Data Protection
15122021
This Notice is addressed to the holder of the parental responsibility of the User.
This Notice explains the what, how, and why of the information we collect when an account is created to access and use the Website and Services. It also explains the specific ways we use and disclose that information.
The access and use of the Website and Services by the User requires Parent’s agreement with this Notice. Parents must carefully read the contents of this page before accepting. If the Parent does not consent or withdraw consent, then we will not collect, use, or disclose any Personal Data about the User, and the User will not be allowed to use the Services in any way. If the Parent does not provide consent within a reasonable time from the date the notice was sent, we will also delete your online contact information from our records.
1. Definitions
“We” “Us” “Morphoses” means Morphoses Skills Ltd.
“You” “Parent” means the holder of the parental responsibility of the User or the person acting on his behalf.
“User” means the minor accessing and using the Service via Parent’s Account.
“Website” means www.morphoses.io and all subdomains.
“Service” means the offerings of Morphoses made available via the Website.
“Instructor” means the Instructor conducting a particular online class where a User is enrolled.
“Controller” means the natural or legal person, which, alone or jointly with others, determines the purposes and means of the processing of personal data.
“Data Protection Legislation” means the following legislation to the extent applicable from time to time: (a) the General Data Protection Regulation 2016/679 (“GDPR”) (b) any applicable national law, regulation, and guidelines from the competent data protection authority; and (c) any applicable successor texts or other similar national data protection law.
“Data Subject” means a data person as such term is defined in Data Protection Legislation.
“Personal Data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processor” means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
“Recipient” means the natural or legal person to which the personal data are disclosed, whether a third party or not.
“Third party” means a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
“Process” “Processing” means any operation or set of operations that is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Special Category Data” means Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
“Consent” of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
“Personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored, or otherwise processed;
2. Who is responsible for data processing?
The Controller of your Personal Data is:
Morphoses Skills Ltd
Kemp House, 160 City Road,
EC1V 2NX, London, UK,
Company registration number 13526879
3. What data is processed and where does this data originate?
We may collect Personal Data about a User directly from the Parent. In cases where parental consent has been provided, we may collect personal data directly from the User. Users cannot enroll in classes through the Service and can only attend classes if the Parent enrolls them. Parents provide us with the User’s name and age. Parents may additionally provide us with descriptions of the type of schooling the User attends, local time zone, and additional notes for the Instructor. In addition, Children may share information about themselves during online classes. Class sessions take place over online videos in which video images and audio of the Users are recorded. We also do not condition participation in our Services for Children on the collection of more Personal Data than is reasonably necessary.
Via or due to the access and use of the Website and Service we may collect information about the User that alone or in combination, could be used to identify the User, User’s device, or household (“Personal Data”), as further described below:
Data provided by User or Parent:
We collect Personal Data from You or the User when you directly provide it to us, such as when registering for a User account to access and use the Website and Services or when You or the User communicates with Morphoses in any way. That information may include Parent’s or User’s: (a) identification and contact information (b) name or publicly posted name from a linked third party account, (c) email address (d) credit card or other payment information if provided, (e) demographic data, (f) questions that are put to the community and responses returned to the community (g) information relevant to teaching (such as dates of examinations, grades, learning disabilities etc.), if disclosed to Morphoses, Classes for which you have enrolled; Video of image and audio of User’s voice during classes which are automatically recorded; Content and communications that User may include or upload like User’s profile photo or messages User shares with the class; User voluntarily provided profile picture or your third-party account picture linked to your Account Content and Files.
At times, we may allow the User and Parents to submit content, including photos and artwork, along with other information about the User (like age, first name or initials, and city, state, and country) that you may allow us to display publicly. Parents should review User’s submissions and avoid uploading any private information in the Content about the User, family members, or others.
Children may also share information about themselves with the Instructor and the rest of their class during the class session voluntarily, including content, images, and videos they may upload and share with their class.
Class Video Recordings:
Your video image and voice audio and potentially background images of your home and family members are shared with the Instructor and the rest of the class as they participate in classes. The Recordings are made available to the Instructor of the class and may be shared by the Morphoses Platform to the entire class (and their Parents) to view and review the Instructor and the content. Instructors may access the recordings of their classes and may use the recordings to improve their curriculum We may also use class recordings to provide feedback to Instructors, for customer support, and for compliance purposes. We request that our Instructors refrain from creating copies of the Recordings or from sharing the Recordings with anyone aside from the above recipients, and also request that the above recipients not to re-share the Recordings.
Consent to Record the Course:
By using the services, you understand, agree, and consent to you and/or your child appearing in Class Recordings for the limited purposes set forth above.
