Privacy Policy - Students & Teachers
COPPA Compliance
Last Updated: Oct 14th 2020
Whiteboard.chat does not collect any personal information if used without registration. COPPA mandated parental consent is required only if teachers or institutions require their students to register.
This policy is in accordance with the U.S. Children’s Online Privacy Protection Act (“COPPA”) and Family Educational Rights and Privacy Act (FERPA), and outlines our practices world-wide regarding the personal information of all students under 13. For more information about COPPA and general tips about protecting children’s online privacy, please visit OnGuard Online.
Teacher or schools consent in lieu of a parent
With regard to school-based activities, COPPA allows teachers and school administrators to act in the stead of parents to provide consent for the collection of personal information from children. Schools should always notify parents about these activities. Whiteboard.chat requires schools, districts, or teachers to obtain parental consent. Whiteboard.chat requests students for an email address, or google user id, or facebook user id to register. This information is collected for controlling access to whiteboard.chat services.
If you are accessing Whiteboard.chat on behalf of a Class, School or District, the following provisions also apply:
  • You represent and warrant that you are solely responsible for complying with the Child Online Privacy Protection Act (COPPA) requirement to secure parental consent for accessing applications which require personal information from children under 13.
  • You may need to obtain verifiable parental consent (“Consent”) from all parents whose children will be accessing Whiteboard.chat and provide a copy to us upon our request. For more information on your obligations under COPPA, please see www.ftc.gov/privacy.
  • When obtaining such consent, you undertake to provide parents with a copy of our Privacy Policy.
California AB 1584 Compliance Statement

  • Ownership of Student Records: Any and all Student Records provided to Whiteboard.Chat, or to which Whiteboard.Chat has been granted access, are and shall remain the sole property of the School District or local educational agency (collectively, “School District”) that provided or granted access to such records.
  • Student-Generated Content: Pupil content can be downloaded by the LEA and pupils. The system may remove pupil content for service efficiency reasons and to abide by the requirement for removal of data when no longer needed to provide service. Pupils and LEA will be unable to download removed content. Date for content removal is advertised to the pupil and LEA. Pupils can move pupil generated content by downloading from LEA-provided accounts and uploading to a personal account.
  • Third Party Access and Use: Whiteboard.Chat prevents third parties working directly or contracted with us from accessing or utilizing any student record under Whiteboard.Chat's control (internal network). Whiteboard.Chat does not use any information in a student record for any purpose other than those required or specifically permitted by the Whiteboard.Chat Terms and Conditions and Privacy Policy Statement.
  • Parent and Student Review Procedures: Whiteboard.chat allows pupils and parents to request review of the information stored by whiteboard.chat by sending a request to feedback@whiteboard.chat.
  • Security and Confidentiality of Student Records: Whiteboard.Chat stores student login records in a secure database in the cloud with encryption at rest and for in-flight data. Access to the records is limited only to employees needing access to run the service.
  • Unauthorized Disclosure: In the unlikely event any Student login records are inadvertently compromised via an outside data breach or for any other reason, Whiteboard.Chat shall notify the School District that owns such records immediately upon the discovery of such inadvertent disclosure. The School District may in turn notify affected parents, legal guardians, or eligible students as the School District deems appropriate.
  • Post-Contract Data Deletion: Any and all Student Records provided to Whiteboard.Chat, or to which Whiteboard.Chat has been granted access, are and shall remain the sole property of the School District or local educational agency (collectively, “School District”) that provided or granted access to such records. Schools have the right to review, have deleted and/or refuse to permit further collection or use of the student’s information upon request. Whiteboard.Chat hereby certifies that, upon the termination of a service contract with a School District, it shall isolate and permanently delete any and all Student login records belonging to such School District that may remain on the System, unless the School District or applicable regulations require the retention of such data, in which case the records shall be deleted upon the expiration of the retention period.
  • FERPA Compliance: Whiteboard.Chat offers School Districts interfacing with Whiteboard.Chat Systems the means to comply with their obligations under the Federal Educational Rights and Privacy Act, by enabling Authorized Users to inspect and review Pupil Records and to correct any inaccuracies therein as described in Section 4 of this Statement.
  • Prohibition Against Targeted Advertising: Whiteboard.Chat will never use any student identifiable information in direct targeted advertising for any product or service. Furthermore, Whiteboard.Chat does not sell, trade, or rent any element of personally identifiable information to any third party.
European Union - GDPR
If you are using Whiteboard.chat in the European Union, The EU General Data Protection Regulation (GDPR) applies to you and our storage and processing of your data.
Legal grounds, Rights of data subjects, Deletion
We process your data only on legal grounds, meaning when we have your explicit consent; when we need this in order to execute our contractual obligations towards you; when we are obliged to do so under a legal act of any kind; or in order to protect our legitimate interest.
As a data subject you have rights to:

