While we have not made any material changes to the way we process data about our users, we have updated this policy to make it shorter and easier to read, and to comply with the EU General Data Protection Regulation coming into force on May 25, 2018.
Table of Contents
1. What Data We Get
2. How We Get Data About You
3. What We Use Your Data For
4. Who We Share Your Data With
6. Your Rights
7. Updates & Contact Info
1. What Data We Get
We collect certain data from you directly, like information you enter yourself, data about your participation in courses, and data from third-party platforms you connect with Toppa. We also collect some data automatically, like information about your device and what parts of our Services you interact with or spend time using.
1.1 Data You Provide to Us
We may collect different data from or about you depending on how you use the Services. Below are some examples to help you better understand the data we collect.
When you create an account and use the Services, including through a third-party platform, we collect any data you provide directly, including:
In order to use certain features (like enrolling in a course), you need to create a user account. When you create or update your account, we collect and store the data you provide, like your email address, password, gender, and date of birth, and assign you a unique identifying number (“Account Data”).
You can also choose to provide profile information like a photo, headline, website link, social media profiles, or other data. Your Profile Data will be publicly viewable by others.
Parts of the Services let you interact with other users or share content publicly, including by posting reviews on a course page, asking or answering questions, sending messages to students or instructors, or posting photos or other work you upload. Such shared content may be publicly viewable by others depending on where it is posted.
When you enroll in and take courses, we collect certain data including which courses, assignments and quizzes you’ve started and completed; your exchanges with instructors, teaching assistants, and other students; and essays, answers to questions, and other items submitted to satisfy course requirements.
Student Payment Data
If you make purchases, we collect certain data about your purchase (such as your name and zip/post code) as necessary to process your order. You must provide certain payment and billing data directly to our payment processing partners, including your name, credit card information, billing address, and zip code. For security, Toppa does not collect or store sensitive cardholder data, such as full credit card numbers or card authentication data.
Instructor Payment Data
Data About Your Accounts on Other Services
We may obtain certain information through your social media or other online accounts if they are connected to your Toppa account. If you login to Toppa via Facebook or another third-party platform or service, we ask for your permission to access certain information about that other account. For example, depending on the platform or service we may collect your name, profile picture, account ID number, login email address, location, physical location of your access devices, gender, birthday, and list of friends or contacts.
Those platforms and services make information available to us through their APIs. The information we receive depends on what information you (via your privacy settings) or the platform or service decide to give us.
If you access or use our Services through a third-party platform or service, or click on any third-party links, the collection, use, and sharing of your data will also be subject to the privacy policies and other agreements of that third party.
Sweepstakes, Promotions, and Surveys
Communications and Support
The data listed above is stored by us and associated with your account.
1.2 Data We Collect through Automated Means
When you access the Services (including browsing courses), we collect certain data by automated means, including:
Technical data about your computer or device, like your IP address, device type, operating system type and version, unique device identifiers, browser, browser language, domain and other systems data, and platform types (“System Data”).
Usage statistics about your interactions with the Services, including courses accessed, time spent on pages or the Service, pages visited, features used, your search queries, click data, date and time, and other data regarding your use of the Services (“Usage Data”).
Approximate Geographic Data
An approximate geographic location, including information like country, city, and geographic coordinates, calculated based on your IP address.
The data listed above is collected through the use of server log files and tracking technologies, as detailed in the “Cookies and Data Collection Tools” section below. It is stored by us and associated with your account.
2. How We Get Data About You
We use tools like cookies, web beacons, analytics services, and advertising providers to gather the data listed above. Some of these tools offer you the ability to opt out of data collection.
2.1 Cookies and Data Collection Tools
Toppa uses the following types of cookies:
- Preferences: cookies that remember data about your browser and preferred settings that affect the appearance and behaviour of the Services (like your preferred language).
- Security: cookies used to enable you to log in and access the Services; protect against fraudulent logins; and help detect and prevent abuse or unauthorised use of your account.
- Functional: cookies that store functional settings (like the volume level you set for video playback).
- Session State: cookies that track your interactions with the Services to help us improve the Services and your browsing experience, remember your login details, and enable processing of your course purchases. These are strictly necessary for the Services to work properly, so if you disable them then certain functionalities will break or be unavailable.
Some of the third-party partners who provide certain features on our site may also use Local Storage Objects (also known as flash cookies or LSOs) to collect and store data.
We use third-party browser and mobile analytics services like Google Analytics, Hotjar, and Intercom on the Services. These services use Data Collection Tools to help us analyse your use of the Services, including information like the third-party website you arrive from, how often you visit, events within the Services, usage and performance data, and where the application was downloaded from. We use this data to improve the Services, better understand how the Services perform on different devices, and provide information that may be of interest to you.
2.3 Online Advertising
We use third-party advertising services like Taboola, Facebook, Google’s ad services, and other ad networks and ad servers to deliver advertising about our Services on other websites and applications you use. The ads may be based on things we know about you, like your Usage Data and System Data (as detailed in Section 1), and things that these ad service providers know about you based on their tracking data. The ads can be based on your recent activity or activity over time and across other sites and services, and may be tailored to your interests.
