Last updated: August 26, 2021
- Interpretation and Definitions
- Interpretation. The words of which the initial letter is capitalized have the following meanings, regardless of whether they appear in singular or in plural.
- “Account” means a unique account created for You by a Registered User to access the Service or parts of the Service available to such Registered User.
- “Application” means the software program named Trivory provided by Us and downloaded on any electronic device by You.
- “Business”, for the purposes of the California Consumer Privacy Act (the “CCPA”), means Terren LLC as the legal entity that collects Consumers’ Personal Data and determines the purposes and means of the processing of Consumers’ Personal Data, or on behalf of which such information is collected, and that alone, or jointly with others, determines the purposes and means of the processing of Consumers' Personal Data, that does business in the State of California.
- “Consumer”, for the purposes of the CCPA, means a Person who is a California resident. A resident, as defined in the law, includes (1) every individual who is in the USA for other than a temporary or transitory purpose, and (2) every individual who is domiciled in the USA who is outside the USA for a temporary or transitory purpose.
- “Data Controller”, for the purposes of the General Data Protection Regulation (the “GDPR”), means Terren LLC as the Person which alone or jointly with others determines the purposes and means of the processing of Personal Data.
- “Device” means any device that can access the Service, such as a computer, a cellphone, or a digital tablet.
- “Do Not Track” or “DNT”, for the purposes of the California Online Privacy Protection Act (“CalOPPA“) and other applicable law, means the concept promoted by US regulatory authorities, in particular the U.S. Federal Trade Commission (“FTC”), for the Internet industry to develop and implement a mechanism for allowing Internet users to control the tracking of their online activities across websites.
- “Person” means any individual, corporation, partnership, trust, limited liability company, association, or other entity.
- “Personal Data” means any information that relates to an identified or identifiable individual and, for an individual who is a student in any grade from kindergarten through grade 12 at a school or other educational institution that is a Registered User, includes Student Data.
For GDPR purposes, Personal Data includes any information relating to You such as a name, identification number, location data, online identifier, or one or more factors specific to Your physical, physiological, genetic, mental, economic, cultural, or social identity.
For CCPA purposes, Personal Data includes any information that identifies, relates to, describes, or is capable of being associated with, or could reasonably be linked, directly or indirectly, with You.
- “Registered User” means an elementary or secondary school, educational institution, or other organization that uses the Service under a service agreement with Us.
- “Sale”, for the purposes of the CCPA, means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a Consumer’s Personal Data to another business or a third party for monetary or other valuable consideration.
- “Service Provider” means any Person who processes Personal Data on Our behalf, including third-parties employed by Us to facilitate the Service, to provide the Service on Our behalf, to perform services related to the Service, or to assist Us in analyzing how the Service is used, and who, for the purposes of the GDPR, is considered a Data Processor.
- “Student Data”, for the purposes of applicable privacy agreements between Us and Registered Users, means any data that is descriptive of a student in any grade from kindergarten through grade 12 that, either alone or in aggregate, would allow a reasonable person to be able to identify the student to a reasonable certainty, and excludes information that has been anonymized or de-identified and anonymous usage data regarding use of the Service.
- “Third-Party Social Media Service” means any website or social network website through which a Registered User may log in to an Account to use the Service.
- “Usage Data” means data collected automatically, either generated by the use of the Service or from the Service infrastructure itself, such as the duration of a page visit.
- “You” means the individual accessing or using the Service, or the Registered User on behalf of which such individual is accessing or using the Service, as applicable.
- Types of Data Collected
- Personal Data. Unless You have an Account to use the Service, or you choose to provide Personal Data to contact Us through a contact form on the Service, We do not collect Personal Data that can be used to contact or identify You, such as Your first or last name, home address, telephone number, email address, or other information allowing online contact. If you do not have an Account, You may use most of the Service’s features by providing only information that is about You but individually does not identify You, such as the name of Your school, educational institution, or other organization, Your grade level, and Your preferred language. If you use the bus tracker feature, We will collect information about Your location.
- Usage Data is collected automatically when using the Service. Usage Data may include information such as Your Device’s Internet Protocol address (e.g. IP address), browser type, browser version, the time and date of Your visit, the pages of the Service that You visit, the time spent on those pages, and other diagnostic data.