Access
You may request access to your personal data to receive information, for example, about the categories of personal data that Whiteboard.Chat is currently processing.

Rectify
You may ask Whiteboard.chat to correct personal data that is inaccurate or incomplete.

Erase
You may ask Whiteboard.chat to erase personal data where one of the following grounds applies:
  • Where the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • You withdraw consent on which the processing is based and where there is no other legal ground for the processing;
  • You object to automated decision-making and there are no overriding legitimate grounds for the processing, or you object to the processing for direct marketing;
  • The personal data have been unlawfully processed;
  • The personal data have to be erased for compliance with legal obligation in Union or Member State law to which Whiteboard.Chat is subject;
  • The personal data have been collected in relation to the offer of information society services.

Restrict
You may ask Whiteboard.chat to restrict how it processes your personal data, requesting only their storage, where one of the following grounds applies:
  • You contest the accuracy of your personal data, for a period enabling Whiteboard.chat to verify the accuracy of your personal data;
  • The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
  • Whiteboard.chat no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims;
  • You have objected to processing pursuant to the right to object and automated decision-making, pending the verification whether the legitimate grounds for Whiteboard.chat override those of you.

Portability
You may ask Whiteboard.chat to receive your personal data in a structured, commonly used and machine readable format. In case you provided your consent to the processing of personal data, you may withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.If your personal data are transferred outside the European Economic Area, you have the right to obtain a copy of such data as well as indication of the Country/Countries where the personal data have been made available.

Your right to object to the processing of your personal data
You have the right to object to the processing of your personal data and request the stop of the processing operations when they are based on legitimate interest.

Your right to lodge a complaint to the Supervisory Authority
The criterion for the duration of the retention of personal data is the respective legal retention period. Once this period expires, the data in question will be routinely erased, provided it is no longer required for the fulfilment or initiation of the contract.
When we process your data we apply high-standard technical and organizational measures in order to provide maximum security as described above.
For further information you can contact either dpo@whiteboard.chat or our local EU GDPR representative at art-27-rep-epiphani@rickert.law (For UK data subjects, our UK representative can be reached at art-27-rep-epiphani@rickert-services.uk).

Transfer
The GDPR requires that when any EU user’s personal data is hosted or processed outside of the European Economic Area, it must remain protected to an adequate standard in line with EU law. There are a few ways that Whiteboard.chat achieves this:
  1. Our EU customers’ data is processed in the EU as long as you use https://eu.whiteboard.chat. Your data is not transferred outside of the EU. However, your data can still be transferred outside of the EU by one or more of our sub-processors. We take other ‘Appropriate Safeguards’ that are prescribed by the GDPR. Specifically, we enter into Data Processing Agreements with Customers in which we rely on EU Standard Contractual Clauses (also called Model Clauses) published by the European Commission to protect EU data. These are standard form data export agreements that have been approved by the European Commission as a lawful basis for transferring personal data to non-EEA countries like the USA. Our standard Data Processing Agreement is available and can be downloaded here to sign upon request.
  2. We have verified that our Third Country-based sub-processors are working with us according to agreements which include SCC (EU Model clauses) as explained above. Specifically,
    • Amazon Web Services – our agreement with AWS incorporates the EU SCCs for GDPR-compliant protection of EU users’ data as confirmed here.
You can refer to our updated list of sub-processors here.
Whiteboard.Chat may not rely on a breach by a sub-processor of its obligations in order to avoid its own liabilities.