Recordings are retained for 7 days and then permanently deleted. If you wish your child’s image not to be captured you should not open the camera during the session. We will not use class recordings containing images of you (or your children) for promotional or any other purposes without your express written consent.
Parental Choices and Controls:
At any time, you can review and refuse to permit us to collect further Personal Data from your children in association with your account. You can also request that we delete from our records the Personal Data we have collected in connection with that account. Please keep in mind that a request to delete records may lead to a termination of an account, membership, or other services. You may review and update certain of your child’s information by logging onto your account.
In your account, you can review topics of interest we have inferred based on your child’s likes and past classes. You can choose to opt out of recommendations based on your child’s activities and instead choose the learning topics you want to hear about. You can contact us to request access to, change, or delete your child’s Personal Data, or revoke consent for our collection, use, and sharing of Personal Data, by sending an email to us at privacy@morpshoses.io.
IMPORTANT NOTICE:
While we expect Instructors and all other Users to abide by our standards of conduct and we take reasonable steps to monitor certain communications and posts, please note that we are not able to control or monitor all Personal Data a User may share with Instructors or other Users, nor what those third parties ultimately do with that information.
Sensitive Data:
Parents may voluntarily provide sensitive information such as health or disability information included in forms or messages to aid with learning of the User.
Data we collect automatically:
When an account user uses or interacts through the Website and Service, we may collect, receive, and store certain data automatically. For example:
Usage Data:
We collect usage data (such as account’s user login times, search terms used, and pages viewed), and other information about User’s device and browser.
Identifiers and Device Information:
We collect account’s user IP Address, device identifiers, operating system type, and browser type. We may use such information and pool it with other information to track usage, device, and system data, for example, the total number of visitors to the Website and the number of visitors to each page of the Website.
Cookies:
We may use “cookies” to provide certain functionality to the Website and Service. A cookie is a piece of information that the computer that hosts the Website assigns to the User’s browser when a User accesses the Website and Service. Cookies help provide additional functionality to the Website and Service and help us analyze Website usage more accurately. On most web browsers, you will find a “help” section on the toolbar. Please refer to this section for information on how to receive a notification when you are receiving a new cookie and how to turn cookies off.
We recommend that you leave cookies turned on because they allow you to take advantage of some of our Sites’ features. For more information about our use of cookies. When you enter our Website a cookie banner will appear where you can read about the cookies we use and provide your consent where necessary.
Aggregated Personal Data:
We may aggregate data, including Personal Data, and use such aggregated data for any purpose. This aggregate information does not identify you personally.
4. What are the purposes of the processing?
We may process Your Personal Data for the following purposes:
- (a) To communicate with you to confirm registration and send updates, provide customers support and security alerts, and other administrative messages. To communicate with you by responding to your requests, comments, and questions. If you contact us, we may use your information to respond. We may also contact you to inform you about changes in our Services, our Services offerings, and important Services-related notices, such as security and fraud notices. In addition, you may receive emails about new product features, promotional communications, or other news about Morphoses.
- (b) For business operations such as processing your payment for the Service, billing, accounting, improving our internal operations, account management, and other administrative matters. We may need to contact you for invoicing, account management, and similar reasons and we use account data to administer accounts and keep track of billing and payments. We use third parties for secure credit card transaction processing, and we send billing information to those third parties to process your orders and credit card payments.
- (c) To enforce compliance with our Terms of Service and applicable law or regulation. This may include developing tools and algorithms that help us prevent violations.
- (d) To protect the rights and safety of Users and third parties, as well as our own. To investigate and help prevent security issues and abuse to detect fraudulent or illegal activity.
- (e) To provide information to representatives and advisors, including attorneys and accountants, to help us comply with legal, accounting, or security requirements.
- (f) To meet legal requirements, including complying with court orders, valid discovery requests, valid subpoenas, and other appropriate legal mechanisms. To prosecute and defend a court, arbitration, or similar legal proceeding. To respond to lawful requests by public authorities, including to meet national security or law enforcement requirements.
- (g) To perform a contact, to authenticate users, to provide the Service.
- (h) To provide and enhance the Website and Service, including troubleshooting, maintaining, improving, and personalizing the Website and Service.
- (i) To conduct research and develop new services or features; analyze website usage and usage of the Site features, content, and pages;
We may combine data we collect from different sources to achieve these purposes and to give you a more seamless, consistent, and personalized experience.
5. Who is the Recipient of Your Personal Data?
We may share your Personal Data with certain third parties with your consent or authorization and with whom you have intentionally interacted. We may share your Personal Data as necessary to complete your transactions and provide the services you have requested or authorized. For example, we use third parties to process credit card payments.
