Privacy Policy
Effective Date: March 27, 2024
Boxlight, Inc. is committed to privacy and data protection. This Privacy Policy applies to all personal data Boxlight collects from you, through our interactions with you and through our products; as well as how we use and protect that data. Boxlight is the controller of this data.
The Privacy Policy applies to all websites which are run by, or under the control of, Boxlight (collectively, the “Sites”), and our Products and Services. All references to “Boxlight”, “the Company”, “we” and “our” include not only Boxlight, Inc., located at 2750 Premier Parkway, Suite 900, Duluth, GA 30097, but also our wholly owned subsidiaries, unless expressly stated otherwise.
This Privacy Policy does not apply to the data you input to our Products and Services, or the files generated using our Products and Services (“Your Content”). You act as the controller of Your Content. Boxlight does not process or have access to Your Content.
This Privacy Policy does not apply to any third-party applications or software that integrate with our Sites, Products and Services, or any other third-party products, services or businesses (collectively, “Third Party Services”). Third Party Services are governed by their own privacy policies. We recommend you review the privacy policy governing any Third Party Services before using them.
Click here to manage your Cookie consent for this website.
PLEASE BE AWARE THAT BOXLIGHT AND ALL ASSOCIATED SERVICES AND SYSTEMS ARE HOUSED ON SERVERS IN THE UNITED STATES. IF YOU ARE LOCATED OUTSIDE OF THE UNITED STATES, INFORMATION WE COLLECT (INCLUDING COOKIES) ARE PROCESSED AND STORED IN THE UNITED STATES, WHICH MAY NOT OFFER THE SAME LEVEL OF PRIVACY PROTECTION AS THE COUNTRY WHERE YOU RESIDE OR ARE A CITIZEN. BY USING THE SERVICES AND PROVIDING INFORMATION TO US, YOU CONSENT TO THE TRANSFER TO AND PROCESSING OF THE INFORMATION IN THE UNITED STATES.
This Privacy Policy is incorporated into and made a part of Boxlight’s Terms of Use. If you have not done so already, please also review the Terms of Use.
California Residents: If you are a resident of California you may have additional rights regarding your personal information. Please review our California Consumer Privacy Act (“CCPA”) Notice regarding your rights under the CCPA.
Any questions or concerns regarding Boxlight’s privacy and data protection practices can be directed to our Data Protection Lead at [email protected] or by calling (360) 464-2119.
PERSONAL DATA WE COLLECT
Boxlight collects data to provide the Products and Services you request, ease your navigation on our Sites, communicate with you, and improve your experience using our Products and Services. Some of this information is provided by you directly, such as when you create an account on our Sites, request a trial and/ or purchase a Product or Service. Some of the information is collected through your interactions with our Sites, Products and Services. We collect such data using technologies like cookies and other tracking technologies, error reports, and usage data collected when you interact with Boxlight Sites, Services or Products running on your device.
We also obtain data from third parties or use third parties to assist us with data collection. For example,, we may supplement the data we collect as described in this section by purchasing demographic data from other companies. We also use services from other companies to help us determine a location based on your IP address notably to customize certain services to your location. In addition, we utilize third-party services to collect usage data.
The data we collect depends on the Sites, Products, Services and features thereof that you use, and includes the following:
Name and contact data. We collect your first and last name, email address, postal address, phone number, and other similar contact data.
Credentials. We process passwords and related security information used for authentication and account access and information security purposes.
Payment data. We collect data necessary to process your payment if you make purchases, such as your payment instrument number (such as a credit card number).
Usage data. We collect personalized information about your use of our Sites, Products and Services, to better understand uses thereof and identify potential improvements, as well as to send you promotional communications or offers tailored to your use of our Sites, Products and Services and interest thereto.
Examples include:
Information on the web pages you visit on and off our Sites and the search terms you enter on our Sites.
Information regarding the performance of our Sites, Products and Services and any problems you may experience while using them. This information enables us to diagnose problems and offer support in resolution.
Data about your device and the network you use to connect to our Sites, including IP address, device identifiers, and regional and language settings.
Web requests. For our Sites, we collect information regarding every web request sent to the relevant servers. This information is used to provide support, as well as to assess usage and performance of our Sites. The data collected for each request can include such things as timestamps, any exception messages, user agent, IP address, email address, request time and duration, as well as files names.
Location data. We collect your IP address and infer location such as city or postcode therefrom, when necessary in order to provide you with the Sites, Products and Services or to send you promotional communications or for customer relationship management purposes.
