Privacy Policy

Introduction

Welcome to the Privacy Policy of Grom Educational Services, Inc. and its subsidiaries (collectively "Grom Educational Services", “Grom”, "our", "we", or "us",). Grom Educational Services provides a software platform (“Platform”) to defend our customers’ networks against malware, advanced threats, and data loss. This Privacy Policy describes how we collect, use, disclose, store, and otherwise process your Personal Information when you use our website, services, mobile device applications, or other digital platforms. It also states how you can control the collection, correction, and/or deletion of your information. We will not use or share your information with anyone except as described in this Privacy Policy.

Please note that our website and other digital platforms may contain links to third-party websites/digital platforms that are provided for your convenience. We are only responsible for the privacy practices and security of our own products, services, and digital platforms. We recommend that you check the privacy and security policies and procedures of every other website/digital platform that you visit.

Personal Information refers to any information relating to an identified or identifiable natural person, such as an identification number, or physical, physiological, mental, economic, cultural, or social identifiers. Personal Information may include the following: name, address, date of birth, gender, and contact data (i.e., e-mail address, telephone number, and employer name). By providing your Personal Information to Grom Educational Services in the ways described in this Privacy Policy, you agree that you are authorized to provide that information and are accepting this Privacy Policy and any supplementary privacy statement that may be relevant to you. If you do not agree to our practices, please do not register, subscribe, create an account, or otherwise interact with our services, website, or mobile-device applications.


Collecting Information

Personal Information Disclosed to Grom

We collect Personal Information that you voluntarily provide to us when expressing an interest in obtaining information about us or our products and services, when using our website, services, mobile- device applications, and other digital platforms, and when otherwise interacting with us. The Personal Information that we collect depends on the context of your interactions with us. You may be providing Personal Information when (i) submitting questions and seeking information from us; (ii) subscribing to Grom Educational Services' marketing material; (iii) requesting product and/or services support; (iv) providing services to Grom Educational Services; (v) applying for a job at Grom Educational Services; or (vi) otherwise communicating with us via phone calls, chats, emails, web forms, social media, and other methods of communication. When working with us or using our services, you may be prompted to create an account that may hold Personal Information such as your name, mailing address, email address, or credit card information. Additionally, the nature of the services that we provide to our customers entails Grom Educational Services processing Personal Information.

  • In connection with operating the Platform, we may collect Personal Information (e.g., name, email address, and other contact information) from individuals associated with a corporate customer, for example, a corporate contact or administrator. We store this administrator information in our systems and use it for account maintenance and recordkeeping purposes.
  • The Platform permits our customers’ corporate administrators to enable rules and functionality to monitor and secure corporate networks. In this way, the corporate administrator may elect to use the Platform to track employees’ and end users’ Personal Information associated with their use of corporate networks, systems, and mobile devices, including but not limited to email addresses, IP addresses, login credentials, websites search terms input, websites visited, and files downloaded (“Employee Personal Information”), and can correlate Employee Personal Information to the name or identity of the employee or end user.
  • By default, our Platform processes Employee Personal Information. However, we do not ordinarily access or review Employee Personal Information because it is protected within segregated, containerized reporting databases that isolate this information. Additionally, critical information, such as passwords, is encrypted during transit and at rest, preventing direct access to the underlying information. By default, Employee Personal Information is only accessible to the customers’ administrator(s) and other authorized users who were designated by the administrator(s). In some cases, however, a customer may provide Grom administrative access to the Employee Personal Information, typically to enable us to provide customer support to the customer.
  • In connection with our mobile-device applications, we permit customers to control, secure, and enforce policies on user mobile devices (phones, tablets, PCs, etc.) in support of our services. Our mobile-device applications work in conjunction with our Platform to enforce these policies, and as such, we require expansive mobile-device permissions from the user. For example, because our service supports customer policies affecting the ability to set bookmarks and view web clips, our mobile-device applications must be granted permissions to read and write bookmarks, and install and uninstall shortcuts.
  • The Platform processes Personal Information anywhere in which a customer may be located, e.g., the US, EU, or other non-EU countries, via global data centers that are most proximate to an end user’s physical location when the end user is connected to a network and engaging in activity on the Internet. However, the customer can designate and control where the processed data are stored based on the customer’s geo-location requirements. Thus, for example, an EU-based customer may designate that all data from the customer’s end users – irrespective of where the end users are located globally – are processed and stored only in EU-based data centers.

