Privacy Policy
Effective Date of Policy (Last Update): August 15, 2024
COMMON SENSE MEDIA PRIVACY POLICY
Welcome! Below you will find the Privacy Policy (hereinafter "Privacy Policy" or "Policy") for Common Sense Media, Inc. ("Common Sense", "we" or "us"). We are dedicated to protecting your privacy and handle the Personal Information we obtain with care and respect.
Throughout this Privacy Policy we use certain terms as defined in the Glossary section at the end of the Policy. For ease of reference, we have capitalized those terms. Please refer to the Glossary so that you can better understand the terminology we use.
At Common Sense Media, we value your privacy. And since privacy policies can be very long, we have created a summary of the key concepts of this Policy here to make our practices more accessible to you.
This Policy describes how we collect, use, and share information that can reasonably be used to identify a natural person directly or indirectly (“Personal Information”). It covers Personal Information collected from users of the Common Sense Media website, www.commonsensemedia.org (the "Site"), and all other applications ("Apps"), services, and websites that link to this Privacy Policy (collectively, the "Services"). However, this Privacy Policy does not apply to the following information:
- Human resources data: This Policy does not describe how we handle Personal Information collected in the context of employment.
- Business-to-business communications: Except as outlined in our EEA+ Privacy Policy below, this Policy does not describe how we collect and use the Personal Information of individuals that act as personnel of organizations with which we transact business or otherwise collaborate. For example, our collection and use of information of personnel of educational institutions we provide services to is not covered by this Policy.
- Properties subject to separate privacy notices and surveys: Please be aware that Common Sense Media also maintains certain websites and apps, which are governed by their own privacy notices. In addition, surveys are governed by the privacy notices displayed in the survey, which may differ from this Privacy Policy. If you are using another Common Sense Media website or app or responding to a survey, please be sure to consult the applicable notice.
- Information Controlled by third parties: This Policy does not apply to information Controlled by third parties (including Payment Services, and affiliates such as Common Sense Media UK and Bandio PBC). For information about how independently Controlling third parties handle your Personal Information please refer to their policies. The privacy notice for Bandio PBC is available here.
The Services are operated by Common Sense Media, a nonprofit organization in the United States. Please see our separate Terms of Use, which governs the use of the Services. Subject to our obligations (if any) under our Terms of Use, we may limit the availability of the Services, in whole or in part, to any person, geographic area or jurisdiction we choose, at any time in our sole discretion. NOTE:
- For Children for whom parental consent is required, aspects of the Children’s Privacy Policy apply. Please read our Children's Privacy Policy for information on how we collect, use, and disclose Children's Personal Information in compliance with the Children's Online Privacy Protection Act (“COPPA”) and other applicable laws.
- For individuals who reside in the European Economic Area or United Kingdom (EEA+) the terms of this Policy specific to individuals in the EEA+ are set out in Section VIII (Common Sense Media: EEA+ Privacy Policy).
- Our Services may link to a limited number of third-party websites or applications. We are not responsible for the practices of these third-party websites and applications.
We encourage you to read this Policy before using the Services and not to use the Services if you disagree with any part of this Policy. By using the Services or by clicking a box that states that you accept or agree to this Policy, you signify your agreement to this Policy. However, acceptance of this Policy does not limit any rights or remedies available to you by law.
I. OUR COLLECTION OF PERSONAL INFORMATION
A. Categories of Personal Information processed.
The table below describes the categories of Personal Information that we process:
Category of Personal Information collected | What does this include? |
Identity Data | Adult Members: Name, username or similar identifier, age, profile picture, and password and other log-in credentials. Adult Members’ children: If our Adult Members choose to provide it to us, we may also receive the ages and names of Adult Members’ children. Educator Members: (in addition the above) your school’s name, your professional title, grades and subjects taught, social media links, and your profile profile picture or other avatar. Teen Members: username or similar identifier, country of residence, month and year of birth, and password and other log-in credentials. |
Contact Data | Adult Members: zip/postal code and country of residence, email address. |
Parental Data | Your email address when it is provided by your Child where we need your parental consent to comply with applicable law. Any other Personal Information that you choose to provide us during the course of our correspondence relating to the administration of your Child’s Profile. |
Service Personalization Data | Adult and Teen Members: the preferences that you set by configuring your Profile to identify the topics and content you want to see as part of the Services (including in any emails you ask us to send). Adult Members’ children: we may obtain knowledge of your child’s preferences as a result of how you configure your Profile (e.g., by using our ‘For Your Family’ function) to identify the topics and content your children might want to see (including in any emails you ask us to send you). |
Communication Interaction Data | Adult Members: information about your engagement with our email newsletters that is collected by the “web beacons” referred to in our Cookie Policy. |
Payment Data | Subscribers: information necessary to process payments for your Common Sense Media subscription (including affecting renewals, if and as applicable), such as name, email address, phone number, payment card information (including name as shown on your card, billing address (street address, city, state, country, ZIP code), expiration date, security code and payment card number, and associated details of subscriptions purchased from us (including any relevant payments taken). |
Donation Data | Name (unless you want your donation to be anonymous), email address, phone number, payment card information (including name as shown on your card, billing address, expiration date, security code and payment card number) and the amount of your donation(s). |
Donor Analysis Data | Where available from the sources noted in the Donor Privacy Policy below: current and prospective donors’ biography data, contact data (email address and mailing address), financial status, income data, donation history, political contribution history, value of residence(s), and employment history. |
