Last Updated: September 12, 2023
Engageable is a service intended for users within educational settings with policies aimed to protect children. It is intended for use with students of all ages with appropriate consent, and to protect Student records. It is compatible for use in schools subject to FERPA, and complies with COPPA and GDPR requirements. Swivl is also a Privacy Pledge Signatory and works to safeguard Student privacy regarding the collection, maintenance, and use of Student personal information.
This policy is separate and unique from our company website Swivl.com or any other Swivl service that may be linked to it. If you link to any of our other websites or services, please review the privacy policies posted at those sites and services, as they may differ.
Table of Contents
How we Collect, Use and Disclose Non-Personal Information
For each visitor to our website, we collect non-personally-identifiable information including IP address, profile information, aggregate user data, preferences, technical session information, browser type (“non-personal information”). If you arrived at our website via a link from another webpage, we also may receive aggregate or otherwise anonymous statistical information about your visit to our site. We also use information collected from cookies and other anonymous identifiers to improve your user experience and the quality of our services. If you give us personal information, we may remove the identifiers and aggregate it, in which case it also becomes non-personal information. We will not use non-personal information for any reason other than the purpose for which it was collected or authorized for use. We may use or share aggregate non-personal information for any reason.
What Personal Information We Collect
For the purposes of this Policy, “personal information” is any information that identifies or can be used to contact a particular individual. The types of personal information we may receive through the Services are determined by our users and, as such, are not under our control. The personal information we receive includes the following categories.
- Contact information – first name, last name, email address, position, institution.
- User Account and web portal information – user account or web portal username and log-in password, user audio/video files and transaction histories, and other information that we may request or that you may provide relating to your account. Video/audio files might contain personal information of the user.
- Communications information – copies of communications and inquiries you have submitted to us, including through email, calls, and features available on our website.
- Device and usage information – details regarding how and when you use our website and Services, including the device used to connect to our website or software, your IP address, the frequency and duration of your usage, the pages you view, what websites or search terms referred you to the website, and information about your interaction with our website and software.
Please note that we may aggregate or anonymize the foregoing types of data such that they are no longer capable of identifying you, in which case they are no longer considered “personal information.”
We also may collect and store personal information about other people that you provide to us. If you use our website to send others information that may interest them or messages through our system, we may store your personal information, and the personal information of each such recipient. Similarly, if you use our website to share and/or distribute content (including videos, comments or other submissions), and such content contains personal information about others, such information may be stored in order to allow for such uploading, sharing and/or distribution.
Google Calendar Integration
The site will have access to both your Google Calendar and any other calendar you access via Google in order to power our Engageable Calendar Integration tool, and allow you to time block on your Calendar. With this integration, you will have the ability to: create or change Engageable time blocks on your calendar, and update individual calendar events.
Engageable use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.
How We Use and Disclose Personal Information
We only use or process personal information in a way that is compatible with and relevant for the purpose for which it was collected or authorized for use. We may use personal information we collect to provide the service or transaction you requested, and importantly, to maintain and improve the services we provide, including for example by providing you with a better user experience when accessing our services. We may use your personal information to respond to your requests. Our use of information other than for the purpose of completing a requested transaction or service is on an opt-in basis. This means that you will not receive communications from us regarding, for example, specials, new products or new services, unless you have given us affirmative permission to receive such communications.
When the information we collect about you is aggregated, anonymized, or otherwise does not identify you, we may use that information for any purpose or share it with third parties, to the extent permitted by applicable law.
Compliance with FERPA and COPPA
Swivl complies with FERPA and COPPA when applicable to us. When FERPA applies, we act as a “school official” to our educational institution customers. As such, we are under the direct control of the educational institution and use students’ personal information only to provide our services to the educational institution. To the extent COPPA applies, the educational institution is responsible for providing us with any necessary consent on behalf of students’ parents or guardians to permit the use of Engageable by students.