Depending on the types of advertising services we use, they may place cookies or other tracking technologies on your computer, phone, or other device to collect data about your use of our Services, and may access those tracking technologies in order to serve these tailored advertisements to you. To help deliver tailored advertising, we may provide these service providers with a hashed, anonymized version of your email address (in a non-human-readable form) and content that you share publicly on the Services.
When using mobile applications you may also receive tailored in-app advertisements. Apple iOS, Android OS, and Microsoft Windows each provide their own instructions on how to control in-app tailored advertising. For other devices and operating systems, you should review your privacy settings or contact your platform operator.
3. What We Use Your Data For
We use your data to do things like provide our Services, communicate with you, troubleshoot issues, secure against fraud and abuse, improve and update our Services, analyse how people use our Services, serve personalized advertising, and as required by law or necessary for safety and integrity.
We use the data we collect through your use of the Services to:
- Provide and administer the Services, including to display customised content and facilitate communication with other users;
- Process your requests and orders for courses, products, specific services, information, or features;
- Communicate with you about your account by:
- Responding to your questions and concerns;
- Sending you administrative messages and information, including messages from instructors and teaching assistants, notifications about changes to our Service, and updates to our agreements;
- Sending you information and in-app messages about your progress in courses, rewards programs, new services, new features, promotions, newsletters, and other available courses (which you can opt out of at any time);
- Sending push notifications to your wireless device to provide updates and other relevant messages (which you can manage from the “options” or “settings” page of the mobile app);
- Manage your account preferences;
- Facilitate the Services’ technical functioning, including troubleshooting and resolving issues, securing the Services, and preventing fraud and abuse;
- Solicit feedback from users;
- Market and administer surveys and promotions administered or sponsored by Toppa;
- Learn more about you by linking your data with additional data through third-party data providers or analysing the data with the help of analytics service providers;
- Identify unique users across devices;
- Tailor advertisements across devices;
- Improve our Services and develop new products, services, and features;
- Analyse trends and traffic, track purchases, and track usage data;
- Advertise the Services on third-party websites and applications;
- As required or permitted by law; or
- As we, in our sole discretion, otherwise determine to be necessary to ensure the safety or integrity of our users, employees, third parties, the public, or our Services.
4. Who We Share Your Data With
We share certain data about you with instructors, other students, companies performing services for us, our business partners, analytics and data enrichment providers, your social media providers, companies helping us run promotions and surveys, and advertising companies who help us promote our Services. We may also share your data as needed for security, legal compliance, or as part of a corporate restructuring. Lastly, we can share data in other ways if it is aggregated or de-identified or if we get your consent.
- With Your Instructors: We share data that we have about you (except your email address) with instructors or teaching assistants for courses you enrol in or request information about, so they can improve their courses for you and other students. This data may include things like your city, country, browser language, operating system, device settings, the site that brought you to Toppa, and your activities on Toppa. If we collect additional data about you (like age or gender), we may share that too. We will not share your email address with instructors or teaching assistants. We also enable our instructors to implement Google Analytics on their course pages to track sources of traffic to their courses and optimise their course pages.
- With Other Students and Instructors: Depending on your settings, your shared content and profile data may be publicly viewable, including to other students and instructors. If you ask a question to an instructor or teaching assistant, your information (including your name) may also be publicly viewable by other users depending on your settings.
- With Service Providers, Contractors, and Agents: We share your data with third-party companies who perform services on our behalf, like payment processing, data analysis, marketing and advertising services (including retargeted advertising), email and hosting services, and customer services and support. These service providers may access your personal data and are required to use it solely as we direct, to provide our requested service.
- With Business Partners: We have agreements with other websites and platforms to distribute our Services and drive traffic to Toppa. Depending on your location, we may share your data with these partners.
- With Analytics and Data Enrichment Services: As part of our use of third-party analytics tools like Google Analytics and data enrichment services like Clearbit, we share certain contact information, Account Data, System Data, Usage Data (as detailed in Section 1), or de-identified data as needed. De-identified data means data where we’ve removed things like your name and email address and replaced it with a token ID. This allows these providers to provide analytics services or match your data with publicly-available database information (including contact and social information from other sources). We do this to communicate with you in a more effective and customised manner.
- To Administer Promotions and Surveys: we may share your data as necessary to administer, market, or sponsor promotions and surveys you choose to participate in, as required by applicable law (like to provide a winners list or make required filings), or in accordance with the rules of the promotion or survey.
- For Advertising: If we decide to offer advertising in the future, we may use and share certain System Data and Usage Data with third-party advertisers and networks to show general demographic and preference information among our users. We may also allow advertisers to collect System Data through Data Collection Tools (as detailed in Section 2.1), and to use this data to offer you targeted ad delivery to personalize your user experience (through behavioural advertising) and undertake web analytics. Advertisers may also share with us the data they collect about you. To learn more or opt out from participating ad networks’ behavioural advertising, see Section 6.1 (Your Choices About the Use of Your Data) below. Note that if you opt out, you’ll continue to be served generic ads.