GDPR Rights of Arbitration
In case of a dispute or non-resolution related to privacy issues,
European users may invoke binding arbitration via your EU data
protection authority (DPAs).
We have a Designated Data Protection Representative established
in an EU member state, as required under the requirements of
Article 27 of Regulation (EU) 2016/679 (GDPR).
You can contact our local EU representative here:
Rickert Rechtsanwaltsgesellschaft mbH,
Colmantstraße 15, 53115 Bonn
art-27-rep-epiphani@rickert.law

United Kingdom Privacy Rights
We comply with the data privacy requirements under the UK
legislation.
You can contact our UK designated representative here:
Rickert Services Ltd UK
PO Box 1487
Peterborough
PE1 9XX
United Kingdom
art-27-rep-epiphani@rickert-services.uk
PRIVACY NOTICE

Last updated June 12th 2023


Thank you for choosing to be part of our community at Epiphani Inc (“Company”, “we”, “us”, or “our”). We are committed to protecting your personal information and your right to privacy. If you have any questions or concerns about this privacy notice, or our practices with regards to your personal information, please contact us at dpo@epiphani.io.

When you visit our website https://whiteboard.chat (the "Website"), and more generally, use any of our services (the "Services", which include the Website), we appreciate that you are trusting us with your personal information. We take your privacy very seriously. In this privacy notice, we seek to explain to you in the clearest way possible what information we collect, how we use it and what rights you have in relation to it. We hope you take some time to read through it carefully, as it is important. If there are any terms in this privacy notice that you do not agree with, please discontinue use of our Services immediately.

This privacy notice applies to all information collected through our Services (which, as described above, includes our Website), as well as any related services, sales, marketing or events.

Please read this privacy notice carefully as it will help you understand what we do with the information that we collect.


TABLE OF CONTENTS

1. WHAT INFORMATION DO WE COLLECT?

2. HOW DO WE USE YOUR INFORMATION?

3. WILL YOUR INFORMATION BE SHARED WITH ANYONE?

4. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

5. HOW DO WE HANDLE YOUR SOCIAL LOGINS?

6. HOW LONG DO WE KEEP YOUR INFORMATION?

7. HOW DO WE KEEP YOUR INFORMATION SAFE?

8. HOW WILL WE NOTIFY OF A BREACH?

9. WHAT ARE YOUR PRIVACY RIGHTS?

10. CONTROLS FOR DO-NOT-TRACK FEATURES

11. DO CALIFORNIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

12. DO WE MAKE UPDATES TO THIS NOTICE?

13. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?


1. WHAT INFORMATION DO WE COLLECT?


Personal information you disclose to

We collect personal information that you voluntarily provide to us when you register on the Website, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Website

The personal information that we collect depends on the context of your interactions with us and the Website, the choices you make and the products and features you use. The personal information we collect may include the following:

Personal Information Provided by You. We do not collect or store personal information for unregistered students and teachers. For registered users, we collect their names and email addresses.

Social Media Login Data. We may provide you with the option to register with us using your existing social media account details, Facebook, and Google. If you choose to register in this way, we will collect the information described in the section called "HOW DO WE HANDLE YOUR SOCIAL LOGINS" below.

When you create a paid account with whiteboard.chat, or initiate a financial transaction, we will use a third-party payment processor to process the payment. We do not collect your credit card number, expiration date, or pin number. We only retain subscribed plan information. The third-party payment processor retains payment information. Please note that we do not control and are not responsible for personal information collected by third party payment processor. We strongly recommend that you review their privacy policy at the time of check-out. You may review their privacy policy and terms of service here as well.


2. HOW DO WE USE YOUR INFORMATION?

We process your information for purposes based on legitimate business interests, the fulfillment of our contract with you, compliance with our legal obligations, and/or your consent.