Content. We may collect the content of messages you send to us, such as comments you post on our blog, feedback or questions you ask our technical support representatives, when necessary to provide you with the Sites, Products and Services you use. We will collect and utilize any data files you send to us for troubleshooting and improving our Products and Services. When you contact us, phone conversations or chat sessions with our representatives may be monitored and recorded in order to improve our services, facilitate the processing and resolution of your request or complaint.
Surveys and Studies. We may ask you to participate in a survey or study; and may request information from you. Participation is voluntary, and you have the choice of whether to disclose any requested information.
HOW WE USE PERSONAL DATA
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data for the following lawful purposes:
Where we need to perform the contract we are about to enter into or have entered into with you (“performance of a contract”).
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (“legitimate business interest”).
Where we need to comply with a legal or regulatory obligation (“legal obligation”).
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Boxlight uses information that we collect from customers and visitors for the purposes of:
providing our Sites, Products, and Services (performance of a contract);
providing ongoing support (performance of a contract);
communicating with you, including promotional communications and customer relationship management (“CRM”) (legitimate business interest);
providing information about other Sites, Products, and Services (legitimate business interest);
helping us run our company, for example to improve our Sites, Products, and Services or our security, train staff or perform marketing activities, including CRM (legitimate business interest);
complying with our legal obligations (legal obligation); and
accounting and other administrative purposes (legitimate business interest and legal obligation).
Examples of the uses of information include:
Providing Sites, Products, and Services. We use data to carry out your transactions with us and to provide Sites, Products, and Services to you. Often, this includes personal data such as email, name and address.
Customer support. We use data to diagnose and address problems and provide other customer and support services.
Product activation. We use data, including device and application type, location, and unique device, application, network and subscription identifiers to activate software and devices that require activation.
Software Updates. Unless you have disabled the functionality of our software update manager, our software products periodically communicate with our servers to perform functions such as checking for updates.
Improving Product and Services. We use data to continually improve our Sites, Products, and Services, including adding new features or capabilities. Data is collected throughout your interactions with our Sites, Products, and Services that enable us to understand customer usage and tailor future capabilities.
We track general, non-personalized information (e.g., operating system, browser version and type of device being used) to know how many people visit specific pages of our Sites or utilize specific areas of our Products and Services so that we may improve those Products and Services. We may use your IP address to customize services to your location, such as the language displayed on our Sites.
Our Cookies Policy explains how we use cookies and similar technologies to collect information about the way you use our Sites, Products and Services, and how to control them.
Please note that we use IP addresses on a highly restrictive basis to analyze trends, to administer the site, and to collect general information for aggregate use.
Service Communications. We use data we collect to deliver and personalize our communications with you. For example, we may contact you by email or other means to notify you of changes in information and updates to our Sites, Products, and Services or to our Privacy Policy.
Marketing and event communication. We use personal data to deliver marketing and event communications to you across various platforms, such as email, direct mail, social media, and online via our Sites. We also may send you invitations to trade shows or trainings relating to our Products and Services that occur nearby you, based on your address.
Third parties may also market to you on our behalf based on your use of their third-party services. For example, some conference and tradeshow organizers may collect precise geo-location (latitude and longitude) data when you grant permission through your mobile device’s system settings. Once you give permission, the tradeshow organizer may use your mobile device’s GPS, Bluetooth or Wi-Fi connections to serve geo-targeted information about Boxlight, such as booth location. You should consult and review the relevant third-party privacy statement or policy for information on their data processing practices.
If we send you a marketing email, it will include instructions on how to opt out of receiving these emails in the future. For information about managing email subscriptions and promotional communications, please visit the Your Rights Regarding Personal Data section of this privacy statement. Please remember that even if you opt out of receiving marketing emails, we may still send you important service information related to your accounts and subscriptions.
Processing Payments. If you make a payment to Boxlight, we will ask for Payment Information and other information requested for processing your payment.
We use a third party payment processor, currently PayPal, to assist in securely processing your Payment Information. If you choose to use PayPal to make purchases through the Site, you will be directed to the PayPal website and provide your payment information directly to PayPal. We do not store your Payment Information and do not control and are not responsible for PayPal or its collection or use of your information. PayPal’s privacy policy applies to the information you provide on the PayPal website. You may find out more about how PayPal stores and uses your Payment Information by accessing the Privacy Policy for PayPal’s services (see https://www.paypal.com/us/webapps/mpp/ua/privacy-full).
