GoNoodle, Inc. (“GoNoodle,” “we,” “us,” or “our”) oversees the GoNoodle Games Application and related services (collectively, our “Application”). We have developed this Privacy Policy to inform users (“user(s),” “you,” or “your”) about how we collect information in the course of conducting our business, including on the Application, how we use the collected information, and a user’s rights with respect to the collected information.

Please read this Privacy Policy carefully. If you do not agree to be bound by this Privacy Policy, then do not access or use the Application. By accessing and/or using the Application, you accept and agree to be bound by this Privacy Policy. This Privacy Policy is incorporated into our End User License Agreement, which can be accessed at https://www.gonoodle.com/company/p/eula (“EULA”). Your use of our Application and any Personal Information you provide through the Application are subject to this Privacy Policy at all times.

If you have any questions about this Privacy Policy, please contact us at privacy@gonoodle.com or at the contact information below.

If you are a child (under 13 years old) and need help understanding this policy, you should ask a grown-up to read it and explain it to you.

WHAT INFORMATION DOES GONOODLE COLLECT FROM USERS OF GONOODLE GAMES?

Users may access the Application without registering for an Account, as defined in our Terms of Service, which can be accessed at https://www.gonoodle.com/company/p/tos. For non-Account holders, we may collect the following (collectively, “Non-Personal Data”):

• Device ID;
• Zip-Code (as provided by IP address);
• Operating System; and
• Other “clickstream” data.

We may collect this Non-Personal Data ourselves or use a third party to collect and process the information on our behalf. A list of third parties who collect, use, or store our user’s personal information can be found on a Third Party List, which can be accessed at https://www.gonoodle.com/company/p/third-party-operators.

Parents, legal guardians, or other adults in the home (“Grown-Ups”) who use the Application have the option to register for an Account. Those who elect to register will be asked to provide the following information upon registration:

• Birth year (collected only for age verification purposes and discarded when registration is complete);
• Email address; and
• Zip Code (as provided by the IP address).

GoNoodle uses the e-mail address to send a verification e-mail for the Account. Once the Grown-Up clicks the link in the e-mail, the Account creation is confirmed, and a randomly generated Device ID is assigned to the Account solely for purposes of authentication and analytics. For registered users, we will collect details about gameplay on our Application, including, but not limited to, app and game launch events, high scores achieved, gameplay obstacles avoided and hit, and app navigation events. Non-Personal Data, Grown-Up e-mail, username, password, device identifier and gameplay details shall be collectively referred to herein as “Information.

HOW DOES GONOODLE USE THE INFORMATION IT COLLECTS?

We use Information we collect to improve navigation, make personalized features and other services available to you, to generate statistical information, monitor and analyze user traffic and usage patterns, monitor and prevent fraud, investigate complaints and potential violations of our policies, to improve the our content and the products, services, materials, and other content that we describe or make available through the Application, and otherwise help administer and improve the Application.

Except as otherwise stated, we may use information we collect from you for the legitimate business purpose of providing our Application to you, including, but not limited to:

• Create, maintain, customize, and secure your Account with us;
• Responding to your requests, communicating with you, and providing user support;
• Customizing your experience;
• Measuring and improving our Application;
• Enforcing our agreements, terms, conditions, and policies;
• To our third party service providers to allow them to provide features on our behalf;
• Investigating suspected violations of our EULA, suspected fraud or other unlawful activity;
• As may be required by law or by a court order, in which case we shall attempt to notify you and work with you to seek to limit the scope of the required disclosure;
• In the event of a reorganization, merger, sale, bankruptcy, or other business change, in which case your information will remain subject to the terms of this Privacy Policy; and
• With your consent and as permissible under applicable laws and regulations.

We do not send marketing messaging to children. We do send emails to Grown-Ups with information about our Application that we believe may be of interest when these users have opted in to receive those messages. Users may opt out of receiving email messages by contacting us at support@gonoodle.com or by clicking on the “unsubscribe” link found at the bottom of every email that we send.

We do not sell or rent Personal Information to marketers or unaffiliated third parties. We may provide de-identified, aggregated usage information to corporate affiliates, including corporate parents, subsidiaries, other affiliated entities, and associated entities in order to fulfill contractual agreements, which are required to treat the information in accordance with this Privacy Policy. Additionally, we may share Personal Information with the following parties:

• Service providers that help us administer and provide the Application. While we may seek to limit these third parties’ use of your Personal Information solely to providing services to us and that they maintain the confidentiality, security, and integrity of your Information and not make unauthorized use or disclosure of the Information, we may not have contracts mandating such measures in place with all of our third parties. A complete list of third parties that may have access to users’ Personal Information is available upon verified request;
• Third parties in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings), in which case we will require the recipient to use such information in accordance with this Privacy Policy;
• As we believe necessary: (i) under applicable law; (ii) to enforce applicable terms and conditions; (iii) to protect our rights, privacy, safety or property, and/or that of our affiliates, you, or others; (iv) to detect, prevent, or otherwise address fraud, security or technical issues; (v) to respond to claims that contact information (e.g. name, e-mail address, etc.) of a third-party has been posted or transmitted without their consent or as a form of harassment and (vi) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include authorities outside your country of residence; and
• Pursuant to your express consent.
  