Information Automatically Collected

Website Technical Information

Grom Educational Services may collect Technical Information about you when you visit our website, which your web browser automatically sends whenever you visit a website on the Internet. "Technical Information" is information that does not, by itself, identify a specific individual but which could be used to indirectly identify you. Our servers automatically record this information, which may include your Internet Protocol ("IP") address, browser type, browser language, and the date and time of your request. Gathering Technical Information helps us ensure our website and other services work correctly and support our customer analytics efforts.

Email Communication

We use pixel tags and cookies in our marketing emails so that we can track your interaction with those messages, such as when you open the email or click a URL link that's embedded within them. When recipients click on one of those URLs, they pass through a separate web server before arriving at the destination page on a company website. We use tools like pixel tags and cookies so that we can determine interest in particular topics and measure and improve the effectiveness of our communications.

Mobile-Device Applications & Communications

When you download or use our mobile device applications, we may receive information about you and your mobile device, such as username, group names, and other device-specific information (e.g., UUID), which we transmit to The NetSpective Webfilter to authenticate your device and thereby enable our customers to control, secure, and enforce internet content filtering and other cybersecurity protocols on the device (“Policies”). The mobile-device applications also obtain permissions from a mobile-device user to access device settings and data, including but not limited to Wi-Fi, browser histories, and bookmarks (collectively, “Settings”), to enable the application of Policies to those Settings.

The specific types of information the mobile-device applications collect may differ based on the cybersecurity package that you or your organization has purchased from Grom Educational Services, the operating system (e.g., iOS or Android) of the device on which an application is installed, and the deployment and Policies chosen. Our mobile device applications access the foregoing information automatically when installed on mobile devices, and solely to provide user functionality concerning our cybersecurity services. In addition, the gateway to which our mobile device applications communicate may track and monitor content and URL destinations depending on the Policies applied to your device and your internet browsing activity.

Cookies and Similar Technologies

Grom Educational Services uses cookies to operate and improve our website as well as to simplify the interaction with you. When you visit our website, our servers send cookies to your computer or mobile device to help personalize your experience and advertisements. Cookies help us better understand user behavior and facilitate effectiveness of advertisements. Cookies only stand to recognize your web browser but information collected from cookies is not personally identifiable. Some web browsers (including some mobile web browsers) provide settings that allow you to control or reject cookies or to alert you when a cookie is placed on your computer, tablet or mobile device. Although you are not required to accept cookies, if you block or reject them, you may not have access to all the features available through our services. For more information, visit the help page for your web browser or see http://www.allaboutcookies.org.


HOW DO WE USE PERSONAL INFORMATION?

We use Personal Information as necessary to create your account, enable you to sign up for and use the Platform, manage payments, and provide customer support. This processing is necessary to perform our contracts with our customers. We also use Personal Information as necessary for the following legitimate business interests:

  • To respond to your inquiries, comments, feedback or questions;
  • To manage our relationship with you, which includes sending administrative information to you relating to our service and changes to our terms, conditions, and policies, and asking you to leave a review or take a survey;
  • To analyze how you interact with our service and provide, maintain, and improve the content and functionality of the Platform and our customer relationships and experiences, develop our business, and inform our marketing strategy (please see the “Cookies and Similar Technologies” section to learn how we use cookies);
  • To administer and protect our business, website, and Platform;
  • To prevent fraud, criminal activity, or misuses of our website or Platform;
  • To ensure the security of our IT systems, architecture, and networks (including troubleshooting, testing, system maintenance, support, and hosting of data); and
  • To comply with legal obligations and legal process as well as protect our, our affiliates, your and third parties’ rights, privacy, safety, or property, and to recover debts due to us.

For information about what we mean by legitimate interests and the rights of individuals in the European Union (“EU”), please see the “What Are EU Data Subjects’ Specific Privacy Rights?” section, below.

Marketing

We may contact you to provide information we believe will be of interest to you. For instance, if you elect to provide your email address, we may use that information to send you promotional information about our products and services. If we do, where required by law (for example, if you are in the EU), we will only send you such emails if you consent to us doing so at the time you provide us with your Personal Information. You may opt out of receiving emails by following the instructions contained in each promotional email we send you or by contacting us. If you unsubscribe from our marketing lists, you will no longer receive marketing communications, but we will continue to contact you regarding our Site and Services and to respond to your requests.