HOW WE SHARE PERSONAL DATA
It is the policy of Boxlight and its subsidiaries to protect users’ information both online and off-line. Access to our users’ information is restricted to only those employees or agents, contractors or subcontractors of Boxlight who have valid reasons to access this information to perform any service you have requested or authorized, or for any other purpose described in this Privacy Policy. The information you provide will not be sold or rented to third parties.
We may provide your personal data to:
Boxlight-controlled affiliates and subsidiaries, located in and outside your country, including outside the United Kingdom (UK), Switzerland, European Union (EU) or European Economic Area (EEA) (in such case, we will use an appropriate legal framework to operate data transfers);
outsourced service providers who perform functions on our behalf, located inside or outside of the UK, Switzerland, EU or EEA territory (in such case, we will use appropriate legal framework to operate data transfers). For example, when you provide payment data to make a purchase, we will share payment data with banks and other entities that process payment transactions or provide other financial services, and for fraud prevention and credit risk reduction;
our authorized agents and representatives, located inside or outside of the UK, Switzerland, EU or EEA territory (in such case, we will use appropriate legal framework to operate data transfers), who sell products or provide services on our behalf, such as training service providers or product resellers;
anyone expressly authorized by you to receive your personal data;
anyone to whom we are required by law to disclose personal data, upon valid and enforceable request thereof.
Finally, we will access, disclose and preserve personal data, including Your Content, when we have a good faith belief that doing so is necessary to:
comply with applicable law or respond to valid legal processes, including from law enforcement or other government agencies, upon valid and enforceable request thereof; or
operate and maintain the security of our Services, including to prevent or stop an attack on our computer systems or networks.
Please note that some of our Services may direct you to services of third parties whose privacy practices differ from Boxlight’s. If you provide personal data to any of those services, your data is governed by their privacy statements or policies. Boxlight and their subsidiaries are not responsible for the privacy practices of these other sites. Please review the privacy policies for these websites to understand how they process your information.
We require third parties to only use your personal data for the specific purpose for which it was given to us and to protect the privacy of your personal data. We will only disclose your personal data to third parties who agree to keep your information confidential.
HANDLING OF PERSONAL DATA
Security of Personal Data
Boxlight is committed to protecting the security of your personal data. Depending on the circumstances, we may hold your information in hard copy and/or electronic form. For each medium, we use technologies and procedures to protect personal data. We review our strategies and update as necessary to meet our business needs, changes in technology, and regulatory requirements.
These measures include, but are not limited to, technical and organizational security policies and procedures, security controls and employee training.
You are responsible for maintaining the security of your account credentials for the Sites, Products, and Services. Boxlight will treat access to the Sites, Products, and Services through your account credentials as authorized by you. Unauthorized access to password-protected or secure areas is prohibited and may lead to criminal prosecution. We may suspend your use of all or part of the Services without notice if we suspect or detect any breach of security. If you believe that information you provided to us is no longer secure, please notify us immediately using the contact information provided below.
If we become aware of a breach that affects the security of your personal data, we will provide you with notice as required by applicable law. To the extent permitted by applicable law, Boxlight will provide any such notice that Boxlight must provide to you at your account’s email address. By using the Sites, Products, and Services you agree to accept notice electronically.
Storage and Transfer of Personal Data
Personal data collected by Boxlight may be stored and processed in your region, in the United States or in any other country where Boxlight, its affiliates or contractors maintain facilities, including outside the European Union or EEA. We take steps to ensure that the data we collect under this Privacy Policy is processed pursuant to the terms thereof and the requirements of applicable law wherever the data is located.
Boxlight also collaborates with third parties such as cloud hosting services and suppliers located around the world to serve the needs of our business, workforce, and customers. In some cases, we may need to disclose or transfer your personal data within Boxlight or to third parties in areas outside of your home country. When we do so, we take steps to ensure that personal data is processed, secured, and transferred according to applicable law.
If you would like to know more about our data transfer practices, please contact our Data Protection Lead at [email protected].
Retention of Personal Data
Boxlight retains personal data for as long as necessary to provide the services and fulfill the transactions you have requested, or for other business purposes such as complying with our legal obligations, resolving disputes, and enforcing our agreements. We are required by law to keep some types of information for certain periods of time (e.g. statute of limitations). If your personal data is no longer necessary for the legal or business purposes for which it is processed, we will generally destroy or anonymize that information.
YOUR RIGHTS REGARDING YOUR PERSONAL DATA
Boxlight respects your right to access and control your personal data. You have choices about the data we collect. When you are asked to provide personal data that is not necessary for the purposes of providing you with our Sites, Products and Services, you may decline. However, if you choose not to provide data that is necessary to provide a Service, you may not have access to certain features, Sites, Products, or Services.