- When You access the Service by or through a mobile device, We may collect certain information automatically, including without limitation the type of mobile device You use, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, and other diagnostic data.
- We may also collect information that Your browser sends whenever You visit the Service or when You access the Service by or through a mobile device.
- Use of Your Personal Data. We may use Personal Data for the following purposes:
- To provide and maintain the Service, including to show You information about Your school, educational institution, or other organization and, when You use the Service’s bus tracker feature, to show You nearby public bus route information, and to monitor usage of the Service for maintenance and security purposes.
- To manage Your Account if a Registered User of the Service authorizes You to create an Account, including to give You access to different functionalities of the Service that are available to Registered Users, such as importing data from a document or file in Google Drive. If You choose to import such data, Trivory will access and store it for the sole purpose of satisfying Your import request.
- To perform a contract between Us and Registered Users of the Service and comply with Our obligations regarding data security thereunder.
- To manage Your requests to Us.
- To evaluate or conduct business transfers such as a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Our assets, whether as a going concern or as part of a bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Us about the Service’s users is among the assets transferred; provided, however, that no such transfer will include Student Data.
- For other purposes permitted under privacy agreements to which We are a party and applicable privacy laws.
- Sharing Your Personal Data. We may share Your Personal Data in the following situations:
- To fulfill the purpose for which You provide it. For example, if You give us Your location to use the Service’s bus tracker feature, We will transmit Your location to the applicable transit service provider.
- With Service Providers for analytics, storage, or other services to operate and improve the Service; provided, however, that such Service Providers have adequate controls in place for the security of Your Personal Data.
- With other users, but only if You share Personal Data in a public area of the Service. Such information may be viewed by all users and may be publicly distributed by other users outside the Service.
- With Your consent, and the consent of any applicable Registered User that owns or controls Your Personal Data, for any other purpose.
We will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period, except when this data is used to strengthen the security or to improve the functionality of the Service, or We are legally obligated to retain this data for a longer period.
- Transfer of Your Personal Data. Your information, including Personal Data, is processed at Our operating offices and in any other places where the parties involved in the processing are located. This means that such information may be transferred to and maintained on computers located outside of Your state, province, country, or other governmental jurisdiction where data protection laws may differ than those in Your jurisdiction.
- Disclosure of Your Personal Data.
- Law Enforcement. Under certain circumstances, We may be required to disclose Your Personal Data by law or in response to valid requests by public authorities (e.g. a court or a government agency).
- Other Legal Requirements. We may disclose Your Personal Data in the good faith belief that disclosure is necessary to:
- Comply with a legal obligation.
- Protect and defend Our rights or property.
- Prevent or investigate possible wrongdoing in connection with the Service.
- Protect the personal safety of users of the Service or the public.
- Protect against legal liability.
- Security of Your Personal Data. We have implemented measures intended to secure Your Personal Data from unauthorized disclosure or acquisition by an unauthorized person. Unfortunately, the transmission of information via the Internet is not completely secure. We will attempt to remediate any identified security and privacy vulnerabilities in a timely manner, but We cannot guarantee the security of information transmitted to or through the Service.
- Third Party Processing of Certain Data. Service Providers We use may have access to information that has been anonymized or de-identified and anonymous usage data regarding use of the Service. They may collect, store, use, process, and transfer such information about Your activity on the Service in accordance with their Privacy Policies. For example, We may use Google Analytics to track and report website traffic on the Service to monitor and analyze the use of the Service.
- GDPR Privacy.
- Legal Basis for Processing Personal Data under the GDPR. We may process Personal Data under the following conditions:
- Consent. You have given Your consent for processing Personal Data for one or more specific purposes.
- Contract Performance. Provision of Personal Data is necessary for the performance of an agreement with You, any pre-contractual obligations thereof, or both.
- Legal Obligations. Processing Personal Data is necessary for compliance with a legal obligation to We are subject.
- Vital Interests. Processing Personal Data is necessary to protect Your vital interests or those of another Person.
- Public Interests. Processing Personal Data is related to a task that is carried out in the public interest or in the exercise of official authority vested in Us.