Analytics Data | We use Google Analytics to collect certain internet log information and the details of the behavior patterns of people who visit the Site. We configure Google Analytics to avoid collecting any information which could directly identify a person. We do not seek to identify those visitors whose interactions with the Site are being monitored. |
Technical Data | Data routinely collected by online services, such as browsing activity, Internet protocol (IP) address, your log-in data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the Services. Certain elements of this Technical Data may be associated with or collected via certain of the online identifiers described in our Cookie Policy. |
Review and User Submitted Data | Where you post a comment or submit a review on our Site, in addition to certain Identity Data attached to your account (which will depend on whether you are a Teen Member or an Adult Member), we will also collect any Personal Information that you choose to include in that content. |
Survey Data | Depending on the survey, in addition to certain Identity Data, Contact Data, and Technical Data, we will also collect any other information requested by, or that you submit in response to, a survey. This may include demographic data such as gender, race/ethnicity, income, education level, living situation, among other details about you. |
Event and Webinar Data | We need your email address (and in certain instances other requested Identity Data and Contact Data) to sign you up as attendee at events or webinars for which you register, and to provide you with the necessary details about that event or webinar. We may record some events and webinars. Where relevant, all presenters will have their image and audio, and relevant comments and opinions, published to attendees and captured in the recording. If you are an attendee and you choose to share your image and audio during an event or webinar — your image and audio will also be published to others at the event or webinar, and will be captured in any recording. If you are an attendee and you choose to otherwise participate or interact in an event or webinar (e.g., by submitting questions to a Q&A) — your questions and comments may be published to others at the event or webinar, and will also form part of the recording. |
We collect different types of Personal Information depending on whether you are a Visitor or a Member, and what type of Member you are.
- All Visitors: Visitors to the Services may opt-in to receive Common Sense Media email newsletters by providing their name, email address, and zip code. Note: that our newsletters are not intended for individuals under the age of 18. If you are a Member or Visitor under 18 you should not attempt to sign-up for our newsletters. We also may collect Personal Information that you choose to provide through surveys or questionnaires, such as demographic information, family information, professional information, feedback on your experience using the Services, and opinions on certain issues. Your participation in surveys and questionnaires is entirely voluntary. Surveys are governed by the privacy policies displayed in the survey, which may differ from this Policy.
- Participating in or using our other Services may involve the collection of Visitor Personal Information such as name, email address, phone number, mailing address, professional information, and social media handles/URLs.
- Adult Members: If you wish to become a Member, you must provide us with certain Personal Information as part of the registration process, including, for example, name, email address, and password. You may also choose to add a profile photo and username to your Member Profile. To personalize your experience on the Services and within our email newsletters, you may also optionally choose to provide us with information about your children, such as their ages, first names or nicknames, and the streaming services they use, as well as your preferences for what kind of content is suitable for your children.
- Subscribers may need to provide payment information, including name, email address, card brand, number, expiration, and code, and billing address to process donations and subscriptions. Common Sense receives address information; all other payment information is processed by a third party payment provider and not by us. See “B. Collection of Information by Our Service Providers” and DONOR SECTION for more information. Adult Members may choose to publish reviews on the Services regarding the age appropriateness and quality of books, television shows, books, games, and other forms of media.
- Educator Members: Educator Members are required to provide their name, email address, zip code or country (if outside of the United States), name and location of your worksite, e.g., school, and password. We provide you with the alternative option to register or login and link your Member account on the Services with a single-sign on service such as Google. These services will authenticate your identity and will share certain Personal Information that you allow us to collect, as discussed below. You can optionally provide additional information to your Profile such as a biographical details, profile picture, and links to social media accounts.
- Education Members may choose to publish reviews on the Services regarding the quality of education technologies and websites.
- Teen Members: If the Member is a Teen, we do not ask for name, but we do ask for birth month and year, country, username, password, and email address.
- Teen Members may choose to publish reviews on the Services regarding the age appropriateness and quality of books, television shows, books, games, and other forms of media.
- Child Members: To learn about our practices regarding children's Personal Information, please read our Children's Privacy Policy. When we intend to collect Children's Personal Information, we take additional steps to protect their privacy, including:
- Notifying parents about our information practices with regard to Children;
- Limiting our collection of Children's Personal Information to no more than is reasonably necessary to participate in an online activity; and
- Providing parents with access to, and the ability to request changes to or deletion of, Children's Personal Information that we have collected.
Note:
- For Adult Members and Educator Members, your first name and the first initial of your last name will be displayed next to any reviews that you post on our Services by default. Adult Members have the option to create a username in their Profile to display instead of their real name. Teen Members are identified by their username. Your username identifies you on the Services. For instance, YOUR USERNAME IS INCLUDED IN YOUR PROFILE THAT IS VIEWABLE BY OTHER MEMBERS, AND IS DISPLAYED WITH REVIEWS THAT YOU WRITE. SINCE THE USERNAME IS VIEWABLE BY OTHERS, WE SUGGEST THAT YOU NOT USE YOUR REAL NAME FOR YOUR USERNAME OR PASSWORD, TO PROTECT YOUR PRIVACY.
- For Adult Members, when you publish reviews on the Services, the ages of your children are displayed on the reviews by default. You can choose to make the ages of your children private in your Profile settings.
- For Educator Members, when you publish reviews on the Services, the name and location of your worksite are displayed the reviews by default. You can choose to make your worksite information private in your Profile settings.