We aim to keep all personal data that we hold accurate, complete and up-to-date. While we will use our best efforts to do so, we encourage you to tell us if you change your contact details. If you believe that the information we hold about you is incorrect, incomplete or out-of-date, please contact [email protected] or call (360) 464-2119.
Access to personal data: In some jurisdictions, you have the right to request access to your personal data. In these cases, we will comply, subject to any relevant legal requirements and exemptions, including identity verification procedures. Before providing data to you, we will ask for proof of identity and sufficient information about your interaction with us so that we can locate any relevant data. We may also charge you a fee for providing you with a copy of your data (except where this is not permissible under local law).
If you are a corporate user of our Products and Services (which means your employer is a Boxlight customer of such Products and Services): please first request access to your personal data with your employer. Your employer will then be in touch with us with respect to your request.
Correction and deletion: In some jurisdictions, you have the right to correct or amend your personal data if it is inaccurate or requires updating. You may also have the right to request deletion of your personal data. Please note that such a request could be refused because your personal data is required to provide you with the products or services you requested, e.g. to deliver a product or send an invoice to your email address, or that it is required by the applicable law.
Portability: If you reside within the UK, Switzerland, European Union or EEA, you have the right to ask for a copy of your personal data and/or ask for it to be ported to another provider of your choice. Please note that such a request could be limited to the only personal data you provided us with or that we hold at that given time and subject to any relevant legal requirements and exemptions, including identity verification procedures.
If you are a corporate user of our Products and Services (which means your employer is a Boxlight customer of such Products and Services): please first request access to your personal data with your employer. Your employer will then be in touch with us with respect to your request.
Marketing preferences: If you have provided us with your contact information, we may, subject to any applicable Spam Act or similar regulation, contact you via e-mail, postal mail or telephone about Boxlight products, services and events that may be of interest to you, including our newsletter.
E-mail communications you receive from Boxlight will generally provide an unsubscribe link allowing you to opt-out of receiving future e-mail or to change your contact preferences. E-mail communications may also include a link to directly update and manage your marketing preferences. Please remember that even if you opt out of receiving marketing emails, we may still send you important information related to your accounts and subscriptions.
You can request changes to your account by contacting Boxlight via email, postal mail, telephone or fax at the appropriate location found at: https://boxlight.com/contact-us/ or by emailing [email protected].
California Shine the Light Law: California Civil Code Section 1798.83 permits users who are California residents to obtain from us once a year, free of charge, a list of third parties to whom we have disclosed personal information (if any) for direct marketing purposes in the preceding calendar year. If you are a California resident and you wish to make such a request, please send an e-mail with “California Privacy Rights” in the subject line to [email protected] or write us at: Boxlight, Inc., 2750 Premier Parkway, Suite 900, Duluth, GA 30097.
COOKIES & SIMILAR TECHNOLOGIES
Boxlight uses cookies (small, often encrypted, text files that are stored on your computer or mobile device) and similar technologies (“Cookies”) to provide our Sites and help collect data. This Cookies Policy explains how we use Cookies to collect information about the way you use our Sites and how you can control them.
How We Use Cookies
We use Cookies to track how you use our Sites by providing usage statistics. Cookies are also used to deliver Company information (including updates) and allow product authentication to you based upon your browsing history and previous visits to the Sites. Information supplied to us using cookies helps us to provide a better online experience to our visitors and users and send marketing communications to them, as the case may be.
While this information on its own may not constitute your “personal data”, we may combine the information we collect via Cookies with personal data that we have collected from you to learn more about how you use our Sites to improve them.
Types of Cookies
We use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your device until you delete them). To make it easier for you to understand why we need them, the Cookies we use on our Sites and Products can be grouped into the following categories:
Strictly Necessary: These Cookies are necessary for the Sites and Products to work properly. They include any essential authentication and authorization cookies for our Products and Services.
Functionality: These Cookies enable technical performance and allow us to “remember” the choices you make while browsing our Sites, including any preferences you set. They also include sign-in and authentication cookies and IDs that enable you to return without additional sign-in.
Performance/Analytical: These Cookies allow us to collect certain information about how you navigate the Sites or utilize the Products running on your device. They help us understand which areas you use and what we can do to improve them.
Targeting: These Cookies are used to deliver relevant information related to our Products and Services to an identified machine or other device (not a named or otherwise identifiable person) which has previously been used to visit our Sites. Some of these types of Cookies on our Sites are operated by third parties with our permission and are used to identify advertising sources that are effectively driving customers to our Sites.