We use personal information collected via our Website for a variety of business purposes described below. We process your personal information for these purposes in reliance on our legitimate business interests, in order to enter into or perform a contract with you, with your consent, and/or for compliance with our legal obligations. We indicate the specific processing grounds we rely on next to each purpose listed below.

We use the information we collect or receive:

  • To facilitate account creation and logon process. If you choose to link your account with us to a third-party account (such as your Google or Facebook account), we use the information you allowed us to collect from those third parties to facilitate account creation and logon process for the performance of the contract. See the section below headed "HOW DO WE HANDLE YOUR SOCIAL LOGINS" for further information.

  • To manage user accounts. We may use your information for the purposes of managing our account and keeping it in working order.

3. WILL YOUR INFORMATION BE SHARED WITH ANYONE?

Whiteboard.Chat prevents third parties working directly or contracted with us from accessing or utilizing any student record under Whiteboard.Chat's control (internal network). Whiteboard.Chat does not use any information in a student record for any purpose other than to comply with laws, to provide you with services, to protect your rights, or to fulfill business obligations.

We may process or share your data that we hold based on the following legal basis:
  • Consent: We may process your data if you have given us specific consent to use your personal information for a specific purpose.

  • Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.


4. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

We use cookies on our website to enhance your browsing experience and analyze site traffic. By clicking “Accept All Cookies” or by continuing to use our website, you consent to the use of cookies in accordance with this Cookie Policy. If you do not consent to the use of these cookies, please refrain from using our website.
Additionally, we use cookies to show Google Ads to teachers who are on our Educator Free plans. We do not show Ads to our paid plan customers. We do not show Ads to students. No Ads are shown for the single collaborative board.
Necessary Only Cookies:

  • Google Analytics: We utilize Google Analytics to collect information about how visitors interact with our website. This information helps us analyze and improve the performance of our site. Google Analytics cookies collect anonymous data such as the number of visitors to the site, the pages visited, and the sources of traffic. For more information on Google Analytics cookies, please visit Google’s Privacy Policy.

  • Microsoft Clarity: We also employ Microsoft Clarity to better understand user behavior on our website and make improvements to its usability and performance. Microsoft Clarity cookies gather data such as heatmaps, scroll maps, to provide insights into user interactions. For further details on Microsoft Clarity cookies, please refer to Microsoft’s Privacy Statement.

Accept All Cookies:
  • Google Analytics: We utilize Google Analytics to collect information about how visitors interact with our website. This information helps us analyze and improve the performance of our site. Google Analytics cookies collect anonymous data such as the number of visitors to the site, the pages visited, and the sources of traffic. For more information on Google Analytics cookies, please visit Google’s Privacy Policy.

  • Microsoft Clarity: We also employ Microsoft Clarity to better understand user behavior on our website and make improvements to its usability and performance. Microsoft Clarity cookies gather data such as heatmaps, scroll maps, to provide insights into user interactions. For further details on Microsoft Clarity cookies, please refer to Microsoft’s Privacy Statement.


  • 5. HOW DO WE HANDLE YOUR SOCIAL LOGINS?

    If you choose to register or log in to our services using a social media account, we may have access to certain information about you.

    Our Website offers you the ability to register and login using your third-party social media account details (like your Facebook or Google logins). Where you choose to do this, we will receive certain profile information about you from your social media provider. The profile Information we receive include your name, and email address.

    We will use the information we receive only for the purposes that are described in this privacy notice or that are otherwise made clear to you on the relevant Website. Please note that we do not control, and are not responsible for, other uses of your personal information by your third-party social media provider. We recommend that you review their privacy notice to understand how they collect, use and share your personal information, and how you can set your privacy preferences on their sites and apps.


    6. HOW LONG DO WE KEEP YOUR INFORMATION?

    We keep your information for as long as necessary to fulfill the purposes outlined in this privacy notice unless otherwise required by law.

    We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy notice, unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements)..

    When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.


    7. HOW DO WE KEEP YOUR INFORMATION SAFE?

    We have implemented appropriate technical and organizational security measures designed to protect the security of any personal information we process. Although we will do our best to protect your personal information, transmission of personal information to and from our Website is at your own risk. You should only access the Website within a secure environment.