- If you decide that you no longer want to be a Member, you can delete your account at any time. To delete your account, login to your account, visit your Account Settings page, and then click the "Close my Account" link located towards the bottom of the page. Once you delete your account, all of your Personal Information stored in your account and Profile on our Services will be removed and any reviews you posted will remain on the Services but the author name will switch to "anonymous" so your name will no longer be connected with your content (unless you have chosen to include your Personal Information in that content itself – in which we recommend you request that we remove all content associated with your account). If you wish to delete your reviews you may do so before you delete your account. Or, you can contact us at Contact Support and request that we delete your content (including reviews) and account for you.
- If you decide that you would like your posted reviews deleted from our Services, you can do this at any time by logging into your account, viewing the review or comment, and clicking the "delete" button. You can also send us an email at Contact Support with your username, date of submitted review or comment, and title of media type that was reviewed. Note: that your request or deletion does not ensure complete or comprehensive removal of the content or information, as, for example, some of your content may have been reposted by another user.
NOTE: THAT WE ARE NOT RESPONSIBLE FOR THE USE BY OTHERS OF ANY PERSONAL INFORMATION YOU DISCLOSE IN YOUR PROFILE OR ON PUBLIC-FACING AREAS OF THE SERVICES. - In addition to the Personal Information you provide to us while using our Services, we may receive Personal Information from other sources, such as Common Sense events, Common Sense education partners, activity on Common Sense social media platforms, and publicly and commercially available databases.
B. Collection of Information by Payment Services
Payment Data and Donation Data is processed directly by our Payment Services via payment service pages that we direct you to, or we incorporate into our Site or Apps.
When processing payments and donations on our behalf, Payment Services typically act as our ‘processor’ in respect Users’ Payment Data and Donation Data – essentially, this means that they only process your Payment Data and Donation Data for this limited purpose. However, Payment Services may also have their own legal and regulatory obligations that might require them to use your Payment Data and Donation Data for their own compliance-related purposes, e.g., security and fraud prevention. – THIS POLICY DOES NOT ADDRESS PAYMENT SERVICES’ PROCESSING OF PAYMENT DATA AND DONATION DATA FOR SUCH INDEPENDENTLY-DETERMINED PURPOSES, WHICH WILL BE SUBJECT TO THAT PAYMENT SERVICE'S PRIVACY POLICY RATHER THAN THIS POLICY.
C. Automatic data collection
We may automatically log information about you, your computer or mobile device, and your activity over time on our Services, such as:
- Device data, such as your computer’s or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type, e.g., phone, tablet, IP address, unique identifiers, language settings, mobile device carrier, radio/network information, e.g., WiFi, LTE, 3G, and general location information such as city, state or geographic area.
- Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to the Services, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access.
Some of our automatic data collection is facilitated by cookies and similar technologies. For information about our cookies and similar other technologies, what they do, and how to disable the non-necessary ones, please refer to our full Cookie Policy.
Certain information, like aggregated information or high-level location information, such as the browser language and country during the user session, is treated as non-Personal Information unless applicable law requires otherwise. We may use or disclose such information for any purpose. For instance, we may compile and share aggregate data about the geographic locations or other demographics of our Members, provided that this information does not personally identify any of these Members.
II. OUR USE OF PERSONAL INFORMATION
A. How We Use Personal Information
We use Personal Information for the following purposes:
- Fulfillment of Requests. We may use Personal Information about you to fulfill the purpose for which such information was provided, e.g., to send newsletters to you or respond to your requests or inquiries and provide related customer service.
- Additional Communications. If you register to become a Member of our community or sign up to receive one of our e-newsletters, we may use the Personal Information submitted in connection with your application to contact you with surveys or important communications regarding Common Sense Media. We may additionally use Personal Information to contact you about Common Sense content, features, opportunities, and products that may be of interest to you.
- Membership. If you become a Member, we may use your Personal Information to maintain and update your Profile and postings in our online reviews, surveys and polls. All content that you submit to the Services is governed by our Terms of Use. We may also use Personal Information to send updates and communications to our Members, such as our e-newsletters, surveys and other important Common Sense Media communications such as information regarding the Services or changes to our terms, conditions and policies.
- Internal Operations and Analysis. We may also use Personal Information about you for our internal business purposes, such as data analysis, audits, enhancing or modifying our products and services, and so forth.
- Law Enforcement; Emergencies; Compliance. We may also use your Personal Information for the purposes described in the Law Enforcement; Emergencies; Compliance below.
- Personalization: We may also use Personal Information to personalize your experience on the Services by presenting content and market opportunities and products tailored to you and to allow you to participate in sweepstakes, contests, and similar promotions and to administer these activities.
You may opt out of receiving our e-newsletters at any time by clicking the "unsubscribe" or “manage my email preferences” links at the bottom of newsletters or by visiting commonsense.org/contact and sending a request using our online form.
We will not sell or use your Personal Information for targeted advertising or for profiling in furtherance of decisions that produce legal or similar significant effects.
B. How We Use Information Collected Through Digital Citizenship Quizzes
Quizzes provided by Common Sense Education are available at the end of each lesson in the Digital Citizenship Curriculum. Each quiz includes 4-6 questions that have varied formats: multiple choice, drag and drop to complete a sentence, and drag and drop sorting. The quiz is auto graded and students can see their results immediately. The quizzes are intended to assess student understanding after the teacher has completed the corresponding lesson.