Here is a representative list of the cookies we use.
Provider | Cookie Name | Category | Purpose / Duration |
Google Analytics | _utmt | Performance/Analytical | Used to throttle request rate. Lasts 10 minutes. |
Google Analytics | _utma | Performance / Analytical | Used to distinguish users and sessions. The cookie is created when the javascript library executes and no existing __utma cookies exists. The cookie is updated every time data is sent to Google Analytics. Lasts 2 years from set/update. |
Google Analytics | _utmb | Performance / Analytical | Used to determine new sessions/visits. The cookie is created when the javascript library executes and no existing __utmb cookies exists. The cookie is updated every time data is sent to Google Analytics. Lasts 30 mins from set/update |
Google Analytics | _utmz | Performance / Analytical | Stores the traffic source or campaign that explains how the user reached your site. The cookie is created when the javascript library executes and is updated every time data is sent to Google Analytics. Lasts 6 months from set/update. |
Google Analytics | _utmz | Performance / Analytical | Used to store visitor-level custom variable data. This cookie is created when a developer uses the _setCustomVar method with a visitor level custom variable. This cookie was also used for the deprecated _setVar method. The cookie is updated every time data is sent to Google Analytics. Lasts 2 years from set/update. |
Google Analytics | _ga | Performance / Analytical | Used to distinguish users. Lasts 2 Years |
Google Analytics | _ | Performance / Analytical | Used to distinguish users. Lasts 2 Years |
Google Analytics | _dc_gtm_ | Performance / Analytical | Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_<property-id> Lasts 1 Minute |
Google Analytics | AMP_TOKEN | Contains a token that can be used to retrieve a Client ID from AMP Client ID service. Other possible values indicate opt-out, inflight request or an error retrieving a Client ID from AMP Client ID service. Lasts 30 seconds to a year. | |
Google Analytics | _gac_<property-id> | Performance / Analytical | Contains campaign related information for the user. If you have linked your Google Analytics and Google Ads accounts, Google Ads website conversion tags will read this cookie unless you opt-out.(NOTE: We currently are not using Google ads, however we may someday in the future) |
Google Analytics | __utmx | Performance / Analytical | Used to determine a user’s inclusion in an experiment. Lasts 18 months |
Google Analytics | __utmxx | Performance / Analytical s | Used to determine the expiry of experiments a user has been included in. Lasts 18 months |
WordPress | PHPSESSID | Strictly Necessary | Stores the session ID. When the user’s browser is closed. |
HubSpot | __hs_opt_out | Strictly Necessary | Opt out of HubSpot tracking. Lasts 13 months |
HubSpot | __hssc | Targeting | HubSpot Analytics. Lasts 30 minutes |
HubSpot | __hssrc | Targeting | HubSpot Analytics. When the user’s browser is closed. |
HubSpot | __hstc | Targeting | HubSpot Analytics. Lasts 13 months |
Google Analytics | _gcl_au | Performance / Analytical | Used by Google AdSense for experimenting with advertisement. Lasts 3 months |
Google Analytics | _gid | Performance / Analytical | Used by Google Analytics to distinguish users. Lasts 24 hours |
HubSpot | hubspotutk | Strictly Necessary | HubSpot Analytics. Lasts 13 months |
GDPR Cookie Compliance Plugin | moove_gdpr_popup | Strictly Necessary | Used by the GDPR cookie plugin on the site. Lasts 2 years |
WooCommerce | tk_ai | Performance / Analytical | Used by WooCommerce for tracking (no personal data). When the user’s browser is closed. |
Cookies Set by Third Party Sites
To enhance our content and to deliver a better online experience for our users, we sometimes embed images and videos from other websites on the Sites. We currently use, and may in future use content from Sites such as Facebook, LinkedIn and Twitter. You may be presented with Cookies from these third-party websites. Please note that we do not control these Cookies. The privacy practices of these third parties will be governed by the parties’ own privacy statements or policies. We are not responsible for the security or privacy of any information collected by these third parties, using cookies or other means. You should consult and review the relevant third-party privacy statement or policy for information on how these cookies are used and how you can control them.