Personal Information Shared with Third Parties

Vendors and Service Providers

Grom Educational Services will not rent or sell your Personal Information to others but may disclose personal information with third-party vendors and service providers that work with Grom Educational Services. For example, if you acquire our products and services via an authorized Grom Educational Services distribution partner or reseller, we may provide your Personal Information to that partner or reseller to facilitate your use of those products and services. We will only share personal information to third-party vendors and service providers to help us provide a product or service to you.

We require our third-party service providers agree to keep confidential all information that we share with them and to use the information only to perform their obligations in the agreements we have in place with them. These third-party service providers are expected to maintain privacy and security protections that are consistent with Grom Educational Services’ privacy and information security policies. In cases of onward transfer to third parties of your Personal Information, Grom Educational Services is potentially liable. In particular, Grom Educational Services remains responsible and liable if third-party service providers that it engages to process the Personal Information on Grom Educational Services’ behalf do so in a manner inconsistent with Grom Educational Services’ principles, unless Grom Educational Services proves that it is not responsible for the event giving rise to the damage.

Disclosure of Personal Information for Legal and Safety Reasons

Grom Educational Services may be required to disclose Personal Information to the authorities, law enforcement agencies, government agencies, or legal entities to comply with valid legal process including subpoenas, court orders, or search warrants, and as otherwise authorized by law. Additionally, we may disclose Personal Information (i) to the extent permitted by applicable law in special cases in which we believe it is reasonably necessary to investigate, identify, or take preventive measures, or bring legal action against someone who may commit or cause harm, fraud, abuse, or illegal conduct, such as a threat of harm to you or anyone else, interference with our rights or property, or interference with U.S. homeland or national security or public safety anywhere in the world; or (ii) in the event of an emergency that threatens an individual's life, health, or security.

Affiliates

Grom Educational Services may share customer information within our family of companies for a variety of purposes, for example to provide you with the latest information about our products and services.


Transferring Personal Information Internationally

To facilitate our global operations, Grom Educational Services may transfer Personal Information from your home country to other Grom Educational Services locations across the world. Grom Educational Services primarily stores Personal Information about prospective and actual customers in the United States. Additionally, we create customer-specific, encrypted backups of end user data that are stored in third party data centers, however that data reside in purely encrypted form and cannot be decrypted without a private key that our customers hold.

If the Personal Information is transferred to countries without 'adequate' protection as determined by the European Commission, we will use additional safeguards to ensure your Personal Information receives adequate security and your rights continue to be protected. You understand that in providing Personal Information to us via our website, Platform, or through other interactions with us, you consent to the transfer of your Personal Information to the United States and other jurisdictions in which we operate.


Retention Policy

Grom Educational Services retains your Personal Information as long as reasonably necessary for the business purposes described in this Privacy Policy, and/or as long as is reasonably necessary to provide you with our products and services, or as reasonably necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

If you have elected to receive marketing communications from us, we retain information about your marketing preferences until you opt out of receiving these communications and in accordance with our policies.

To determine the appropriate retention period for your Personal Information, we will consider the amount, nature, and sensitivity of the Personal Information, the potential risk of harm from unauthorized use or disclosure of your Personal Information, the purposes for which we use your Personal Information and whether we can achieve those purposes through other means, and the applicable legal requirements.


Information Collected from Children

Our website and services are directed toward a general audience. We do not knowingly collect information about children under the age of 13, or minors otherwise defined in local law or regulation, without verifiable parental consent. If we learn that someone under 13 has provided Personal Information through our website, we will use reasonable efforts to remove that information from our databases.


California Residents’ Specific Privacy Rights

Online Tracking and Do Not Track Signals. We may, and we may allow third-party service providers to, use cookies or other tracking technologies to collect information about your browsing activities over time and across different websites following your use of the Site. Our Site currently does not respond to “Do Not Track” (“DNT”) signals and operates as described in this Privacy Policy whether or not a DNT signal is received. If we do respond to DNT signals in the future, we will describe how we do so in this Privacy Policy.


EU Data Subjects’ Specific Privacy Rights

Scope

This section applies to individuals in the EU (for these purposes, reference to the EU also includes the European Economic Area countries of Iceland, Liechtenstein, Norway, the United Kingdom, and, to the extent applicable, Switzerland).