SECURITY

We are committed to protecting the security, integrity, and confidentiality of all user data through the use of commercially-reasonable physical, technical and administrative safeguards. GoNoodle stores data in secure cloud-based environments and uses server authentication and industry-standard firewalls in an effort to prevent interference or access from outside intruders. We also require unique account identifiers, user names, and passwords that must be entered each time users access the Services.

Nonetheless, despite GoNoodle’s security efforts described above, it is common knowledge that transmission of information via the Internet is not wholly secure, and we cannot guarantee the security of your data transmitted to or through any of our Services. Any transmission of data is at your own risk. By using our Services, you acknowledge and accept these risks. As a result, we cannot guarantee or warrant the security of any information you disclose or transmit to us or that are otherwise provided to us and we cannot be responsible for the theft, destruction, or inadvertent disclosure of information. It is your responsibility to safeguard any passwords, ID numbers, or other special access features associated with your use of the Services. Any transmission of information is at your own risk. By using our Services, you acknowledge and accept these risks.

You are responsible for maintaining the confidentiality of your user name and password, as well as the credentials of any other users operating under your Account. If you become aware of, or suspect, any unauthorized use of an Account or loss of your or your users’ Account credentials or suspect any other security incident related to GoNoodle, notify us immediately at privacy@gonoodle.com.

DATA RETENTION AND PRIVACY REQUESTS

We retain data for as long as an Account is active, and for a period of time afterward to retain account continuity for educators. Within twenty-four (24) months of inactivity on any Account, we will delete the Account and the associated data.

If you would like to access, review, update, rectify, and delete any Personal Information we hold about you, or exercise any other data subject right available to you under the EU General Data Protection Regulation (GDPR) or CCPA, submit a request to privacy@gonoodle.com. Our privacy team will examine your request and respond to you as quickly as possible. We will honor deletion requests for deleting the Account and the associated data within thirty (30) days.

When you delete your Account, it cannot be recovered. Please note that we do retain aggregated, de-identified data for the purposes described above.

GDPR: DATA COLLECTION IN THE EEA

Under the General Data Protection Regulation (EU) 2016/679 (known as, “GDPR”), GoNoodle functions as a “data controller” when we process certain data from Grown-Ups who access GoNoodle through a Family Account and for Educators who create an Educator Account in order to maintain and provide the Services, and for any marketing communications that Educators and Grown-Ups may opt in to receive.

In these situations, the data processing and protection practices are explained in this Privacy Policy, the above-mentioned Terms of Service, as well as with, where applicable, a contractual agreement with the educational institution with which the Educator users are affiliated.

If you are a user accessing our Services from within the EEA (such user herein referred to as a “Data Subject”), we may ask for your consent so that we may process your data. For example, we will ask for your consent to send you marketing information. However, in certain situations, applicable data protection law allows us to process your data without needing to obtain your consent. For example:

• To perform our contractual obligations to you, including fulfilling your orders or requests you have made, contacting you in relation to any issues with your use of the Services, or where we need to provide your data to our service providers who help us operate the Services.
• To comply with laws, regulators, court orders, or other legal obligations.
• To fulfill our “legitimate interests,” including to communicate with you regarding the Services including about changes to the Services, to respond to your questions about your use of the Services, to support our investigation of suspected illegal activity, to protect and defend our rights and property, or the rights or safety of others, to develop, provide, and improve our Services and to enforce our Terms of Service, End User License Agreement, and this Privacy Policy.

We also use automated data collection tools to correlate your IP address with your location, sufficient to recognize your zip or postal code in order to display local sponsor or underwriter information or notify you of local events.

We will use your data as described above and for other purposes, including the following:

• To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to ask a question about our products or services, we will use that data to respond to your inquiry. If you provide your data to purchase a product, we will use that information to process your payment and facilitate delivery. We may also save your information to facilitate new product orders or process returns;
• To fulfill our reporting obligations to underwriters, sponsors, and other partners as described in our Privacy Policy, and to inform our Board of Directors;
• To provide, support, personalize, and develop our Services and products, including without limitation, receiving, processing, and responding to feedback;
• To our third party service providers to allow them to provide features on our behalf as described below;
• To create, maintain, customize, and secure your account with us;
• To process your requests, purchases, transactions, and payments and prevent transactional fraud;
• To personalize your experience with the Services and to deliver content, product, and service offerings relevant to your interests and/or geographic location, including targeted offers and ads through our Services, third-party sites, and via email or text message (with your consent, in accordance with applicable law);
• For testing, research, analysis, and product development, including to develop and improve our Services and products through focus groups and surveys;
• To communicate information to you (e.g., new features, products, or services), and to send you relevant emails and communications that may be of interest to you and that you have opted in to receive;
• To help maintain the safety, security, and integrity of our Services, databases, and other technology assets, and business, including without limitation, to investigate suspected violations of our Terms of Service, suspected fraud, or other unlawful activity;
• To enforce our agreements, terms, conditions, and policies, and to notify you of any updates to the same;
• As may be required by law or by a court order, in which case we shall attempt to notify you and work with you to seek to limit the scope of the required disclosure;
• As described to you when collecting your data or as otherwise set forth in this Privacy Policy;
• To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as an ongoing concern or as part of bankruptcy, liquidation, or similar proceeding, wherein data held by us about our users is among the assets transferred, in which case your information will remain subject to the terms of this Privacy Policy; and
• With your consent and as permissible under applicable laws and regulations.
  

EU RESIDENTS: YOUR DATA RIGHTS

When we are operating as a Controller as described above, Data Subjects are provided with certain rights related to your data. Note that in circumstances where we are operating as a Processor, you may have similar rights with the controller. In those circumstances, please contact your controller to exercise your rights. We will work with them and with you to address any requests you may have related to exercising your rights as described below.

Please note that the rules in your country may provide you with additional rights or may limit the rights noted below. In all cases, we will act in accordance with applicable laws.

1. Right of access. You may obtain confirmation about whether data concerning you is processed, and request access to the data, including the purposes of the processing, the categories of data concerned, a copy of the data, and the recipients or categories of recipients to whom the data have been or will be disclosed. However, this is not an absolute right and the interests of other individuals may restrict your right of access.
2. Right to rectification. You may have inaccurate data concerning you corrected. Depending on the purposes of the processing, you may have the right to have incomplete data completed, including by providing a supplementary statement.
3. Right to erasure ("right to be forgotten"). Under certain circumstances, you may have data concerning you erased.
4. Right to restriction of processing. Under certain circumstances, you may restrict us from processing your data. In this case, the respective data may only be processed by us for certain purposes.
5. Right to data portability. Under certain circumstances, you may receive the data concerning you in a structured, commonly-used, machine-readable format, and you may have the right to transmit those data to another entity without hindrance from us.
6. Right to object. Under certain circumstances, you may object, on grounds relating to your particular situation, or at any time where data are processed for direct marketing purposes to the processing of your data by us, and we can be required to no longer process your data. If data concerning you is processed for direct marketing purposes, you also have the right to object at any time to the processing of that data for that marketing, including profiling to the extent that it is related to the direct marketing. In this case we will no longer process your data for such purposes.

If you have provided your consent for our processing of your data, you may revoke that consent at any time by contacting privacy@gonoodle.com. That withdrawal will not impact the lawfulness of the processing prior to your revocation of consent.

CALIFORNIA AND CCPA PRIVACY RIGHTS AND DISCLOSURES

If you are a child (under 13 years old) living in California and need help understanding this “California and CCPA Privacy Rights and Disclosures” section, you should ask a Grown-Up to read it and explain it to you.

This California Privacy Policy (“Privacy Notice”), which can be accessed at http://gndle.me/CAPrivPol, provides the information required under the California Consumer Privacy Act of 2018 (“CCPA”) and applies to GoNoodle’s activities relating to California Consumers’ data.

California Civil Code Section 1798.83 (known as, “CCPA”) permits users of the Site and the Apps who are California residents to request and obtain from us a list of what data concerning you (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year and the names and addresses of those third parties. Requests may be made only once a year and are free of charge. Under Section 1798.83, California residents are entitled to request and obtain such information, by contacting privacy@gonoodle.com or calling this toll-free number:

1-800-514-1362

You can also request to review, correct, update, or have deleted data concerning you from our database by contacting privacy@gonoodle.com, or calling the toll-free number above.

DATA PROTECTION OFFICER

Our appointed Data Protection Officer is Lizzie Keiper. If you have an inquiry regarding your data, pursuant to the rights listed in the preceding section (above), please send your message to the following:

Attn: Lizzie Keiper

Re: Data Privacy Inquiry

Email: privacy@gonoodle.com

CHANGES TO THIS PRIVACY POLICY

We may make changes to this Privacy Policy from time to time, and you should review it periodically so that you know about the changes. Changes are effective once posted on the Services. If we make any material changes to this Privacy Policy, we will notify and obtain prior consent of the Account holder using the email address provided during registration or otherwise as required by law.

CONTACT US

If you have any questions or comments about our Privacy Policy, please contact us at:

By email: privacy@gonoodle.com

By telephone: 800-514-1362

By regular mail:

Privacy Request

GoNoodle, Inc.

209 10th Avenue South

Suite 517

Nashville, TN 37203