We also use Google, a third-party analytics provider, to collect information about Services usage and the users of the Services, including demographic and interest-level information. Google uses cookies in order to collect demographic and interest-level information and usage information from users that visit the Services, including information about the pages where users enter and exit the Services and what pages users view on the Services, time spent, browser, operating system, and IP address. Cookies allow Google to recognize a user when a user visits the Services and when the user visits other websites. Google uses the information it collects from the Services and other websites to share with us and other website operators’ information about users including age range, gender, geographic regions, general interests, and details about devices used to visit websites and purchase items. We do not link information we receive from Google with any of your personally identifiable information. For more information regarding Google’s use of cookies, and collection and use of information, see the Google Privacy Policy (available at https://policies.google.com/privacy?hl=en). If you would like to opt out of Google Analytics tracking, please visit the Google Analytics Opt-out Browser Add-on (available at https://tools.google.com/dlpage/gaoptout).
Social Sharing
We also embed social sharing icons throughout our Sites. These sharing options are designed to enable users to easily share content from our Sites with their friends using a variety of different social networks. If you choose to connect using a social networking or similar service, we may receive and store authentication information from that service to enable you to log in and other information that you may choose to share when you connect with these services. These services may collect information such as the web pages you visited and IP addresses, and may set cookies to enable features to function properly. We are not responsible for the security or privacy of any information collected by these third parties. You should review the privacy statements or policies applicable to the third-party services you connect to, use, or access. If you do not want your personal data shared with your social media account provider or other users of the social media service, please do not connect your social media account with your account for the Services and do not participate in social sharing on the Services.
Other Similar Technologies
Boxlight web pages may use other technologies such as web beacons to help deliver cookies on our Sites and count users who have visited those Sites. We also may include web beacons in our promotional email messages or newsletters to determine whether you open and act on them as well as for statistical purposes.
In addition to standard cookies and web beacons, our services can also use other similar technologies to store and read data files on your computer. This is typically done to maintain your preferences or to improve speed and performance by storing certain files locally.
How to Control and Delete Cookies
Cookies can be controlled, blocked or restricted through your web browser settings. Information on how to do this can be found within the Help section of your browser. All Cookies are browser specific. Therefore, if you use multiple browsers or devices to access websites, you will need to manage your cookie preferences across these environments.
If you are using a mobile device to access the Sites, you will need to refer to your instruction manual or other help/settings resource to find out how you can control cookies on your device.
Please note: If you restrict, disable or block any or all Cookies from your web browser or mobile or other device, the Sites may not operate properly, and you may not have access to our Products and Services available through the Sites. Boxlight shall not be liable for any impossibility to use the Sites, Products and Services or degraded functioning thereof, where such are caused by your settings and choices regarding cookies.
To learn more about cookies and web beacons, visit www.allaboutcookies.org.
Do Not Track: Some web browsers (including Safari, Internet Explorer, Firefox and Chrome) incorporate a “Do Not Track” (“DNT”) or similar feature that signals to websites that a user does not want to have his or her online activity and behavior tracked. If a website that responds to a particular DNT signal receives the DNT signal, the browser can block that website from collecting certain information about the browser’s user. Not all browsers offer a DNT option and DNT signals are not yet uniform. For this reason, many website operators, including Boxlight, do not respond to DNT signals.
PRIVACY NOTICE FOR GOOGLE INTEGRATION WITHIN MYCLASS (ALSO KNOWN AS MIMIOCONNECT)
MyClass integrates with Google Classroom SSO (Single Sign-on) which provides benefits such as roster synchronization, and sending assignments and grades directly to Google Classroom. As part of this process, when logging in with a teacher account for the first time, MyClass will prompt users to agree to share specific data with the application to allow it to provide this functionality. Once agreed, MyClass fetches your class roster information for display within the application, and it will synchronize this information automatically every 24 hours. MyClass stores a copy of each student’s email address to validate their login when signing in with Google Classroom SSO. The student’s information (including email) will remain on our system until all teachers who have the student listed in any Google Classroom rosters have either removed the student from their class roster directly within Google Classroom, or have deleted their account on MyClass. At this point, the student will no longer be able to sign into MyClass.
MyClass also provides optional integration with Google Drive via the Google Drive API. This enables your Google Drive files (such as documents and multimedia) to be uploaded to our servers for use within your MyClass lesson. Any copies of files uploaded will remain on our servers until they are removed, or until the lesson where the files are contained is removed. Removing or editing the original Google Drive file will not affect your MyClass copy, and removing your MyClass copy will not affect your original file in Google Drive.
Restricted scopes:
https://www.googleapis.com/auth/drive.readonly
Description: Allows read-only access to file metadata and file content.
Sensitive scopes:
https://www.googleapis.com/auth/classroom.profile.emails
Description: View the email addresses of people in your classes
MyClass’s use of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements:
Boxlight will limit use of data to providing or improving user-facing features that are prominent in the requesting application’s user interface
Boxlight will only transfer the data to others if necessary to provide or improve user-facing features that are prominent in the MyClass user interface. We may also transfer data as necessary to comply with applicable law or as part of a merger, acquisition, or sale of assets with notice to users.
