European Privacy Notice
Effective Date: May 25, 2022
This European Notice provides additional information about how we collect and use your personal data and the rights you have under European data protection laws, like the General Data Protection Regulation (“GDPR”), when we process personal data about you as a controller. A “controller” is a term used in the GDPR to describe the legal entity that decides how and why your personal data is processed and is distinguished from a “processor”, who is only permitted to personal data under the instruction of a controller.
A note about Clever as a processor. In general, we provide our Services to Schools. As a result, for much of the personal data we process through the Services, including Student Data, we act as a processor on behalf of a School and process personal data for the purposes of providing the Services specified in our agreement with the School. This means it is primarily our School customer, as the controller of your personal data, that controls what personal data we collect through the Services and how we use your data. If you have a question or would like to exercise any of your privacy rights in relation to personal data we process as a processor, please contact the relevant School directly. This European Notice does not describe our practices with regard to personal data we process as a processor.
Purposes and Legal Basis for Processing. If you are located in Europe, we need a lawful basis to collect and use your personal data. Our lawful basis will depend on the information concerned and the context in which it is processed. We may process your personal data in order to enter into or perform a contract with you. In other circumstances, we may process your information with your consent, or where the processing is in our legitimate interests and those interests are not overridden by your rights and freedoms. We may also need to process your information to comply with our legal obligations. The table below sets out the purposes for which we process your personal data and our legal basis.
|Where we have a contract with you, to perform that contract.||Operate, maintain and provide our Website and ServicesCreate and maintain your account, and enable you to log in and update your account and profileRespond to any requests you send us about our Services and provide you with information you have specifically requestedSend you technical updates, security alerts, and other support and service-related messages||Name, contact information and other account informationInformation we receive from third party social networks or authentication services such as Google or AppleDevice information (such as IP address and browser type)Messages you send to us and other information you choose to provide us|
|With your consent||Send you promotional or marketing materials in accordance with your marketing preferences||Name and contact information|
|To comply with our legal or regulatory obligations||Comply with applicable statutes or regulationsShare information with law enforcement or other third parties when compelled to do soTo protect the rights, privacy, property, interests or safety of Clever or our affiliated companies, customers, users, employees or the general public||Name and account informationOther information as described above|
International Data Transfers. We are based in the United States and any information collected through the Services is stored and processed in the United States. If you are located in Europe, you understand that in using the Services your personal data will be transferred to and processed in the United States and other countries where our third party service providers and partners operate. These countries may have data protection laws that are different to the laws of your country and, in some cases, may not be as protective.
We’ve taken appropriate safeguards to ensure that your personal data remains protected when it is processed in the United States and elsewhere outside Europe, including transferring your information to a country that the European Commission or UK authorities (as applicable) have determined provides an adequate level of protection for personal data, or by implementing standard contractual clauses with Schools and our third party service providers and partners. Where appropriate, we also use additional safeguards to ensure that your information remains protected in accordance with applicable data protection laws.
Your Rights and Choices. If you are located in Europe, you may be able to exercise the following rights:The Right to Access the personal data that we hold about you and obtain confirmation that we process your information.The Right to Rectify any information you think is inaccurate or ask us to complete information you think is incomplete.The Right to Erasure of your personal data in certain circumstances.The Right to Restrict our processing of your personal data in certain circumstances.The Right to Object to our processing of your personal data if we do so in reliance on our legitimate interests and our interests are outweighed by your fundamental rights and freedoms.The Right to Withdraw your Consent if we have obtained your consent to process your personal data, at any time.The Right to Portability of the information that you have given us in a machine-readable format to you or another organization.The Right to Opt-out of Marketing at any time.
To exercise any of these rights, please see the section titled “To Submit your Privacy Rights Requests” below. We respond to all requests we receive within one month and in accordance with applicable data protection laws. Please be aware that there are some exemptions, which means you may not always be able to exercise these rights.
Finally, although we hope you will resolve any issues you have with us directly you may also complain to a data protection authority about our collection and use of your personal data. For more information, please contact your local data protection authority. Contact details for data protection authorities in the European Union are available here and for the UK Information Commissioner’s Office are available here.
To Submit your Privacy Rights Requests. You may submit a request to exercise your rights under applicable data protection laws through the mechanism described below. We may need to verify your identity before processing your request, which may require us to request additional personal data from you or require you to log into your account, if you have one. In certain circumstances, we may decline or limit your request, particularly where we are unable to verify your identity or locate your information in our systems, or as permitted by law.
If you would like to submit a privacy request, please email us at email@example.com with the subject line “GDPR request”.
Controller’s contact details. Clever, Inc. is the controller of your personal data. There are several ways you can contact us. You can contact us by visiting our Help Center or by emailing us at firstname.lastname@example.org
As explained above, if we have collected and use your personal data at the direction of and under the control of a School then we process your personal data as a processor. If this is the case, the School is the controller responsible for your personal data and you should contact that School if you have any privacy-related questions or concerns about their privacy practices.
Changes to this European Notice. Clever may modify or update this European Notice from time to time so you should review this European Notice periodically. If we change this European Notice in a material manner, for example if we seek to use personal information in a materially different way than we had previously, we will notify you of these changes.