Last updated August 25, 2022
International Data Protection Legal Compliance
The Polaris School complies with local data protection laws internationally. Different jurisdictions cover users in different regions, and our deletion and inquiry processes vary by region. Users in the United Kingdom, European Union and State of California, US have special rights to data protection and The Polaris School handles the data and processing of users in these regions differently to users in the rest of the world, in compliance with local laws. Read our GDPR (UK), GDPR (EU) and CCPA (California) Compliance Policies for more information.
1a) Personal Information that we collect in order to provide access to our Services
The Polaris School collects the following personal identifiable information about every student (or parent, for email addresses) enrolled in The Polaris School in order to provide access to our Services:
- Full Name
- Email Address
- Date/Time of Last Login
- Active Subscriptions
We additionally collect the following (only) for analytical purposes and users can choose to delete this personal data through a request form here:
- Date of Birth
This personal information is collected i) in order to provide our Services; ii) to prevent fraud and criminality; iii) to provide the correct language (in the event that the Service or Content is available in multiple languages in future; iv) to provide communication with parents and/or students; v) to facilitate access to the Service. The personal information is collected at the time of sign up for a new The Polaris School account, and users can request for adjustments to be made at any time by contacting us here. Users can additionally at any time request for their personal information and account to be deleted here.
1b) Storage of Personal Information that we collect
In the event that personal information has to be migrated from Outseta to another platform, you will be notified in writing prior to, and/or after, the migration has taken place. For the duration of, and strictly limited to, the migration process, personal information may be downloaded in plain text to be transferred over to the new data storage platform. Every care will be taken during the migration process to protect users’ personal information. Immediately after completion of migration, any and all downloaded copies of personal information will be securely destroyed.
1c) Deletion of Personal Information that we collect
In accordance with our GDPR (UK) Compliance Policy, GDPR (EU) Compliance Policy and CCPA (California) Compliance Policy (depending on user jurisdiction), The Polaris School respects and complies with all data protection rights for users in the United Kingdom, European Union, State of California, United States and worldwide. In the event of a request for deletion of personal information, we will endeavour to delete all personal information linked to the user at the earliest opportunity including any external documents, email servers and storage providers, except where we are legally required to hold it (in the event of criminality) and in the event of abuse of the platform. Users can request the information we hold about them at any time by contacting us regarding a personal data inquiry, however a request for full deletion of a user's account prior to the inquiry for personal data will nullify any later request for personal information. We comply with any and all requests by law enforcement in the event that suspected criminality has occurred by a user through the use of, or aided by the use of, The Polaris School platform. Information requested by law enforcement may be held, even if a user requests deletion of their personal data, providing it is held in compliance with local laws. The Polaris School is not liable for any losses incurred as a result of accidental account deletion requests on a user’s part. In the rare event that a user’s account data is deleted by The Polaris School mistakenly (without a request), the user agrees that The Polaris School will provide access to materials made inaccessible as a result of the mistake and attempt to restore the user’s account and deleted personal data as soon as possible, once The Polaris School becomes aware of the issue. If lost materials are no longer available, an alternative equivalent to that of the prior purchased materials’ value will be made available to the affected account.
1c) i) Rights Under GDPR (For Users in the United Kingdom)
1c) ii) Rights Under GDPR (For Users in the European Union)
1c) iii) Rights Under California Consumer Privacy Act (CCPA) (For Users in the State of California, United States)
1c) iv) Rights For Users Internationally (Excluding United Kingdom, European Union and State of California, United States)
1c) v) Changes to Rights If Users Move Abroad
1d) Handling cyberattacks, system failures, leaks and breaches of security
The Polaris School only utilises external platforms with the strongest security measures for data storage and handling of personal information. The platform itself stores no personally identifiable or anonymised data about users - with all user information securely stored on Outseta’s servers and passed through to the platform when a user signs up or logs in. The Polaris School protects access to external platforms with extreme attention to security and with regular reviews of security to ensure no personal information is made public.
In the event of a cyberattack, system failure, leak or breach of security, once identified and verified, The Polaris School will immediately report the event to relevant authorities and/or platform providers (Outseta, Webflow and others) to ensure access is locked down and users’ data is immediately inaccessible to bad actors or any unauthorised users. The Polaris School will immediately contact affected users, detailing the information that may have been leaked with information on the date and time of the event. Account passwords are stored differently, but also protected by our external platform provider Outseta and encrypted to prevent misuse. The Polaris School does not have access to, and cannot access under any circumstances, a user’s password. In the event of a password breach, users will be immediately contacted and encouraged to update their password.
1e) Storage of Billing Information
1f) Storage of Personally Unidentifable Data
In addition to the identifiable data we collect as outlined in subsection 1a, we also collect and handle unidentifiable random data that cannot be tied to a specific user, and is used more broadly to track overall site statistics. We track the following information with no identifiers and with no way of associating the data with a user:
- Site Views
- Active Users Count
These categories of data are tracked via Outseta and used to provide anonymous statistics.