    • Whiteboard.Chat stores student login records in a secure database in the cloud with encryption at rest and for in-flight data. Access to the records is limited only to employees needing access to run the service.

    8. HOW WILL WE NOTIFY OF A BREACH?

    Notification of Breach and Unauthorized Release

    • Notify of any breach of security resulting in an unauthorized release of student data or teacher or principal data, in the most expedient way possible and without unreasonable delay but no more than seven (7) calendar days after we have discovered or been informed of the breach or unauthorized release. (Users will be notified at their registered email addresses).
    • We will provide as much information as possible about the incident, including but not limited to: a description of the incident, the date of the incident, the date we discovered or was informed of the incident, a description of the types of protected data involved, an estimate of the number of records affected, what we have done or plan to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for our representatives who can assist affected individuals that may have additional questions.
    Please refer to our detailed Data Breach Policy.


    9. WHAT ARE YOUR PRIVACY RIGHTS?

    You may review, change, or terminate your account at any time.

    If you are resident in the European Economic Area and you believe we are unlawfully processing your personal information, you also have the right to complain to your local data protection supervisory authority. You can find their contact details here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

    If you are resident in Switzerland, the contact details for the data protection authorities are available here: https://www.edoeb.admin.ch/edoeb/en/home.html.

    If you have questions or comments about your privacy rights, you may email us at dpo@whiteboard.chat.



    Account Information

    If you would at any time like to review or change the information in your account or terminate your account, you can:

    • Contact us using the contact information provided.

    Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our Terms of Use and/or comply with applicable legal requirements.

    Opting out of email marketing: You can unsubscribe from our marketing email list at any time by clicking on the unsubscribe link in the emails that we send or by contacting us using the details provided below. You will then be removed from the marketing email list – however, we may still communicate with you, for example to send you service-related emails that are necessary for the administration and use of your account, to respond to service requests, or for other non-marketing purposes. To otherwise opt-out, you may:

    •  Access your account settings and update your preferences.

    •  Contact us using the contact information provided.


    10. CONTROLS FOR DO-NOT-TRACK FEATURES

    Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy notice.


    11. DO CALIFORNIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

    Yes, if you are a resident of California, you are granted specific rights regarding access to your personal information.

    California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.

    If you are under 18 years of age, reside in California, and have a registered account with the Website, you have the right to request removal of unwanted data that you publicly post on the Website. To request removal of such data, please contact us using the contact information provided below, and include the email address associated with your account and a statement that you reside in California. We will make sure the data is not publicly displayed on the Website, but please be aware that the data may not be completely or comprehensively removed from all our systems (e.g. backups, etc.).  


    CCPA Privacy Notice

    The California Code of Regulations defines a "resident" as:

    (1) every individual who is in the State of California for other than a temporary or transitory purpose and

    (2) every individual who is domiciled in the State of California who is outside the State of California for a temporary or transitory purpose

    All other individuals are defined as "non-residents."

    If this definition of "resident" applies to you, certain rights and obligations apply regarding your personal information.

    What categories of personal information do we collect?

    We have collected the following categories of personal information in the past twelve (12) months:

    CategoryExamplesCollected
    A. IdentifiersContact details, such as name, email address

    YES

    B. Personal information categories listed in the California Customer Records statuteName, contact information, education, employment, employment history and financial information

    YES

    (Name and Email only)

    C. Protected classification characteristics under California or federal lawGender and date of birth

    NO

    D. Commercial informationTransaction information, purchase history, financial details and payment information

    NO

    E. Biometric informationFingerprints and voiceprints
    NO

    F. Internet or other similar network activityBrowsing history, search history, online behavior, interest data, and interactions with our and other websites, applications, systems and advertisements

    NO

    G. Geolocation dataDevice location
    NO

    H. Audio, electronic, visual, thermal, olfactory, or similar informationImages and audio, video or call recordings created in connection with our business activities

    NO

    I. Professional or employment-related informationBusiness contact details in order to provide you our services at a business level, job title as well as work history and professional qualifications if you apply for a job with us

    NO

    J. Education InformationStudent records and directory information

    NO

    K. Inferences drawn from other personal informationInferences drawn from any of the collected personal information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics

    NO


    We may also collect other personal information outside of these categories in instances where you interact with us in-person, online, or by phone or mail in the context of:

    • Receiving help through our customer support channels

    • Participation in customer surveys or contests; and

    • Facilitation in the delivery of our Services and to respond to your inquiries

    How do we use and share your personal information?