Common Sense quiz reports (for the entire class and individual student) are only accessible to a teacher who is authenticated with Google Classroom and who requests specific quiz reports on specified students authenticated with Google Classroom. Common Sense uses the data collected through Digital Citizenship Quizzes exclusively for the purpose of providing the CS Digital Curriculum services to the school districts using Common Sense's free online educational services. Common Sense works with the following third party service providers to provide Google Classroom integrated quizzes through the Digital Citizenship curriculum:
- Learning Locker
Learning Locker is a Learning Record Store (LRS) database-driven application and analytics tool designed specifically for the learning sector. Common Sense uses Learning Locker to store, sort and share data as recorded using the xAPI specification from Google Classroom. Learning Locker may collect and store the following information including, but not limited to: Google User ID, quiz_id, quiz name, start time, start date, quiz completion, stop time, stop date, quiz duration, quiz questions, alphanumeric answers, quiz grade, and quiz ranking. Please read Learning Locker’s privacy policy for more information. - Google Classroom
Google Classroom is a free web service developed by Google and part of the G Suite for Education to help schools streamline the process of sharing files between teachers and students. Students using Google Classroom can view assignments, submit homework, and receive grades from teachers to help them stay on track and organized. The G Suite for Education core services are the heart of Google’s educational offering to schools. The core services include Gmail, Calendar, Classroom, Contacts, Drive, Docs, Groups, Sheets, Sites, Slides, Talk/Hangouts and Vault. Please read Google Classroom’s privacy policy for more information.
The Google Classroom service provides Common Sense with a Google Classroom authenticated teacher’s class roster of student Google IDs. Only authenticated teachers can access student first and last names associated with Google IDs for quiz reporting purposes. Common Sense requests authorization from teachers to access their Google Classroom class roster of student Google IDs in order to combine all the specified student Google IDs present in the class roster with their respective Common Sense quiz submission data and quiz grades in order to generate class and individual student quiz reports for teachers. All quiz reports are generated on-demand by the Google Classroom authenticated teacher and are not stored or retained by Common Sense. When a teacher requests a "class roster" or individual “student” quiz report, Common Sense loads the teacher’s specified Google IDs from our third-party service provider Learning Locker and matches student IDs with Google Classroom to create and display a class roster quiz report for the entire class, or individual student report to produce a Google Classroom listing that includes student names paired with quiz scores. Common Sense and our third-party service providers do not store or retain any class or individual student report data.
C. How We Use Information Collected Via Cookies and Other Technologies
We use information collected via cookies, web beacons and other technologies as described in our Cookie Policy.
III. HOW WE DISCLOSE INFORMATION COLLECTED ON THE SERVICES
Except as expressly provided in this Policy, we will not share any Personal Information about you without your prior consent.
Profile Information. Each Member has a Profile on the Services. You can change or remove information from your Profile by logging into the Services and clicking the "My Account" links located in your personal Account section.
Your Posted Reviews. If you post reviews or ratings on our Services, the contents of those postings may be displayed on our Services along with your name (first name, and first initial of last name) or username, Member photo, Member type, age (if under 18 years of age) and school information (if you are an educator). The ages of your kids may also be displayed if you provide this information and allow it to be posted (this information can also be selected to remain private).
Digital Literacy and Citizenship Curriculum Training. For Educator Members who complete our Digital Literacy and Citizenship Curriculum Training, if requested by your school district, we may share your first and last name, school name, and completion date. The purpose of sharing this data is to help your district understand which teachers have received instruction on the Common Sense curriculum. Additionally, if your school receives E-rate support, it will help your district comply with CIPA.
Third-Party Service Providers. We work with third-parties who provide services such as data analysis, payment or donation processing, order fulfillment, infrastructure provision, information technology services, content personalization, email delivery services, and market research or third-parties who provide other services to help improve or operate our Services. We may share Personal Information about you with third-parties solely for the purpose of enabling them to provide these services to us. These service providers are given access to Personal Information needed to perform their functions, but are restricted from using the Personal Information for purposes other than providing services for us. When we engage a third-party who will need to access and process your Personal Information as part of their services, we ascertain that the third-party is capable and obligated to provide at least the same level of data privacy and protection as we hold ourselves to. Our third-parties are required to notify us if they determine they can no longer meet the expected level of data privacy and protection, and we monitor for compliance to our data protection terms based on the nature of the services being provided.
- Populating Account and Profile Fields: When you are connected via a Single Sign-On Service, we will pre-populate and update your account and Profile fields with data from the Single Sign-On Service that you allow us to access. You can update this information at any time on your Account and Profile pages.
- Personalizing the Services: When you are connected via a Single Sign-On Service, we may personalize our Services experience by displaying your name (first name, and first initial of last name) and profile picture or avatar (which you can choose to not display and instead show your anonymous username and no image) on your public profile page, next to your posted reviews, or on other areas of the site where your posted content is displayed. We might also display lists of content for you that similar users also like.
- Aggregate Reporting: When you are connected via a Single Sign-On Service, we may use Personal Information from the Single Sign-On Service that you allow us to access to learn more about the demographic information of our users.
Educator Members may disconnect from a linked Single Sign-On Service at any time by visiting the "My Account" or "My Profile" section of the Site.
We will not share any information about you collected on the Services with a linked Single Sign-On Service without your approval. This means that we will not post anything to your Google account or similar unless you give us specific permission to do so, and we will not contact your friends or followers at any time. We do not store or utilize the names of your friends or followers even if they are passed to us by a single sign-on service in the initial registration process.