Boxlight will not use or transfer the data for serving ads, including retargeting, personalized, or interest-based advertising
Boxlight will ensure the data is not read by humans unless:
Boxlight first obtained the user’s affirmative agreement to view specific messages, files, or other data, with the limited exception of use cases approved by Google under additional terms applicable to the Nest Device Access program;
It is necessary for security purposes (such as investigating a bug or abuse);
It is necessary to comply with applicable law; or
Boxlight’s use is limited to internal operations and the data (including derivations) have been aggregated and anonymized.
As listed on the Google API Services User Data Policy, the Google API scope(s) requested fall under permitted application type of “Productivity and Educational Applications” via the MyClass user interface. Your use of Google APIs with MyClass is subject to each API’s respective terms of service. See Google APIs Terms of Service.
CHILDREN’S PRIVACY
The Children’s Online Privacy Protection Act of 1998 and its rules (collectively, “COPPA”) require us to inform parents and legal guardians (as used in this section, “parents”) about our practices for collecting, using, and disclosing personal information from children under the age of 13 (“children”).
TEACHERS OF STUDENTS UNDER 13 MUST OBTAIN CORRECT PARENTAL CONSENT AS REQUIRED BY THEIR SCHOOL POLICY (INCLUDING FOR COPPA AND THE FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT) AND MUST COMPLY WITH THE PRIVACY LAWS OF THEIR JURISDICTION, BEFORE ADDING STUDENTS TO THE SITES, PRODUCTS, OR SERVICES.
This section only applies to students and children under the age of 13 and supplements the other provisions of this Privacy Policy.
Information We Collect from Children
Boxlight only stores the minimal amount of identifiable information necessary for students to use our Services directed to children and students (“Children’s Services”), specifically, an email address. We store a student’s email address on our system when they are added to the system as a student by a teacher. Other data such as first and last names are read in and stored into web storage upon signing into the Children’s Services, and are displayed to the student and teachers on their own devices. This information is cleared when the tab or browser is closed. For students, we collect the amount of time spent on activities available through the Services, such as, the amount of time spent on each tile in the timeline. Teachers are able to access and view the time spent on activities and tiles for their students.
We collect other information when students use our service such as the amount of time students spend using the Services and the actions performed by students such as logging in and out, and the pages students visit. These are for analytical purposes used by Boxlight, teachers, and school administrators.
How We Use Your Child’s Information
Student’s email addresses are added to lessons as per the student’s teacher’s requirements. Student’s email addresses will be automatically deleted from our system 12 months after the students last recorded login date.
We use the non-personal information we collect to improve the Children’s Services and to deliver a better and more personalized experience.
Our Practices for Disclosing Children’s Information
We do not sell or rent children’s personal information.
We may disclose aggregated information about many of our users, and information that does not identify any individual or device. In addition, we may disclose children’s personal information:
To third parties we use to support the internal operations of our Children’s Services.
If we are required to do so by law or legal process, such as to comply with any court order or subpoena or to respond to any government or regulatory request.
If we believe disclosure is necessary or appropriate to protect the rights, property, or safety our company, our customers or others, including to:
protect the safety of a child;
protect the safety and security of the Children’s Services; or
enable us to take precautions against liability.
To law enforcement agencies or for an investigation related to public safety.
In addition, if the Company is involved in a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of the Company’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding or event, we may transfer the personal information we have collected or maintain to the buyer or other successor.
Accessing and Correcting Your Child’s Personal Information
At any time, you may review your child’s personal information maintained by us, require us to correct or delete the personal information, and/or refuse to permit us from further collecting or using your child’s information.
You can review, change, or delete your child’s personal information by sending us an email at [email protected]. To protect your privacy and security, We may require you to take certain steps or provide additional information to verify your identity before we provide any information or make corrections.
California Minors: If you are a California resident who is under age 18 and you are unable to remove publicly-available content that you have submitted to us, you may request removal by contacting us at: [email protected]. When requesting removal, you must be specific about the information you want removed and provide us with specific information, such as the URL for each page where the information was entered, so that we can find it. We are not required to remove any content or information that: (1) federal or state law requires us or a third party to maintain; (2) was not posted by you; (3) is anonymized so that you cannot be identified; (4) you don’t follow our instructions for removing or requesting removal; or (5) you received compensation or other consideration for providing the Content or information. Removal of your content or information from the Service does not ensure complete or comprehensive removal of that content or information from our systems or the systems of our service providers. We are not required to delete the content or information posted by you; our obligations under California law are satisfied so long as we anonymize the content or information or render it invisible to other users and the public.
