be stored and processed exclusively within the United States.
• For Indian Residents: All Personal Data All Personal Data collected from Individuals residing in India will be stored and processed exclusively within the India

9. Your Data Protection Rights

We provide a high standard of data protection to all our users, regardless of location. Your rights may vary depending on your jurisdiction, but generally include:

• Right to Access: The right to request copies of your Personal Data.
• Right to Rectification: The right to have your Data corrected if it is inaccurate or incomplete.
• Right to Erasure (Right to be Forgotten): The right to request that we delete or remove your Data from our systems.
• Right to Restrict Processing: The right to "block" or suppress the processing of your Data.
• Right to Data Portability: The right to request that we move, copy or transfer your Data.
• Right to Object: The right to object to our use of your Data, particularly for direct marketing.
• Right to Withdraw Consent: Where we rely on consent as our legal basis, you have the right to withdraw that consent at any time.

Specific Regional Rights:

• For UK/EEA Residents: You have the rights listed above under the GDPR, and the right to lodge a complaint with a supervisory authority (e.g., the Information Commissioner's Office (ICO) in the UK).
• For Indian Residents (Data Principals): You have the rights granted under the DPDP Act, including:
  • The right to grievance redressal.
  • The right to nominate another individual to exercise your rights in the event of your death or incapacity.

How to Exercise Your Rights:

To make enquiries, exercise any of your rights set out above, or withdraw your consent, please contact us at privacy@privacy360.io. or click here 

We will not charge a fee to access your Personal Data, in line with your rights under applicable law.

10. Security

Data security is of great importance to Privacy360. We have put in place suitable physical, electronic, and managerial procedures to safeguard and secure Data collected via this Website and Platform.

If password access is required for certain parts of the Website or Platform, you are responsible for keeping this password confidential.

Transmission of information over the internet is not entirely secure. While we will do our best to protect your Personal Data, we cannot guarantee the security of your Data transmitted to the Website; any transmission is at your own risk.

11. Our Use of Cookies

This Website may place and access certain Cookies on your computer.

• Necessary Cookies: We use necessary Cookies to make our site work and enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.
• Analytical Cookies: We may choose to use analytical Cookies to help us provide you with the best possible experience by collecting and reporting information on how the website is used. The cookies collect information in a way that does not directly identify anyone.

You can manage your cookie preferences at any time by clicking the cookie symbol at the bottom of the page.

12. General

• You may not transfer any of your rights under this Policy to any other person. We may transfer our rights under this Policy where we reasonably believe your rights will not be affected.
• If any court or competent authority finds that any provision of this Policy (or part of any provision) is invalid, illegal or unenforceable, that provision or part-provision will, to the extent required, be deemed to be deleted, and the validity and enforceability of the other provisions will not be affected.
• This Agreement will be governed by and interpreted according to the law of England and Wales. All disputes arising under the Agreement will be subject to the exclusive jurisdiction of the English and Welsh courts.

13. Changes to this Privacy Policy

Privacy360 reserves the right to change this Policy as we may deem necessary from time to time or as may be required by law. Any changes will be immediately posted on the Website, and you are deemed to have accepted the terms of the Policy on your first use of the Website following the alterations. We recommend you check this page regularly.

14. Contact and Grievance Redressal

To contact us, ask questions about this Policy, or exercise your data protection rights, please email our Data Protection team at:

privacy@privacy360.io

If you are a Data Principal in India, you may also use this email address for grievance redressal in accordance with the DPDP Act.