Single Sign-On Services provide varying levels of control over the extent to which content or information you submit to the Services is also made public and shared on linked Single Sign-On Services. When you use a Single Sign-On Service to log into the Services:
- You share your information with it and its privacy policy applies to the Single Sign-On Service's collection, use, and disclosure of such information.
- In addition, the Single Sign-On Service may be able to collect information about you, including your activity on the Services, and it may notify your connections on the Single Sign-On Service about your use of the Services.
- Such services may also employ unique identifiers which allow your activity to be monitored across multiple websites for purposes of delivering targeted advertising to you.
Note: that the privacy policies and terms of use of linked Single Sign-On Services may be different from our own and we encourage you to read them. We also encourage you to familiarize yourself with the privacy controls and account settings on linked Single Sign-On Services for information on how to customize your privacy settings with respect to content or information submitted to the Services.
Law Enforcement; Emergencies; Compliance. Notwithstanding any other provision of this Policy to the contrary, we reserve the right to use your Personal Information, and to disclose it to others, as we believe to be necessary or appropriate: (a) under a requirement of applicable law, (b) to comply with legal process, (c) to respond to governmental requests, (d) to enforce our Terms of Service, (e) to protect our operations, (f) for assistance in fraud detection and prevention; (g) to protect the rights, privacy, safety or property of Common Sense Media, you or others, (h) to permit us to pursue available remedies or limit the damages that we may sustain, and (i) in connection with a disposition of all or a substantial portion of our business, assets or stock, such as the sale of the Site or Services, a merger, consolidation, reorganization, joint venture, assignment, or bankruptcy or similar proceedings.
Personal Information about you may be transferred, stored, and processed by us or the third-parties we work with in countries whose data protection laws and regulations may be different to those of your country. We allow transfers of Personal Information made between countries or regions in a fashion that complies with applicable law.
IV. DONOR PRIVACY POLICY
At Common Sense, we are strongly committed to protecting the privacy of our donors. We are dedicated to protecting your privacy and handling any Personal Information we obtain from you with care and respect.
In addition to obtaining information from you, we may supplement your information with data from public databases, including to research donors and conduct fundraising analysis, including to assess individuals’ philanthropic interests and ability to support Common Sense. We are not in the business of renting, selling, or trading our donors’ names or Personal Information, nor of sending mailings to our donors on behalf of other organizations. If this should ever change, we would only do so with your prior consent.
We may use third-party service providers to provide certain services on our behalf, including to process donations. To the extent that any third-party service provider is used to process donations, that service provider has assured Common Sense it will not use personal donor information for any purpose other than what is necessary to process the gift transaction for Common Sense. And any additional service providers, such as email providers, are given access to personal donor information only as needed to provide their functions for Common Sense.
This policy applies to all donor Personal Information received by Common Sense, both online and offline, on any Services, as well as through any electronic, written, or oral communications.
Note: if you choose to make your donation ‘anonymously’, we will not use information relating to your donations for the purposes described, whether or not you would have been eligible based on the amount of the relevant donation.
V. HOW LONG WE KEEP YOUR PERSONAL INFORMATION
We keep your Personal Information only for as long as it is warranted to provide our Services, fulfill our commitments to you, and/or adhere to legal or regulatory requirements. If you are a Member or a donor, we keep your Personal Information for the duration of our relationship. Certain Personal Information may be kept and archived for longer though, as required for recordkeeping purposes or backing up Services’ data for example. When Personal Information is expired, or is no longer needed and does not have to be retained, we may return, delete, destroy, or anonymize it, depending on what method is systematically and procedurally possible, most secure, and what our related retention commitments are.
VI. IMPORTANT DISCLOSURES, PRACTICES AND CONTACT INFORMATION
Links. For your convenience and information, we may provide links to websites and other third-party services and content that is not owned or operated by us. The third-party websites, services and content to which we link may have separate privacy notices or policies. We are not responsible for the privacy practices of any entity that we do not own or control. The inclusion of a link or such third-party services/content on the Services does not imply our endorsement of the linked site, or that content or service.
Security. We seek to use reasonable administrative, organizational, technical, and physical measures to help protect the Personal Information you provide to us from loss, misuse, and unauthorized disclosure, alteration, or destruction. Only authorized personnel have access to Personal Information you provide to us and each employee with access to Personal Information is obligated to maintain its integrity and confidentiality. Unfortunately, no data transmission can be guaranteed to be 100% secure or error free. If you have reason to believe that your interaction with us is no longer secure, you should immediately notify us in accordance with the section below entitled "Contacting Us." Note: that if you notify us by physical mail, this will delay the time it takes for us to respond to the problem. Common Sense Media follows its Data Breach Incident Response Plan to respond to incidents that could compromise Personal Information.
Updating Your Personal Information. If you are a Member, you can update your Personal Information at any time by accessing your account. To do this, just click on the "My Account", "My Profile" or "My Desk" link.
Changes to the Privacy Policy. We reserve the right to change this Policy, and any changes to our Policy will become effective upon our posting of the revised Policy on the Services. Use of the Services following such changes constitutes your acceptance of the revised Policy then in effect. If we make changes to this Policy, we will take reasonable steps to alert users of the Services that the Policy has been updated.