- Legitimate Interests. Processing Personal Data is necessary for the purposes of Our legitimate interests.
In any case, We will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement or a requirement necessary to enter into a contract.
- Request Access to Your Personal Data. You may access, update, or delete the information We have on You. Whenever made possible, You may access, update, or request deletion of Your Personal Data directly within Your Account settings section. If You are unable to perform these actions yourself, please contact Us to assist You. You may also contact Us to receive a copy of the Personal Data We hold about You.
- Request Correction of the Personal Data that We Hold About You. You may request that any incomplete or inaccurate information We hold about You be corrected.
- Object to Processing of Your Personal Data. This right exists where We are relying on a legitimate interest as the legal basis for processing and there is something about Your particular situation, which makes You want to object to processing of Your Personal Data on this ground. You may also object where We are processing Your Personal Data for direct marketing purposes.
- Request Erasure of Your Personal Data. You may ask Us to delete or remove Your Personal Data when there is no good reason for Us to continue processing it.
- Request Transfer of Your Personal Data. You may ask us to provide to You, or to a third-party You have chosen, Your Personal Data in a structured, commonly used, machine-readable format. This right applies only to automated information which You initially provided consent for Us to use or where We used the information to perform a contract with You.
- Withdraw Your Consent. You may withdraw Your consent to using Your Personal Data. If You withdraw Your consent, We may not be able to provide You with access to certain specific functionalities of the Service.
- Exercising Your GDPR Data Protection Rights. You may exercise Your rights of access, rectification, cancellation, and opposition by contacting Us. Please note that We may ask You to verify Your identity before responding to such requests. If You make a request, We will try Our best to respond to You as soon as possible.
You have the right to complain to a Data Protection Authority about Our collection and use of Your Personal Data. For more information, if You are in the European Economic Area (“EEA”), please contact Your local data protection authority in the EEA.
- CCPA Privacy.
- Categories of Personal Data Collected. The following is a list of categories of information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular Consumer or Device, which We may collect or may have collected from California residents within the last 12 months.
a. Identifiers such as a real name, alias, unique personal identifier, online identifier, Internet Protocol address, email address, account name, driver’s license number, passport number, or other similar identifiers.
b. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) such as a name, signature, Social Security number, physical characteristics or description, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.
c. Protected classification characteristics under California or federal law such as age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy, or childbirth and related medical conditions), sexual orientation, veteran or military status, or genetic information (including familial genetic information).
d. Commercial information such as records and history of products or services purchased or considered.
e. Biometric information such as genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, voiceprints, iris or retina scans, keystroke, gait or other physical patterns, and sleep, health, or exercise data.
f. Internet or other similar network activity, such as interaction with the Service.
g. Geolocation data, such as approximate physical location.
h. Sensory data, such as audio, electronic, visual, thermal, olfactory, or similar information.
I. Professional or employment-related information, such as current or past job history or performance evaluations.
j. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)), such as education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
k. Inferences drawn from other personal information, such as a profile reflecting a Person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
- Under the CCPA, personal information does not include:
- Publicly available information from government records;
- Deidentified or aggregated consumer information; or
- Information excluded from the CCPA’s scope, such as:
Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the California Confidentiality of Medical Information Act (“CMIA”) or clinical trial data
Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (“FRCA”), the Gramm-Leach-Bliley Act (“GLBA”) or California Financial Information Privacy Act (“FIPA”), and the Driver’s Privacy Protection Act of 1994
- Sources of Personal Data. We obtain the categories of Personal Data listed above from the following categories of sources:
- Directly from You, such as from forms You complete on the Service and preferences You express or provide through the Service;
- Indirectly from You, such as from observing Your activity on the Service;
- Automatically from You, such as through cookies We or Our Service Providers set on Your Device as You navigate through the Service; and
- From Service Providers, such as third-party vendors who monitor and analyze the use of the Service, or other third-party vendors that We use to provide the Service to You.