    More information about our data collection and sharing practices can be found in this privacy notice.

    You may contact us by email at dpo@whiteboard.chat, or by referring to the contact details at the bottom of this document.

    If you are using an authorized agent to exercise your right to opt-out, we may deny a request if the authorized agent does not submit proof that they have been validly authorized to act on your behalf.

    Will your information be shared with anyone else?


    We may use your personal information for our own business purposes, such as for undertaking internal research for technological development and demonstration. This is not considered to be "selling" of your personal data.

    Epiphani Inc has not disclosed or sold any personal information to third parties for a business or commercial purpose in the preceding twelve (12) months. Epiphani Inc will not sell personal information in the future belonging to website visitors, users and other consumers.

    Your rights with respect to your personal data

    Right to request deletion of the data - Request to delete

    You can ask for the deletion of your personal information. If you ask us to delete your personal information, we will respect your request and delete your personal information, subject to certain exceptions provided by law, such as (but not limited to) the exercise by another consumer of his or her right to free speech, our compliance requirements resulting from a legal obligation or any processing that may be required to protect against illegal activities.

    Right to be informed - Request to know

    Depending on the circumstances, you have a right to know:
    • whether we collect and use your personal information;

    • the categories of personal information that we collect;

    • the purposes for which the collected personal information is used;
    • whether we sell your personal information to third parties;

    • the categories of personal information that we sold or disclosed for a business purpose;

    • the categories of third parties to whom the personal information was sold or disclosed for a business purpose; and
    • the business or commercial purpose for collecting or selling personal information.

    In accordance with applicable law, we are not obligated to provide or delete consumer information that is de-identified in response to a consumer request or to re-identify individual data to verify a consumer request.

    Right to Non-Discrimination for the Exercise of a Consumer's Privacy Rights

    We will not discriminate against you if you exercise your privacy rights.

    Verification process

    Upon receiving your request, we will need to verify your identity to determine you are the same person about whom we have the information in our system. These verification efforts require us to ask you to provide information so that we can match it with the information you have previously provided us. For instance, depending on the type of request you submit, we may ask you to provide certain information so that we can match the information you provide with the information we already have on file, or we may contact you through a communication method (e.g. phone or email) that you have previously provided to us. We may also use other verification methods as the circumstances dictate.

    We will only use personal information provided in your request to verify your identity or authority to make the request. To the extent possible, we will avoid requesting additional information from you for the purposes of verification. If, however, if we cannot verify your identity from the information already maintained by us, we may request that you provide additional information for the purposes of verifying your identity, and for security or fraud-prevention purposes. We will delete such additionally provided information as soon as we finish verifying you.

    Other privacy rights
    • you may object to the processing of your personal data

    • you may request correction of your personal data if it is incorrect or no longer relevant, or ask to restrict the processing of the data

    • you can designate an authorized agent to make a request under the CCPA on your behalf. We may deny a request from an authorized agent that does not submit proof that they have been validly authorized to act on your behalf in accordance with the CCPA.
    • you may request to opt-out from future selling of your personal information to third parties. Upon receiving a request to opt-out, we will act upon the request as soon as feasibly possible, but no later than 15 days from the date of the request submission.

    To exercise these rights, you can contact us by email at dpo@whiteboard.chat, or by referring to the contact details at the bottom of this document. If you have a complaint about how we handle your data, we would like to hear from you.


    12. DO WE MAKE UPDATES TO THIS NOTICE?

    Yes, we will update this notice as necessary to stay compliant with relevant laws.