VII. YOUR PERSONAL DATA RIGHTS AND HOW TO CONTACT US
A. Your Data Choices
Applicable laws in some states in the United States and various countries and regions grant rights to individuals you might be entitled to. For information on the specific rights that apply in the European Economic Area, please read section VIII of this Policy. Regardless of the applicable law, Common Sense Media offers to all US residents and to the residents of other jurisdictions that use and participate in our Services the following options:
- Opting out: Applicable laws provide individuals with the choice to opt out of three types of data processing activities: targeted advertising, sale of data, and automated decision-making with legal or similar effects. Common Sense Media does not engage in f targeted advertising, does not sell Personal Information, and does not profile (as defined by applicable privacy laws) or undertake automated decision-making with legal or similar effects. Because we do not engage in those activities, we do not offer an option to opt out.
- Reviewing and transferring the information we have about you: You may review the Personal Information we have about you. However, we do have to take into account the privacy and the interests of others when releasing information, so this is not an absolute right. You might:
- Request a report. You have the choice to request access to information on what categories of Personal Information we have collected and processed about you.
- Request your data. You have the choice to request access to your Personal Information in a structured, commonly used, and machine-readable format (access), and you may have the right to transmit that data to another entity (portability).
- Request to correct. You have the choice to request that we rectify inaccurate or incomplete Personal Information concerning you.
- Deleting what we have: You have the choice to request that we delete the Personal Information we have about you. Note: that we may need to retain certain information because we are legally required to do so or in order to protect our legitimate interests. Once we process a deletion request, we may be unable to provide access or support to our Services. If you choose to delete your Personal information from our systems, this will also unsubscribe you from all Common Sense Media Communications and delete other information such as your membership information, and reviews. You may re-subscribe to our communications at any time, but this will not restore your history if it has been permanently erased from our systems.
Note: that these rights are not absolute, and in certain cases, we may decline your request as permitted by law.
You are entitled to exercise the options described above free from discrimination, as prohibited by applicable privacy laws. We typically do not charge any fees for exercising the choices described above, However, we may charge a reasonable fee for requests that are clearly unfounded, repetitive, or excessive. If we determine your request warrants a fee, we will notify you of the fee and explain that decision before completing your request.
B. Submitting a Request
You may submit a request to us, or you may authorize another party to do so on your behalf using the mechanisms below. To make submitting request as easy as possible, we have provided the following methods:
- Recommended: Your Data Choices web form. You may submit requests to exercise your rights or any questions you may have about this Policy, or the practices of the Services, through the Privacy Requests Portal.
- Mail. You may also exercise your options by mailing us at:
Corporate Headquarters
Privacy Department
Common Sense Media
699 8th Street, Suite C150
San Francisco, CA 94103
Further notes on making requests:
- Identity Verification. When you or an authorized agent on your behalf make a request, we will confirm your identity. We may reach out to you for additional information to verify your identity beyond what is included in your initial request. Information collected to verify your identity will never be used for any other purpose than to verify your identity to fulfill your request.
- Appeals. If you would like to make an appeal related to a Data Choice Request, you may do so by emailing [email protected].
VIII. Common Sense Media: EEA+ Privacy Policy
Who does this Section VIII apply to? This Section VIII (Common Sense Media: EEA+ Privacy Policy) applies to users and other relevant individuals who are based in the European Economic Area and the UK (together, the EEA+; who we refer to as "EEA+ Users"). All references to "you", "your" or "user(s)" in this Section VIII (Common Sense Media: EEA+ Privacy Policy) are references to such EEA+ Users only.
Why do we have a specific EEA+ Privacy Policy? Applicable data protection laws, including the EU General Data Protection Regulation and the so-called ‘UK GDPR’ (together, the GDPR), require us to provide information about our data processing practices and the rights available to relevant EEA+ Users.
Our representatives.
If you have any privacy questions or requests, you can easily submit them to Common Sense Media through our Personal Data Rights Request Form, available here.
- Our EU representative appointed under the EU GDPR is Verasafe. Verasafe can be contacted by mail at:
- VeraSafe Ireland Ltd., North Point Business Park, New Mallow Road, Cork T23AT2P, Ireland
- Our UK representative appointed under the UK GDPR is Common Sense Media, a registered charity and company in England and Wales ("Common Sense Media UK”). Common Sense Media UK can be contacted by mail at:
- 1 Paternoster Square, London, EC4M 7DX, UK, with mail sent "FAO Common Sense Media: UK Representative"
What do we mean by "Personal Information"? Under the GDPR, “Personal Data” refers to information about an identified or identifiable natural person. Throughout this Policy we use the term "Personal Information" to mean "Personal Data".
What are your rights in relation to your Personal Information? Under certain circumstances, by law you have the right to:
- Access. Request access to your Personal Information.
- Correction. Request correction of inaccurate or incomplete Personal Information that we hold about you.
- Erasure. Request erasure of your Personal Information.
- Objection. Object to our reliance on our Legitimate Interests (see below) as the legal basis of processing of your Personal Information
- Restriction. Request the restriction of processing of your Personal Information until we address your request, establish its accuracy or our reasons for processing it.
- Portability. Request the transfer of your Personal Information in a portable format to you or a third party of your choice.
- Withdraw consent. Withdraw your consent to any Processing that relies on it as a legal basis (see below).
How to exercise your rights? If you want to exercise any of the rights described above, you can do so by using our Privacy Requests Portal. Typically, you will not have to pay a fee to access your Personal Information or to exercise any of the other rights listed above. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive, or, we may refuse to comply with that request. We may need to request specific information from you to help us confirm your identity and expedite your request.