- Use of Personal Data for Business Purposes or Commercial Purposes. We may use or disclose Personal Data We collect for “business purposes” or “commercial purposes” (each as defined under the CCPA), which may include the following examples:
- To operate the Service and provide You with the Service;
- To provide You with support and to respond to Your inquiries, including to investigate and address Your concerns and monitor and improve the Service;
- To fulfill or meet the reason You provided the information. For example, if You share Your contact information to ask a question about the Service, We will use that personal information to respond to Your inquiry;
- To respond to law enforcement requests and as required by applicable law, court order, or government regulation;
- As described to You when collecting Your Personal Data or as otherwise set forth in the CCPA;
- For internal administrative and auditing purposes; and
- To detect security incidents and protect against malicious, deceptive, fraudulent or illegal activity, including, when necessary, to prosecute those responsible for such activities.
Please note that the examples provided above are illustrative and not intended to be exhaustive. For more details on how We use this information, please refer to Section 4 (“Use of Your Personal Data”).
- Disclosure of Personal Information for Business Purposes or Commercial Purposes. We may use or disclose and may have used or disclosed in the last 12 months the following categories of personal information for business or commercial purposes:
- Category A: Identifiers;
- Category B: Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)); and
- Category F: Internet or other similar network activity
Please note that the categories listed above are those defined in the CCPA. This does not mean that all, or any, examples of that category of Personal Data were in fact disclosed, but reflects Our good faith belief to the best of Our knowledge that some of that information from the applicable category may be and may have been disclosed.
When We disclose Personal Data for a business purpose or a commercial purpose, We enter a contract that describes the purpose and requires the recipient to both keep that Personal Data confidential and not use it for any purpose except performing the contract.
- Sale of Personal Data. In the preceding 12 months, We have not sold Personal Data.
- Your Rights under the CCPA.
- The CCPA provides California residents with specific rights regarding their personal information. If You are a California resident, You have the following rights:
- The Right to Notice. You may be notified which categories of Personal Data are being collected and the purposes for which the Personal Data is being used.
- The Right to Request. You may request that We disclose information to You about Our collection, use, Sale, disclosure for business purposes, and sharing of Personal Data. Once We receive and confirm Your request, We will disclose to You:
The categories of Personal Data We collected about You;
The categories of sources for the Personal Data We collected about You;
Our business or commercial purpose for collecting or selling that Personal Data;
The categories of third parties with whom We share that Personal Data;
The specific pieces of Personal Data We collected about You; and
If We sold Your personal information or disclosed Your personal information for a business purpose, the categories of personal information categories sold or disclosed.
- The Right to Delete Personal Data. You may request the deletion of Your Personal Data, subject to certain exceptions. Once We receive and confirm Your request, We will delete (and direct Our Service Providers to delete) Your Personal Data, unless an exception applies. We may deny Your deletion request if retaining the information is necessary for Us or Our Service Providers to:
Complete the transaction for which We collected the Personal Data, provide a good or service that You requested, take actions reasonably anticipated within the context of Our ongoing business relationship with You, or otherwise perform a contract with You;
Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
Debug products to identify and repair errors that impair existing intended functionality;
Exercise free speech, ensure the right of another consumer to exercise free speech, or exercise another right provided for by law;
Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546);
Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if You previously provided informed consent;
Enable solely internal uses that are reasonably aligned with consumer expectations based on Your relationship with Us;
Comply with a legal obligation; and
Make other internal and lawful uses of that information that are compatible with the context in which You provided it.
- The Right Not to be Discriminated Against. You have the right not to be discriminated against for exercising any of Your Consumer’s rights, including by:
Denying goods or services to You;
Charging different prices or rates for goods or services, including the use of discounts or other benefits or imposing penalties;
Providing a different level or quality of goods or services to You; or
Suggesting that You will receive a different price or rate for goods or services or a different level or quality of goods or services.
- Exercising Your CCPA Data Protection Rights. In order to exercise any of Your rights under the CCPA, and if You are a California resident, You can contact Us:
- By email to [email protected]
- By visiting the Website at https://trivory.com/contact
Only You, or a Person registered with the California Secretary of State that You authorize to act on Your behalf, may make a verifiable request related to Your personal information.