Data Controller

Data protection laws in the EU differentiate between the “data controller” and “data processor” of Personal Information. Grom Educational Services is the data controller for the processing of your Personal Information relating to customer accounts, marketing, and Personal Information collected through our website and other digital platforms. You can find our contact information, and the contact information of our EU-based representative, in the “Contacting Grom Educational Services” section below.

Data Processor

Grom Educational Services is the data processor for the processing of Employee Personal Information. If you are an employee or end user of one of our customers, please contact the appropriate customer of Grom Educational Services to exercise the rights described below.

Legal Bases for Processing

This Privacy Policy (the paragraph “How Do We Use Personal Information?”) describes the legal bases we rely on for the processing of your Personal Information. Please contact us if you have any questions about the specific legal bases on which we are relying to process your Personal Information.

As used in this Privacy Policy, “legitimate interests” means our interests in conducting our business and developing a business relationship with you. This Privacy Policy describes when we process your Personal Information for our legitimate interests, what these interests are and your rights. We will not use your Personal Information for activities where the impact on you exceeds our legitimate interests, unless we have your consent or those activities are otherwise required or permitted by law.

Your Rights

Pursuant to the European Union General Data Protection Regulation (or GDPR), you have the following rights in relation to your Personal Information, under certain circumstances:

  • Right of access: If you ask us, we will confirm whether we are processing your Personal Information and, if so, provide you with a copy of that Personal Information along with certain other details. If you require additional copies, we may need to charge a reasonable fee.
  • Right to rectification: If your Personal Information is inaccurate or incomplete, you are entitled to ask that we correct or complete it. If we shared your Personal Information with others, we will tell them about the correction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Information so you can contact them directly.
  • Right to erasure: You may ask us to delete or remove your Personal Information, such as where you withdraw your consent. If we shared your data with others, we will tell them about the erasure where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Information with so you can contact them directly.
  • Right to restrict processing: You may ask us to restrict or “block” the processing of your Personal Information in certain circumstances, such as where you contest the accuracy of the data or object to us processing it (please read below for information on your right to object). We will tell you before we lift any restriction on processing. If we shared your Personal Information with others, we will tell them about the restriction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Information so you can contact them directly.
  • Right to data portability: You have the right to obtain your Personal Information from us that you consented to give us or that was provided to us as necessary in connection with our contractual obligations, and that is processed by automated means. We will give you your Personal Information in a structured, commonly used and machine-readable format. You may reuse it elsewhere.
  • Right to object: You may ask us at any time to stop processing your Personal Information, and we will do so:
    • If we are relying on a legitimate interest to process your Personal Information — unless we demonstrate compelling legitimate grounds for the processing or we need to process your data to establish, exercise, or defend legal claims;
    • If we are processing your Personal Information for direct marketing. We may keep minimum information about you in a suppression list to ensure your choices are respected in the future and to comply with data protection laws (such processing is necessary for our and your legitimate interest in pursuing the purposes described above).
  • Right to withdraw consent: If we rely on your consent to process your Personal Information, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect any processing of your data before we received notice that you wished to withdraw consent.
  • Right to lodge a complaint with the data protection authority: If you have a concern about our privacy practices, including the way we handled your Personal Information, you can report it to the data protection authority that is authorized to hear those concerns (in the UK, the Information Commissioner’s Office (ICO), who can be contacted at https://ico.org.uk/concerns, and in other EU countries the data protection authority of the country in which you are located).

Please see the “ Contacting Grom Educational Services ” section below for information on how to exercise your rights.


Securing Your Personal Information

Grom Educational Services uses technical and physical safeguards to protect the security of your Personal Information from unauthorized disclosure. We also make commercially reasonable attempts to ensure that only necessary people and third parties have access to Personal Information. Nevertheless, such security measures cannot prevent all loss, misuse, or alteration of Personal Information, and we are not responsible for any damages or liabilities relating to any such incidents to the fullest extent permitted by law.


Updates to the Privacy Policy

Grom Educational Services may review and update this Privacy Policy periodically without any prior notice. We will post a notice on our website to inform you of any changes to the Privacy Policy and indicate when it was most recently updated. In the case of material changes that may adversely affect you, we may provide a more direct way of notifying you of changes to this Privacy Policy.


Contacting Grom Educational Services

To contact Grom Educational Services about any of the foregoing matters, please use the following addresses:

Mailing Address:

Grom Educational Services, Inc.
3280 Pointe Parkway, Suite 2500
Peachtree Corners, GA 30092
Email Address: netspectivewebfilter@gromedu.com