Children under the age of thirteen (for U.S. users) and sixteen (for non-U.S. users) can use the Engageable services with consent from a parent or legal guardian. An educator can also provide consent and assume responsibility for obtaining the appropriate parental consent. Swivl does not knowingly accept, collect, maintain or use any information from any child under the age of thirteen (for U.S. users) or sixteen (nor non-U.S. users) without the appropriate consent. If a child whom Swivl knows or suspects to be under the age of thirteen (for U.S. users) or sixteen (for non-U.S. users) sends personal information to us online without appropriate consent, we will only use that information to respond directly to that child, notify the parents or legal guardians, or seek parental or other appropriate consent. Parents can at any time request deletion of data or of the entire account.
- The types of information we collect from children: see section titled “What Personal Information We Collect”. Please note that we do not require children to disclose more information than is reasonably necessary to participate in and utilize the Engageable services.
- How we use the information we collect from children: We use the information we collect from children to register them for and provide them with the Engageable services. We may also use the information to assist us in updating and improving the Engageable services. We do not use the information for purposes unrelated to the Engageable services.
- Third parties to whom we disclose personal information from children: see our list of subprocessors. Please note that no other “operators” (as defined by COPPA) may collect or maintain personal information from children through the Engageable services.
Parents, guardians, or educators (as appropriate) may review the personal information we maintain about their child, require us to correct or delete the personal information, and/or prohibit the further collection or use of the child’s personal information. To do so, follow the instruction in the “How to Access and Control Your Information” section below.
Retention of Data and Authorized Data Processors
Users are responsible for determining the duration necessary to retain content for their purposes. When the purpose is complete, it is recommended that users delete the content. Note that content deleted by the user is retained for 30 days for recovery purposes due to accidental deletion (per user request) and then removed permanently from the Engageable storage servers. In addition, if a users account is inactive for more than a calendar year, content will be automatically deleted using the same procedure. This insures that data is not retained any longer than is required.
We may share your personal information with our authorized service providers (sub-processors) that perform certain services on our behalf. These services may include providing customer service, performing business analysis and supporting our website functionality or other services that are necessary to operate the site. We do not disclose any personal information to authorized service providers from Student Account holders beyond what is necessary to operate the site. See our List of Sub-processors.
We may share personal information of users above the age of sixteen on an opt-in basis to business partners to support contests, sweepstakes, surveys and other features offered through our website now or in the future.
How To Access and Control Your Information
You, as well as the educational institutions and teachers who have authorized your access, have the right to request a copy of your information, to object to our use of your information, to request the deletion of your information, or to request your information in a structured, electronic format. Below, we describe the tools and processes for making these requests. For all other requests, you may contact us as provided in the Contact Us section below to request assistance.
Your request and choices may be limited in certain cases: for example, if fulfilling your request would reveal information about another person, or if you ask to delete information which we are permitted by law or have compelling legitimate interests to keep. If you have unresolved concerns, you may have the right to complain to a data protection authority in the country where you live, where you work or where you feel your rights were infringed.
Our Services give you the ability to access and update certain information about you from within the Service. You can update your profile information within your profile settings and modify content that contains information about you using the editing tools associated with that content.
If you no longer wish to use our Services and you wish to delete your account, please contact Engageable Support as shown in the Contact Us section.
Teachers and school administrators using the service may receive promotional communications and may opt out of such communications by using the unsubscribe link within each email, updating your email preferences within your Service account settings menu, or by contacting us as provided below to have your contact information removed from our promotional email list or registration database. Even after you opt out from receiving promotional messages from us, you will continue to receive transactional messages from us regarding our Services.
Other Situations That Require Sharing Data
– In response to a subpoena or similar investigative demand, a court order, or a request for cooperation from law enforcement or other government agency; to establish or exercise our legal rights; to defend against legal claims; or as otherwise required by law. In such cases, we may raise or waive any legal objection or right available to us, in our sole discretion.
– When we believe disclosure is appropriate in connection with efforts to investigate, prevent, report or take other action regarding illegal activity, suspected fraud or other wrongdoing; to protect and defend the rights, property or safety of our company, our users, our employees, or others; to comply with applicable law or cooperate with law enforcement; or to enforce our Legal Terms or other agreements or policies.
– In connection with a substantial corporate transaction, such as the sale of our business, a divestiture, merger, consolidation, or asset sale, or in the unlikely event of bankruptcy.