    We may update this privacy notice from time to time. The updated version will be indicated by an updated “Revised” date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy notice frequently to be informed of how we are protecting your information.


    13. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

    If you have questions or comments about this notice, you may contact our Data Protection Officer (DPO), Pawan Uberoy, by email at dpo@whiteboard.chat, or by post to:

    Epiphani Inc 
    Pawan Uberoy
    1796 Zenato Place
    Pleasanton, CA 94566
    United States


    HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

    Based on the applicable laws of your country, you may have the right to request access to the personal information we collect from you, change that information, or delete it in some circumstances. To request to review, update, or delete your personal information, please visit: dpo@whiteboard.chat. We will respond to your request within 30 days.

    DATA BREACH POLICY

    What Is a Personal Data Breach?

    Data breaches may be caused by the following (but not limited to)

    • Human error include unauthorized access or disclosure of sensitive information to wrong recipients
    • Malicious causes include hacking incidents / Illegal access to cloud services where personal data is stored
    • Computer System Error causes include errors or bugs in whiteboard.chat and/or failure of cloud services, cloud computing or cloud storage security / authentication / authorization systems

    Responding to a Data Breach

    Upon being notified of a (suspected or confirmed) data breach, the Data Breach Team should immediately activate the data breach & response plan.

    Whiteboard.chat’s data breach management and response plan is:

    1. Confirm the Breach
    2. Contain the Breach
    3. Assess Risks and Impact
    4. Report the Incident
    5. Evaluate the Response & Recovery to Prevent Future Breaches
    1. Confirm the Breach

      The Data Breach Team (DBT) should act as soon as it is aware of a data breach. Where possible, it should first confirm that the data breach has occurred. It may make sense for the DBT to proceed Contain the Breach on the basis of an unconfirmed reported data breach, depending on the likelihood of the severity of risk.

    2. Contain the Breach

      The DBT should consider the following measures to Contain the Breach, where applicable:
      • Establish whether steps can be taken to limit any damage caused by the breach.
      • Prevent further unauthorized access to the system.
      • Reset passwords if accounts and / or passwords have been compromised.
      • Isolate the causes of the data breach in the system, and where applicable, change the access rights to the compromised system and remove external connections to the system.

    3. Assess Risks and Impact

      Knowing the risks and impact of data breaches will help determine whether there could be serious consequences to affected individuals, as well as the steps necessary to notify the individuals affected.

    4. Reporting Breaches

      All members of staff have an obligation to report actual or potential data protection compliance failures. This allows us to:
      • Investigate the failure and take remedial steps if necessary
      • Maintain a register of compliance failures
      • Notify the school districts of any compliance failures that are material either in their own right or as part of a pattern of failures
    5. dpo@whiteboard.chat will notify any affected school districts without undue delay after becoming aware of a personal data breach.


      We will provide as much information as possible about the incident, including but not limited to
      • A description of the incident
      • Date of the incident
      • The date we became aware of the incident/or were informed of the incident
      • A description of the types of protected data involved
      • As estimate of the number of records affected
      • What we have done or plan to do to investigate the incident, stop the breach and mitigate any further access or release of the protected data
      • Contact information of whiteboard.chat representatives who can assist affected individuals and school districts with additional information

    6. Preventing Future Breaches

      Once the data breach has been dealt with, whiteboard.chat will consider its security processes with the aim of preventing further breaches. In order to do this, we will:
      • Establish what security measures were in place when the breach occurred
      • Assess whether technical or organisational measures can be implemented to prevent the breach happening again
      • Consider whether there is adequate staff awareness of security issues and look to fill any gaps through training or tailored advice
      • Consider whether its necessary to conduct a privacy or data protection impact assessment
      • Consider whether further audits or data protection steps need to be taken
      • To update the data breach register

    Continuous Monitoring

    We will monitor the effectiveness of this and all of our policies and procedures and conduct a full review and update as appropriate. Our monitoring and review will include looking at how our policies and procedures are working in practice to reduce the risks posed to our users.

    This privacy policy was created using Termly’s Privacy Policy Generator.