Your right to complain. We would love to be able to resolve your questions, requests and complaints about your Personal Information directly. However, if you feel we have not been able to satisfactorily resolve an issue, you may contact your local data protection supervisory authority.
- For the contact information of the Data Protection Authorities for each Member State of the European Economic Area, please visit: https://edpb.europa.eu/about-edpb/board/members_en
- The UK's Data Protection Authority's details are below:
The Information Commissioner's Office
Water Lane, Wycliffe House
Wilmslow - Cheshire SK9 5AF
Tel. +44 303 123 1113
Website: https://ico.org.uk/make-a-complaint/
What Personal Information do we process? The table in Section I describes the categories of Personal Information that we collect and process.
What is our “legal basis” for processing your Personal Information? In respect of each of the purposes for which we use your Personal Information (see below), the GDPR requires us to have a "legal basis" for that use. Most commonly, we will rely on one of the following legal bases:
- Where we need to perform a contract we are about to enter into or have entered into with you (“Contractual Necessity”).
- Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests (“Legitimate Interests”). More detail about the specific legitimate interests pursued in respect of each Purpose we use your Personal Information for is set out in the table below.
- Where we need to comply with a legal or regulatory obligation (“Compliance with Law”).
- Where we have your specific consent to carry out the processing for the Purpose in question (“Consent”).
Purposes for Processing. We have set out below, in a table format, the legal bases we rely on in respect of the relevant Purposes for which we use your Personal Information:
Purpose | Categories of Personal Information involved | Examples of how we use relevant Personal Information for a Purpose | Our legal basis for this use of data |
Account creation, configuration, maintenance and performance |
| To register your account on the Services, and to populate your Profile fields. To provide you with the core elements of the Services.
| Contractual Necessity. |
Service Personalization |
| To personalize your experience with our services and within our communications and to recommend Common Sense content, activities, features, and products that may be of interest.
| Contractual Necessity.
|
Security |
| To keep our Services and associated systems operational and secure. | Compliance with Law.
Legitimate Interests.
|
Troubleshooting and Service improvement |
| To track issues that might be occurring on our systems. To test and improve the Services. | Legitimate Interests. It is in our legitimate interests that we are able to monitor and ensure the proper operation of our Services and associated systems and services. |
Anonymized Data creation |
| We may create 'Anonymous Data' – this might include aggregated data such as statistical or demographic data. Anonymous Data may be created or derived from your Personal Information, but once in anonymous / aggregated form it will not directly or indirectly reveal your identity (i.e., it’s no longer Personal Information). We may use or disclose Anonymous Data for any purpose permitted by law, and do not require a legal basis to do so. | Legitimate Interests. It is in our legitimate interests that we are able to ensure that our Services and how we use information about our Users is as un-privacy intrusive as possible. |
Newsletter and communications |
| To send you the newsletters and other communications that you have signed up for – and, where requested, to personalize the content of those communications to you. To inform you of upcoming webinars and events that we are (co-)hosting and to promote such webinars and events. To monitor your interaction with our communications (e.g., whether you have opened them). | Consent in respect of the both delivery of our newsletters and other communications (including event/webinar promotion), and monitoring your interactions with those communications. |
Parental consent management |
| To send any parental consent request emails, and to engage in correspondence relating to the administration of parent’s children’s Profiles. | Compliance with Law. |
User submitted content |
| As part of the Services, we post the reviews and other content you submit to the Services. | Contractual Necessity. |
Processing Payments and Donations |
| To process: (a) the payments from our subscribers (including renewals, if and as applicable); and (b) donations people make via our Services. | Contractual Necessity. |
Processing donation 'perks' |
| If and for so long as we elect to make available certain 'perks' to encourage donations, we may use this Personal Information:
Note: if you choose to make your donation ‘anonymously’, we will not use information relating to your donations for the purposes described above, whether or not you would have been eligible based on the amount of the relevant donation.
| Contractual Necessity. |
Donor Analysis |
| To enrich the profiles of our current and prospective donors.
| Legitimate Interests. It is in our legitimate interests to establish those individuals who are likely to be interested in supporting the causes we wish to advance. |
Donor Outreach |
| Contacting current and prospective donors to engage interest and solicit donations. | Consent. |
Analytics |
| To collect details of the behavior patterns of people who use our Services. | Consent. |
Running surveys and analyzing the responses |
| From time-to-time we run surveys to better understand our users, our areas of professional interest, and how to improve our Services. | Legitimate Interests. It is in our legitimate interests to better understand: our user-base, how to improve our Services, whether or not to develop new Services (and if so how), and the areas in which we do business generally. We may seek consent for surveys that solicit special categories as required under Article 9 of GDPR. |
Events and Webinars |
| Registering you for events and webinars and enabling your participation or attendance at these events and webinars (including communicating with you about the event or webinar for which you have signed up). Sharing a list of prospective attendees for an event or webinar with an organization with which we have partnered to co-host the event or webinar. Sharing a list of names of attendees for an in-person event with appropriate site security to ensure that only registered attendees attend the event. Recording the event or webinar. If an event or webinar is being recorded we will notify you in advance. Publishing the recording of the event or webinar (either on Services or a third-party platform (such as YouTube)). | Contract. Legitimate Interests. It is in our legitimate interests to record and publish events and webinars that we (co-)host, and to ensure that only registered attendees attend such events and webinars. It is in our event partner organizations’ legitimate interests to receive a list of prospective attendees to gauge interest in the event/webinar. |
Purpose limitation. We will only use your Personal Information for the purposes for which we collected it as listed above, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Information for an unrelated purpose, we will update this Privacy Policy and we will explain the legal basis which allows us to do so. Note: that we may process your Personal Information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law (including the GDPR).