Information for Residents of the European Union
Swivl’s customers, and not Swivl, determine the purposes and means of processing personal information through the site. With respect to personal information regarding individuals in the EU and UK, Swivl is a “processor” under the EU General Data Protection Regulation and the UK’s version of the same (collectively, the “GDPR”). Swivl’s customers are the “controllers” under the GDPR (if applicable). As controllers, Swivl’s customers are responsible for disclosing the rights individuals in the EU and UK may have under the GDPR with respect to their personal information, as well as other information regarding the collection and use of that information under the GDPR, as applicable. Those rights include the (1) right to access the personal information or receive a copy of it, (2) right to request personal information be corrected if it is inaccurate, (3) right to request that personal information be erased, and (4) right to withdraw their consent or object to further processing. If you have questions about the processing of your personal information, about your rights under the GDPR, or wish to exercise those rights, please contact the relevant Swivl customer acting as the controller. To the extent you submit such inquiries to us, we will forward them to our customer (as the controller) and work with the customer to address your inquiry, as appropriate.
Engageable’s services are hosted and operated entirely within the United States, or within Canada for Canadian users. Any information you submit to us is presumed to be hosted on servers located within the USA, or Canada for Canadian users. By submitting information to us you consent to this transfer of your personal information to the United States with the exception of Canadian users. To meet the adequacy and security requirements for data transfers from customers that operate in the EU or for whom we may process personal information relating to individuals in the EU, Swivl offers Standard Contractual Clauses approved by the European Commission as part of its standard data processing addendum.
Information for California Residents
As indicated above, Swivl does not control the purposes and means of processing personal information. As such, it is not a “business” pursuant to the California Consumer Privacy Act (“CCPA”). From time to time, Swivl may provide Services to customers that are “businesses” and will enter into contracts that prohibit Swivl from retaining, using, or disclosing the personal information for purposes other than those specified in the parties’ contract. In that event, Swivl is a “service provider” pursuant to the CCPA. If you have questions about the processing of your personal information, about your rights under the CCPA, or wish to exercise those rights, please contact the relevant Swivl customer acting as the “business.” To the extent you submit such inquiries to us, we will forward them to our customer and work with the customer to address your inquiry, as appropriate.
California Civil Code Section § 1798.83 permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, send an email to firstname.lastname@example.org
How we Approach Security
We have implemented generally accepted standards of technology and operational security in order to protect personal information from loss, misuse, alteration, or destruction. We will use our reasonable efforts to limit access to your personal information to our authorized personnel and approved processors, and these employees and vendors are required to treat this information as confidential. Despite these precautions, we cannot guarantee that unauthorized persons will not obtain access to your personal information.
Sharing & Social Media Guidelines
Other users of the service can see or access the information you post through Engageable when shared using “Public” (not provided to users under 16). When shared using “Private” (weblink, Discussions, etc), they can only be viewed as defined by the sharing tool and cannot be seen by general service users. You can deliberately share public links via email or social media for all content. You are responsible for the content of anything you share, in accordance with our Legal Terms.
The Engageable Services includes the ability to forward text. audio and videos to others. If you use the Engageable™ Services to post information about yourself or others, or communicate with others; share content (e.g. pictures, videos, audio files, etc.); and post comments of content, such postings are governed by our Legal Terms. Whenever you voluntarily disclose personal information on publicly-viewable web pages, that information will be publicly available and can be collected and used by others. For example, if you post your email address, you may receive unsolicited messages. We cannot control who reads your posting or what other users may do with the information you voluntarily post, so we encourage you to exercise discretion and caution with respect to your personal information. Once you have posted information, you may not be able to edit or delete such information.
The Engageable Services uses social sharing buttons, which help share web content directly to the social media platform in question. Users are advised before using such social sharing buttons that they do so at their own discretion and note that the social media platform may track and save your request to share a web page respectively through your social media platform account. Your use of these platforms is governed by their respective privacy policies and terms.
If you have any questions, please contact us at:
1450 El Camino Real, Menlo Park, CA 94025
For European privacy related inquiries, contact us at: email@example.com