We may also share data as set forth below:
Instructors: When Parents sign up they agree that Instructors may receive certain Personal Data about the Parents and Users including classes the User has taken.
Business Transfers: We may share or transfer information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company, provided that we inform the buyer it must use your personal data only for the purposes disclosed in this Notice Service Providers. We engage third party service providers to perform certain functions on our behalf (such as payment processing). These third parties may have access to your Personal Data for the purpose of helping us market, provide and/or improve the Sites.
Legal Requirements: We may disclose your Personal Data if required to do so by law or when we believe that such action is necessary to (i) comply with a legal obligation, (ii) protect and defend the rights or property of Morphoses, Parents, Users, and Instructors, (iii) operate and maintain the security of the Website and Service, including to prevent or stop an attack on our computer systems or networks, (iv) to protect the personal safety of Users or the public, or (v) protect against legal liability.
Notice: We may report any suspected case of child abuse or neglect we become aware of to local authorities. We expect all Instructors to comply with their individual reporting responsibilities.
Consent: We may request your explicit consent for every other case before disclosing.
6. Third Party Links
Please note that the Website may include references or links to or suggestions to engage with third parties whose privacy practices differ from ours. Instructors may also suggest third party resources for Parents and Users. If you provide Personal Data to any of those third parties or allow us to share Personal Data with them, that data is governed by their privacy statements.
7. International Transfer
Our services may be provided using resources and servers located in various countries around the world. Therefore, Your Personal Data may be transferred across international borders outside the country where You use our services, including to countries outside the European Economic Area (EEA).
Where applicable law requires a data transfer legal mechanism, we use one or more of the following: EU Standard Contractual Clauses with a data recipient outside the EEA or the UK, or other legal methods available to us under applicable law.
8. Safeguarding Personal Data
We have implemented generally accepted standards of technology and operational security to protect Personal Data from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, taking into account the risks involved in the processing and the nature of the Personal Data. We require all employees and partners to keep Personal Data confidential and only authorized personnel have access to this information.
All web traffic (file transfer) between this site and your browser is encrypted and transferred via the HTTPS protocol using Secure Sockets Layer (SSL).
We will report any unlawful violation of our database or any third-party data processing database to all relevant stakeholders as well as authorities within 72 hours of the violation, according to the law.
9. For how long will the Personal Data will be stored?
We will retain your information for as long as your account is active or as long as necessary to provide the services and fulfill the transactions you have requested, comply with our legal obligations, resolve disputes, enforce our agreements, and other legitimate and lawful business purposes. Because these needs can vary for different data types in the context of different services, actual retention periods can vary significantly based on criteria such as user expectations or consent, the sensitivity of the data, the availability of automated controls that enable users to delete data, and our legal or contractual obligations.
10. What rights do you have?
You have the right to request access to your personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
You have the right to request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected or updated, though we may need to verify the accuracy of the new data you provide to us.
You have the right to request the erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us to continue to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing, where we may have processed your information unlawfully, or where we are required to erase your personal data to comply with the law.
You have the right to object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party) and you feel such processing impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
You have the right to request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
You have the right to request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format.
You have the right to withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
You may exercise the above rights either directly through the User Interface, where applicable, and/or by contacting the Data Protection Contact at: privacy@morphoses.io
We will use our best efforts to respond to any request within a month. You will not have to pay in order to exercise your rights. We may request further information from you to confirm your connection with the data.
Parental Choices and Controls:
At any time, a Parent can review and refuse to permit us to collect further Personal Data from the User in association with the Parent’s account. Parents can also request that we delete from our records the Personal Data we have collected in connection with that account. Parents may review and update certain User’s information by logging onto the Parent’s account.
Complaints:
If you have any concerns about the way your Personal Data are handled, you can contact us privacy@morphoses.io. You have the right to make a complaint at any time at: For EU Users: the Hellenic Data Protection Authority Postal Address: Data Protection Authority Offices: Kifissias 1-3, 115 23 Athens, Greece, Call Centre: +30-2106475600 Fax: +30-2106475628 E-mail: contact@dpa.gr; For UK Users: the Information Commissioner that o may be contacted at https://ico.org.uk/make-a-complaint or telephone: 0303 123 1113.
11. Changes and Updates of the Notice
We may change this Notice at any time. If we decide to change this Notice in the future, we will post or provide appropriate notice. If we make material changes to the Notice, we will provide notice or obtain consent regarding such changes as may be required by law.
The date on which the latest update was made is indicated at the top of this document.