Last updated: July 12, 2022
If you are a child (under 13 years old) and need help understanding this policy, you should ask a grown-up to read it and explain it to you.
WHAT INFORMATION DOES GONOODLE COLLECT FROM UNREGISTERED USERS?
Users may access our Services without registering for an Account, as defined in our Terms of Service. For Non-Account holders, we may collect the following (collectively, “Non-Personal Data”):
- IP Address;
- Device ID (when accessed through Apple TV);
- Operating system;
- URL of the site users came from;
- Browser version;
- Pages users visit;
- Whether a user self-selects as an educator or not;
- Search terms within our Services; and
- Other “clickstream” data.
We may collect this Non-Personal Data ourselves or use a third party to collect and process the information on our behalf. A list of third parties who collect, use, or store our user’s personal information can be found on our Third Party List.
WHAT INFORMATION DOES GONOODLE COLLECT FROM REGISTERED GROWN-UPS?
Parents, legal guardians, or other adults in the home (“Grown-Ups”) will need to register to create a Family Account. When a Grown-Up registers to create an account (a “Family Account”), we collect the following information from the Grown-Up:
- Birth year (collected only for age verification purposes and discarded when registration is complete);
- Email address;
- IP Address; and
WHAT INFORMATION DOES GONOODLE COLLECT FROM REGISTERED EDUCATORS?
When an Educator registers to create an account (an “Educator Account”), we collect the following information from the Educator:
- First name;
- Last name;
- Email address;
- Zip Code;
- Password; and
- School Name.
Once the Educator Account is created, we collect the following information from the Educator:
- Class Name;
- Grade Level; and
- Number of Students in the class.
Note: Students do not create Educator Accounts and are not intended to. Accordingly, we do not knowingly collect Personal Data from or about students through Educator Accounts. Instead, the Educator Account is created, and the Services displayed, by the educator to the class.
WHAT INFORMATION IS GONOODLE CAREFUL NOT TO COLLECT?
Personal Data is information which is related to an identified or identifiable natural person, including information that directly or indirectly identifies a natural person (collectively. “Personal Data”). GoNoodle never collects Personal Data from children. We place account registration for all child-directed properties behind an age-gate, to prevent children from inadvertently registering.
Beyond what is disclosed above, GoNoodle would only collect Personal Data from a child under the age of thirteen (13) after notifying the child’s Grown-Up and obtaining consent in advance. In the event that we learn that we have accidentally collected such Personal Data without the requisite and verifiable parental consent, we delete that information from our database as quickly as practical.
Parents may review their child’s Personal Data or request that their child’s Personal Data be deleted or no longer collected or used by contacting us at email@example.com.
HOW DOES GONOODLE USE THE INFORMATION IT COLLECTS?
For Grown-Ups registering for Family Accounts, we use the Grown-Up’s email address to send Account verification emails and to send updates about how the Services are being used. Once the Grown-Up clicks the link in the Account verification email, the Account is created and a zip or other postal code is assigned to the Account based on the IP address. If a Grown-Up does not complete registration within seven (7) days of the verification email, GoNoodle deletes the Personal Data associated with the Account set up from its records.
Once registered for a Family Account, we may collect and retain contact information and other Personal Data from the Grown-Up in a number of ways, such as when the Grown-Up requests email updates or other information, completes customer surveys, or submits a feedback or contact form. We use the zip code to display content from local underwriters and sponsors. When a user contacts us by phone, email, or postal mail, we may also receive and process that user’s Personal Data.
In addition to the Personal Data we collect, we create aggregated, de-identified data and use it to improve our Services, to demonstrate the efficacy of our Services, and to develop new services. We share aggregated, de-identified information with our sponsors to let them know how many users viewed and interacted with their materials but this information does not identify any individual. We do not sell Grown Ups’ Personal Data.
We engage third-party service providers that help us administer and provide the Services (for example, a web hosting company whose services we use to host our application). In some cases, these third parties need access to Personal Data, and so we may share Personal Data to the extent necessary in order for them to be able to perform those services for us. We maintain and regularly update an active Third Party List of service providers who have access to our users’ Personal and Non-Personal Data.
For Educator Account holders, we use the information we collect to create the Account, associate the Account with the correct school, and better understand the geographic distribution of our user base, as examples. We collect date of birth to verify eligibility for the Services, however we discard it once registration is complete. We may also provide aggregated, de-identified information about Educators’ use of GoNoodle to our sponsors or the Educators’ education institution administrator. GoNoodle does not share Educators’ names or sell Educators’ Personal Data.
GoNoodle also uses “cookies” to enhance users’ Site visits. A “cookie” is information either temporarily or permanently stored in a file on users’ computer. Users can set their browser to reject cookies, but that may limit use of some GoNoodle features. For more information on cookies and how GoNoodle uses them, please see our Cookie Notification.