- Required Information for CCPA Data Protection Rights Requests. Your request to exercise any of Your rights under the CCPA must:
- Provide sufficient information that allows Us to reasonably verify You are the Person about whom We collected personal information or an authorized representative; and
- Describe Your request with sufficient detail that allows Us to properly understand, evaluate, and respond to it. We cannot respond to Your request or provide You with the required information if We cannot:
- Verify Your identity or authority to make the request; and
- Confirm that the personal information relates to You.
We will disclose and deliver the required information free of charge within 45 days of receiving Your verifiable request. We may extend the period to provide the required information once by an additional 45 days when reasonably necessary and with prior notice.
Any disclosures We provide will only cover the 12-month period preceding the verifiable request’s receipt.
For data portability requests, We will select a format to provide Your personal information that is readily useable and should allow You to transmit the information from one entity to another entity without hindrance.
- Policies on Selling Personal Data and “Do Not Track”. We do not sell or use technology that sells Personal Data as defined by the CCPA, and We do not track users over time and thus do not respond to Do Not Track (“DNT”) signals. You should know that some third party websites may engage in one or more of these activities.
If You are visiting such websites, You can set Your preferences in Your web browser to inform websites that You do not want to be tracked. You can enable or disable DNT by visiting the preferences or settings page of Your web browser. If You wish to opt out of the use of Your Personal Data by such third-party websites for interest-based advertising purposes and potential Sales of Your Personal Data, You may do so by following the instructions below. Please note that any opt out is specific to the browser You use. You may need to opt out on every browser that You use.
- Websites. You can opt out of receiving ads that are personalized as served by Service Providers on websites that sell Your Personal Data as defined by the CCPA by following the instructions presented on the following platforms:
The NAI’s opt-out platform: http://www.networkadvertising.org/choices/
The EDAA’s opt-out platform http://www.youronlinechoices.com/
The DAA’s opt-out platform: http://optout.aboutads.info/?c=2
The opt out will place a cookie on Your computer that is unique to the browser You use to opt out. If You change browsers or delete the cookies saved by Your browser, You will need to opt out again.
- Mobile Device. Your mobile Device may give You the ability to opt out of the use of information about the apps You use in order to serve You ads that are targeted to Your interests:
“Limit Ad Tracking” on iOS Devices: https://www.apple.com/privacy/control/
“Opt out of Interest-Based Ads” or “Opt out of Ads Personalization” on Android Devices:
You can also stop the collection of location information from Your mobile Device by changing the preferences on Your mobile Device.
- Policy as Required by CalOPPA. The Service does not respond to Do Not Track signals.
- Your California Privacy Rights (California’s Shine the Light law). Under California Civil Code Section 1798 (California’s Shine the Light law), California residents with an established business relationship with Us may request information once a year about sharing their Personal Data with third parties for the third parties’ direct marketing purposes. If You would like to request more information under the California Shine the Light law, and if You are a California resident, please contact Us using the contact information provided below.
- California Privacy Rights for Minor Users (California Business and Professions Code Section 22581). If You are a California resident and a Registered User of the Service has authorized you to create an Account, You may have rights under California Business and Professions Code section 22581, which allows California residents under the age of 18 who are registered users of online sites, services, or applications to request and obtain removal of content or information they have publicly posted. To request removal of such data, please contact Us using the contact information provided below and include the email address associated with Your Account. Your request does not guarantee complete or comprehensive removal of content or information posted online, and the law may not permit or require removal in certain circumstances.
- Children’s Privacy
- Information for Parents. If You are a parent or legal guardian, We want You to know Our policy regarding children’s privacy. We do not believe that We collect information that requires prior parental consent under the Children's Online Privacy Protection Act of 1998 and its rules (collectively, “COPPA”). We believe that children’s privacy is important, however, and We choose to inform You about Our practices for collecting, using, and disclosing this information specifically as they may apply to children under the age of 13.
- Information Collected from Children Under the Age of 13.
- Automatic Information Collection. We use technologies to automatically collect certain information from users when they access and navigate through the Service and use certain of its features. The information We collect through these technologies may include persistent identifiers such as cookies or IP addresses, but We do not collect or store types of persistent identifiers that can track users over time and across websites and services. If a child under the age of 13 submits additional information to Us as described in this Section 15.2, We may combine it with information We collect through these technologies.