- For Security and Legal Compliance: We may disclose your data to third parties if we (in our sole discretion) have a good faith belief that the disclosure is:
- Permitted or required by law;
- Requested as part of a judicial, governmental, or legal inquiry, order, or proceeding;
- Reasonably necessary as part of a valid subpoena, warrant, or other legally-valid request;
- Required to detect, prevent, or address fraud, abuse, misuse, potential violations of law (or rule or regulation), or security or technical issues; or
- Reasonably necessary in our discretion to protect against imminent harm to the rights, property, or safety of Toppa, our users, employees, members of the public, or our Services.
- During a Change in Control: If Toppa undergoes a business transaction like a merger, acquisition, corporate divestiture, or dissolution (including bankruptcy), or a sale of all or some of its assets, we may share, disclose, or transfer all of your data to the successor organization during such transition or in contemplation of a transition (including during due diligence).
- After Aggregation/De-identification: we can disclose or use aggregate or de-identified data for any purpose.
We use appropriate security based on the type and sensitivity of data being stored. As with any internet-enabled system, there is always a risk of unauthorised access, so it’s important to protect your password and to contact us if you suspect any unauthorised access to your account.
Toppa takes appropriate security measures to protect against unauthorised access, alteration, disclosure, or destruction of your personal data that we collect and store. These measures vary based on the type and sensitivity of the data. Unfortunately, however, no system can be 100% secured, so we cannot guarantee that communications between you and Toppa, the Services, or any information provided to us in connection with the data we collect through the Services will be free from unauthorised access by third parties. Your password is an important part of our security system, and it is your responsibility to protect it. You should not share your password with any third party, and if you believe your password or account has been compromised, you should change it immediately and contact email@example.com with any concerns.
6. Your Rights
You have certain rights around the use of your data, including the ability to opt out of promotional emails, cookies, and collection of your data by certain analytics providers. You can update or terminate your account from within our Services, and can also contact us for individual rights requests about your personal data. Parents who believe we’ve unintentionally collected personal data about their underage child should contact us for help deleting that information.
6.1 Your Choices About the Use of Your Data
You can choose not to provide certain data to us, but you may not be able to use certain features of the Services.
- To stop receiving promotional communications from us, you can opt out by using the unsubscribe mechanism in the promotional communication you receive or by changing the email preferences in your account. Note that regardless of your email preference settings, we will send you transactional and relationship messages regarding the Services, including administrative confirmations, order confirmations, important updates about the Services, and notices about our policies.
- The browser or device you use may allow you to control cookies and other types of local data storage. Your wireless device may also allow you to control whether location or other data is collected and shared.
- To get information and control cookies used for tailored advertising from participating companies, see the consumer opt-out pages for the Network Advertising Initiative and Digital Advertising Alliance, or if you’re located in the European Union, visit the Your Online Choices site. To opt out of Google’s display advertising or customize Google Display Network ads, visit the Google Ads Settings page.
- To opt out of allowing Google Analytics, Hotjar, Mixpanel, ZoomInfo, or Clearbit to use your data for analytics or enrichment, see the Google Analytics Opt-out Browser Add-on, Hotjar Opt-Out Cookie, Mixpanel Opt-Out Cookie,ZoomInfo’s policy, and Clearbit data claiming mechanism.
If you have any questions about your data, our use of it, or your rights, contact us at firstname.lastname@example.org
6.2 Accessing, Updating, and Deleting Your Personal Data
You can access and update your personal data that Toppa collects and maintains as follows:
- To update data you provide directly, log into your account and update your account at any time.
- To terminate your account:
- If you are a student, visit your profile settings page and you can terminate your account there
- If you are an instructor please email us on email@example.com stating that you wish to terminate your account
- If you have any issues terminating your account, email us at firstname.lastname@example.org
- To request to access, correct, or delete your personal data, email email@example.com. Please allow up to 30 days for a response. For your protection, we may require that the request be sent through the email address associated with your account, and we may need to verify your identity before implementing your request. Please note that we retain certain data where we have a lawful basis to do so, including for mandatory record-keeping and to complete transactions.
6.3 Our Policy Concerning Children
We recognise the privacy interests of children and encourage parents and guardians to take an active role in their children’s online activities and interests. Children under 13 (or under 16 in the European Economic Area) should not use the Services. If we learn that we’ve collected personal data from a child under those ages, we will take reasonable steps to delete it.
Parents who believe that Toppa may have collected personal data from a child under those ages can submit a request that it be removed to firstname.lastname@example.org
7. Updates & Contact Info
When we make a material change to this policy, we’ll notify users via email, in-product notice, or another mechanism required by law. Changes become effective the day they’re posted. Please contact us via email or postal mail with any questions, concerns, or disputes.