Data Privacy Framework Principles
Boxlight, Inc. (“Boxlight,” “our,” “we” or “us”) complies with the EU-U.S. Data Privacy Framework and the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce (collectively, the “Data Privacy Framework Principles”). Boxlight has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. Data Privacy Framework and the UK Extension to the EU-U.S. Data Privacy Framework. Boxlight has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. Data Privacy Framework. If there is any conflict between the terms in this privacy policy and the EU-U.S. Data Privacy Framework Principles and/or the Swiss-U.S. Data Privacy Framework Principles, the Principles shall govern. To learn more about the Data Privacy Framework Program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
Please see our Data Privacy Framework Policy for information about Boxlight’s data practices regarding personal information it receives from European Union member countries and EEA countries, the United Kingdom, and Switzerland pursuant to the respective Data Privacy Frameworks. To learn more about the Data Privacy Framework program generally, and to view Boxlight’s certification, please visit https://www.dataprivacyframework.gov/s/.
For purposes of enforcing compliance with the Data Privacy Framework Principles, Boxlight is subject to the investigatory and enforcement authority of the US Federal Trade Commission.
Under certain conditions, you may invoke binding arbitration when other dispute resolution procedures have been exhausted. The availability of binding arbitration is described more fully on the Data Privacy Framework website at: https://www.dataprivacyframework.gov/s/article/How-to-Submit-a-Complaint-Relating-to-a-Participating-Organization-s-Compliance-with-the-DPF-Principles-dpf.
Boxlight’s U.S. affiliates also adhere to the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce. These affiliates include Boxlight Corporation, EOSEDU, LLC, and FrontRow Calypso LLC.
THE GENERAL DATA PROTECTION REGULATION (“GDPR”)
If you reside within the UK, Switzerland, European Union or EEA you may be entitled to other rights under the GDPR. These rights are summarized below. We may require you to verify your identity before we respond to your requests to exercise your rights. If you are entitled to these rights, you may exercise these rights with respect to your personal data that we collect and store:
the right to withdraw your consent to data processing at any time (please note that this might prevent you from using certain aspects of the Portal, the Services, or the Portal or Services altogether);
the right of access your personal data;
the right to request a copy of your personal data;
the right to correct any inaccuracies in your personal data;
the right to erase your personal data;
the right to data portability, meaning to request a transfer of your personal data from us to any other person or entity as chosen by you;
the right to request restriction of the processing of your personal data; and
the right to object to processing of your personal data.
You may exercise these rights free of charge. These rights will be exercisable subject to limitations as provided for by the GDPR. Any requests to exercise the above listed rights may be made to: [email protected].
In compliance with the EU-U.S. Data Privacy Framework and the UK Extension to the EU-U.S. Data Privacy Framework and the Swiss-U.S. Data Privacy Framework, Boxlight commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. Data Privacy Framework and the UK Extension to the EU-U.S. Data Privacy Framework and the Swiss-U.S. Data Privacy Framework to the International Centre for Dispute Resolution (IDCR), an alternative dispute resolution mechanism operated by the American Arbitration Association. If you do not receive timely acknowledgment of your Data Privacy Framework Principles-related complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://go.adr.org/dpf_irm.html for more information or to file a complaint. The services of ICDR are provided at no cost to you.
International Transfers of Personal Data
Whenever we transfer your personal data out of the UK, Switzerland, EU or EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
European Commission Standard Contractual Clauses: We may use specific contracts approved by the European Commission which give personal data the same protection it has in the EU. Please see our Data Protection Addendum for more information.
Data Privacy Framework Principles: Boxlight continues to comply with ongoing Data Privacy Framework Principles obligations with respect to DPF Personal Data transferred to us from the UK, Switzerland, EU or European Economic Area in reliance on the EU-U.S. Data Privacy Framework Principles, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework (as set forth by the U.S. Department of Commerce) despite a July, 16, 2020 ruling the by the Court of Justice of the European Union invalidating the EU-U.S. Data Privacy Shield Framework, the predecessor to the EU-US Data Privacy Framework Principles. Please see our Data Privacy Framework Policy for more information. In the event of any conflict or inconsistency between the Data Privacy Framework Principles and the Standard Contractual Clauses, the Standard Contractual Clause shall prevail.