DOES GONOODLE USE THIRD-PARTY TRACKING?
For more information about third-party advertisers and how to prevent them from using your information, visit the NAI’s consumer website at http://www.networkadvertising.org/choices or http://www.aboutads.info/choices/. If you want to opt out using these tools, you need to opt out separately for each of your devices and for each web browser (such as Google Chrome, Firefox, or Safari) that you use on each device.
HOW GONOODLE COMMUNICATES WITH USERS
We do not send marketing messages to children. We do send emails to Grown-Ups or Educators with information about our Services that we believe may be of interest when these users have opted in to receive those messages. Users may opt out of receiving email messages by contacting us at firstname.lastname@example.org or by clicking on the “unsubscribe” link found at the bottom of every email that we send.
Grown-Ups and Educators may also choose to subscribe to email newsletter communications from GoNoodle. These communications may include invitations to participate in GoNoodle promotions or surveys, as well as information about GoNoodle events, updates, and other activities, and users may provide us with additional information when they participate in these activities. In addition, users may provide us with additional information when they fill out the feedback or support contact forms. We use the information provided to respond to their concern.
GoNoodle is committed to making the Site, Apps and Services accessible to everyone. We continue our mission to follow Web Content Accessibility Guidelines (WCAG) and use Accessible Rich Internet Applications (ARIA) specification to help support people with disabilities.
If you do encounter any difficulty using GoNoodle, please reach out to us via email@example.com with details about the section or webpage, and we will make all reasonable efforts to make that page accessible.
We are committed to protecting the security, integrity, and confidentiality of all user data through the use of commercially-reasonable physical, technical and administrative safeguards. GoNoodle stores data in secure cloud-based environments and uses server authentication and industry-standard firewalls in an effort to prevent interference or access from outside intruders. We also require unique account identifiers, user names, and passwords that must be entered each time users access the Services.
Nonetheless, despite GoNoodle’s security efforts described above, it is common knowledge that transmission of information via the Internet is not wholly secure, and we cannot guarantee the security of Personal Data transmitted to or through any of our Services. Any transmission of Personal Data by you is at your own risk. By using our Services, you acknowledge and accept these risks. As a result, we cannot guarantee or warrant the security of any information you disclose or transmit to us or that are otherwise provided to us and we cannot be responsible for the theft, destruction, or inadvertent disclosure of information. It is your responsibility to safeguard any passwords, ID numbers, or other special access features associated with your use of the Services. Any transmission of information is at your own risk. By using our Services, you acknowledge and accept these risks.
You are responsible for maintaining the confidentiality of your user name and password, as well as the credentials of any other users operating under your Account. If you become aware of, or suspect, any unauthorized use of an Account or loss of your or your users’ Account credentials or suspect any other security incident related to GoNoodle, notify us immediately at firstname.lastname@example.org.
DATA RETENTION AND PRIVACY REQUESTS
We retain data for as long as an Account is active, and for a period of time afterward to retain account continuity for educators. Within twenty-four (24) months of inactivity on any Account, we will delete the Account and the associated Personal Data.
If you would like to access, review, update, rectify, and delete any Personal Information we hold about you, or exercise any other data subject right available to you under the EU General Data Protection Regulation (GDPR) or CCPA, send your request to email@example.com.
Our privacy team will examine your request and respond to you as quickly as possible. We will honor deletion requests for deleting the Account and the associated Personal Data within thirty (30) days. When you delete your Account, it cannot be recovered. Please note that we do retain aggregated, de-identified data for the purposes described above.
GDPR: DATA COLLECTION IN THE EEA
Under the General Data Protection Regulation (EU) 2016/679 (known as, “GDPR”), GoNoodle functions as a “data controller” when we process certain Personal Data from Grown-Ups who access GoNoodle through a Family Account and for Educators who create an Educator Account in order to maintain and provide the Services, and for any marketing communications that Educators and Grown-Ups may opt in to receive.
If you are a user accessing our Services from within the EEA (such user herein referred to as a “Data Subject”), we may ask for your consent so that we may process your Personal Data. For example, we will ask for your consent to send you marketing information. However, in certain situations, applicable data protection law allows us to process your Personal Data without needing to obtain your consent. For example:
- To perform our contractual obligations to you, including fulfilling requests you have made, contacting you in relation to any issues with your use of the Services, or where we need to provide your Personal Data to our service providers who help us operate the Services.
- To comply with laws, regulators, court orders, or other legal obligations.
We also use automated data collection tools to correlate your IP address with your location, sufficient to recognize your zip or postal code in order to display local sponsor or underwriter information or notify you of local events.
