Leepfrog Technologies, Inc. (“Leepfrog”) respects the individual privacy of its customers, employees and consumers.  This Safe Harbor Privacy Policy Statement (the “Policy”) describes the privacy principles followed by Leepfrog Technologies CourseLeaf suite of products, with respect to transfers of personal information from the European Economic Area (EEA) to the United States. This policy includes the CourseLeaf CAT, CIM and CLSS products (“CourseLeaf”), when hosted by Leepfrog Technologies, Inc.

The U.S.-European Union Safe Harbor Framework is an agreement with the goal allowing U.S. organizations to meet EU privacy requirements.  We have certified that we adhere to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement.  If there is any conflict between the policies in this privacy policy and the Safe Harbor Privacy Principles, the Safe Harbor Privacy Principles shall govern.  To learn more about the Safe Harbor program, and to view our certification page, please visit http://www.export.gov/safeharbor/

Notice:

CourseLeaf collects some amount of personal information about users (“PII”). This consists of the given name, surname, email address and login name.  These users include staff, faculty, students and other members of an institution or other organization.  This information is utilized by Leepfrog Technologies in order to authenticate and authorize users of CourseLeaf, to communicate with users about workflow and other pertinent information, to display given names and surnames of users to users of the application, for functional logs describing the behavior of a user on the site (which are utilized by Leepfrog staff and by the purchaser of CourseLeaf to analyze site activity), and to maintain the relationship between the username and the roles of the user.  (e.g., whether a user is an administrator, or whether a user is a course coordinator for a specific course.)  This information is also disclosed to other users of the application.

The only PII collected is necessary for the software to perform its function.  We do not collect additional PII such as birthdates, phone numbers, postal addresses, government identifiers, passwords, etc.

Choice:

Because all PII collected by CourseLeaf is necessary for application functionality, and because we do not share this data with third parties, there is no direct way for a user to opt out of the above listed use of this data while still being able to use the application.  However, an institution which purchases CourseLeaf does have the option to create accounts on its systems which hide actual PII.  These accounts can then be utilized by CourseLeaf.  As an example, a department chair could have the name “Physics Chair”, the email address “phychair@university.edu”, and the username “phychair”.

Onward Transfer (Transfer to Third Parties)

PII collected by CourseLeaf is not transferred to third parties.

Access

CourseLeaf integrates with an institution's authentication system, and most PII in CourseLeaf comes from this source.  Therefore this information is kept up to date automatically as it is updated by the institution.  Any information which is not provided in an ongoing basis by the institution's authentication system can be updated by the institution's CourseLeaf administrator(s), using the CourseLeaf console.  Therefore, an individual wishing to have access to their PII and to be able to correct, amend or delete that information with CourseLeaf can do that by working directly with the institution with whom they are affiliated.

Security

Leepfrog Technologies will take reasonable precautions to protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction.

Data Integrity

Leepfrog Technologies will use PII in ways relevant for the purposes for which it is to be used.  We will take reasonable steps to ensure that data is reliable for its intended use, accurate, complete and current.

Enforcement and dispute resolution

Leepfrog will conduct compliance audits of its relevant privacy practices to verify adherence to this Policy.

Questions or concerns relating to the disclosure of PII, including complaints about your privacy and our collection or use of your personal information, should be directed at eu-safeharbor@courseleaf.com, or “EU Safe Harbor, c/o Leepfrog Technologies, Inc.  2105 ACT Circle, Iowa City, IA  52245  US”.

Leepfrog has further committed to refer unresolved privacy complaints under the US-EU Safe Harbor Principles to an independent dispute resolution mechanism, the BBB EU SAFE HARBOR, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/us/safe-harbor-complaints for more information and to file a complaint.

Location of and changes to EU Safe Harbor Policy

This policy may be downloaded at any time from http://www.courseleaf.com/eu-safeharbor-privacy-policy.  This policy may be amended from time to time, consistent with the requirements of the Safe Harbor Principles.

Effective Date:  June 15, 2016