We will use your Personal Data as described above and for other purposes, including the following:
- To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to ask a question about our services, we will use that Personal Data to respond to your inquiry.
- To provide, support, personalize, and develop our Services, including without limitation, receiving, processing, and responding to feedback.
- To our third party service providers to allow them to provide features on our behalf as described below.
- To create, maintain, customize, and secure your account with us.
- To personalize your experience with the Services and to deliver content, and service offerings relevant to your interests and/or geographic location, including targeted offers and ads through our Services, third-party sites, and via email or text message (with your consent, in accordance with applicable law).
- For testing, research, analysis, and product development, including to develop and improve our Services and products through focus groups and surveys.
- To communicate information to you (e.g., new features, products, or services), and to send you relevant emails and communications that may be of interest to you and that you have opted in to receive.
- To help maintain the safety, security, and integrity of our Services, databases, and other technology assets, and business, including without limitation, to investigate suspected violations of our Terms of Service, suspected fraud, or other unlawful activity.
- To enforce our agreements, terms, conditions, and policies, and to notify you of any updates to the same.
- As may be required by law or by a court order, in which case we shall attempt to notify you and work with you to seek to limit the scope of the required disclosure.
- With your consent and as permissible under applicable laws and regulations.
EU RESIDENTS: YOUR DATA RIGHTS
When we are operating as a Controller as described above, Data Subjects are provided with certain rights related to your Personal Data. Note that in circumstances where we are operating as a Processor, you may have similar rights with the controller. In those circumstances, please contact your controller to exercise your rights. We will work with them and with you to address any requests you may have related to exercising your rights as described below.
Please note that the rules in your country may provide you with additional rights or may limit the rights noted below. In all cases, we will act in accordance with applicable laws.
- Right of access. You may obtain confirmation about whether Personal Data concerning you is processed, and request access to the Personal Data, including the purposes of the processing, the categories of Personal Data concerned, a copy of the Personal Data, and the recipients or categories of recipients to whom the Personal Data have been or will be disclosed. However, this is not an absolute right and the interests of other individuals may restrict your right of access.
- Right to rectification. You may have inaccurate Personal Data concerning you corrected. Depending on the purposes of the processing, you may have the right to have incomplete Personal Data completed, including by providing a supplementary statement.
- Right to erasure ("right to be forgotten"). Under certain circumstances, you may have Personal Data concerning you erased.
- Right to restriction of processing. Under certain circumstances, you may restrict us from processing your Personal Data. In this case, the respective data may only be processed by us for certain purposes.
- Right to data portability. Under certain circumstances, you may receive the Personal Data concerning you in a structured, commonly-used, machine-readable format, and you may have the right to transmit that data to another entity without hindrance from us.
- Right to object. Under certain circumstances, you may object, on grounds relating to your particular situation, or at any time where Personal Data is processed for direct marketing purposes to the processing of your Personal Data by us, and we can be required to no longer process your Personal Data. If Personal Data concerning you is processed for direct marketing purposes, you also have the right to object at any time to the processing of that Personal Data for that marketing, including profiling to the extent that it is related to the direct marketing. In this case we will no longer process your Personal Data for such purposes.
If you have provided your consent for our processing of your Personal Data, you may revoke that consent at any time by sending your request to firstname.lastname@example.org. That withdrawal will not impact the lawfulness of the processing prior to your revocation of consent.
INTERNATIONAL DATA TRANSFERS
However, this does not change our commitments to safeguard your privacy and we will comply with all applicable laws relating to the cross-border data disclosure of your Personal Data. Where required, we implement Standard Contractual Clauses with our third parties pursuant to the requirements of the EU General Data Protection Regulation (“GDPR”), and you may request a copy of the Standard Contractual Clauses by emailing us at email@example.com.
CALIFORNIA AND CCPA PRIVACY RIGHTS AND DISCLOSURES
California Civil Code Section 1798.83 permits users of the Site and the Apps who are California residents to request and obtain from us a list of what Personal Data (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year and the names and addresses of those third parties. Requests may be made only once a year and are free of charge. Under Section 1798.83, California residents are entitled to request and obtain such information, by filling out and submitting this GoNoodle Privacy Portal Form, or calling this toll-free number:
You can also request to review, correct, update, or have deleted your Personal Data from our database by contacting us at firstname.lastname@example.org or calling the toll-free number above.
DATA PROTECTION OFFICER
Our appointed Data Protection Officer is Daniel Paulson. If you have an inquiry regarding your Personal Data, pursuant to the rights listed in the preceding section (above), please send your message to the following:
Attn: Daniel Paulson
Re: Data Privacy Inquiry
By email: email@example.com
By telephone: 800-514-1362
By regular mail: Privacy Request
209 10th Avenue South
Nashville, TN 37203