What happens when you do not provide necessary Personal Data or you withdraw consent? Where we need to process your Personal Information either to comply with law, or to perform the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. Similarly, if we rely on your consent to process your Personal Information, you are entitled to withdraw your consent, but if you do, we may not be able to provide certain services or features to you. We will keep you informed of when your access to service or features depends on your consent.
Our newsletters. EEA+ Users who are Adult Members, and other EEA+ Users over the age of 18, can opt-in to receiving our newsletters. Note: that you may continue to receive ‘service-related’ and other non-marketing emails from us, including notices of any updates to our Terms of Use or this Policy.
How do you get consent from parents of Children when we are required to do so? We use the term "Children" to refer to younger kids for whom collecting parental consent is required under applicable laws. For example, under Article 8 of GDPR, when Personal Information is collected under the lawful base of consent (as provided by Article 6(1)(a) of GDPR) in relation to the offer of information society services directly to a Child parental consent is required. The age range that requires parental consent varies per Member State but in no event can be higher than 16 years of age. If parental consent is required in respect of any processing of a Children’s Personal Information, that Child must provide their parent’s email address. We use that email address to contact the Child’s parent to ask for their consent to the relevant processing – we also explain to the parent:
- what Personal Information we collect about their Child;
- how we use it and why; and
- how the parent can revoke their consent and/or ask that we delete their Child’s Profile and their Personal Information.
If at this stage, the parent gives us their consent, we will carry out the processing. If not, we won’t.
What rights do EEA+ parents have? If you are a parent of a Child who is an EEA+ User, and we need your consent to certain processing of your Child’s Personal Information, please contact us if you:
- believe your Child is participating in an activity on the Services that uses their Personal Information without the parental consent required by law; and/or
- no longer wish for your Child to participate as a member of the Services,
We will delete your Child’s Profile, and any parental contact information we may hold, on request. If you wish to exercise these rights, you can do so through our Privacy Requests Portal.
Personal Information from Third Party Sources. In addition to the Personal Information that we collect directly from you we also collect certain of your Personal Information from the following categories of third party:
- Single Sign-On providers – we may receive certain Identity Data, Contact Data, and Service Personalization Data relating to Educator Members who register for, and access the Services using, a Single Sign-On Service.
- Fundraising Tools – we derive or receive Donor Analysis Data from certain commercial- and publicly-available sources, which we use to enrich the profiles of our current and prospective donors (example of such data sources are the iWaves PROscores, CoreLogic, VeriGift, Larkspur Data databases).
International transfers. We are headquartered in the United States. The Personal Information that we collect from and about you will be stored and processed in the United States and may be stored and processed in other countries outside of the EEA+. However, it is our policy to ensure that adequate contractual or other safeguards are applied to Personal Information transferred outside of the EEA+ where required by the GDPR. If you have questions about the safeguards applied to your Personal Information, you may contact us at Contact Support.
GLOSSARY
The capitalized terms used throughout this Policy have the following meanings:
Apps: All other Common Sense Media applications that link to this Privacy Policy.
Controller: The physical or legal person determining the purposes and means of collecting and processing Personal Information.
Data Incident Response Plan: A Common Sense Media internal policy that outlines the steps to be followed to respond to incidents that may compromise the security of Personal Information.
Privacy Policy or Policy: This legal document which discloses how we collect or receive, use, store, and manage Personal Information, and what your choices and rights are over your it.
Profile: The account profile you create to use our Services.
Single Sign-On Service: A third-party account of yours, e.g., your Google account that you select for open authentication into our Services instead of you creating and using a password to log into the Services.
Services: The Common Sense Media website, www.commonsensemedia.org, and all other applications, services, and websites that link to this Privacy Policy.
Terms of Use: Our disclaimer and agreement for users of our Services.
Members: Visitors who complete the membership registration process through our Services. Members join an active and vibrant community of families and educators interested in the impact of media on their children and students and can engage in activities not available to Non-Members, such as creating user reviews on media products, participating in surveys and polls, and saving favorites to a personal page. If you are not currently a Member, you may click here to register, or here if you are an educator, and become eligible for our Services' features. You can also subscribe to Common Sense Media, which gives you one year of unlimited access to all our media ratings and reviews.
Visitors: Individuals who visit our Services but who do not complete the membership registration process.
Personal Information: Information about an identified or identifiable natural person. It includes any information that can be used to identify (directly or indirectly) or contact a specific individual, such as the individual's name, postal address, email address, telephone number, or online identifier.
Site: Common Sense Media website, www.commonsensemedia.org
Payment Services: Third-party service providers used by us to handle donations made by credit card and other payment transactions submitted to our Services.
Child or Children: Younger kids for whom collecting parental consent is required under applicable laws. For example under COPPA in the United States, children for these purposes are considered to be individuals under the age of 13. This age range may vary in other countries and regions. Where consent is required or recommended for a particular purpose or practice, we aim to get parental consent for youth in accordance with the age designated by the country they are in.
Teen: Older kids for whom collecting parental consent is not required under applicable laws. In the U.S. a Teen would be a kid that is 13 or older yet under 18. This age range may vary in other countries and regions, but in all cases, an individual over 18 is not considered a Teen.
GDPR: The EU General Data Protection Regulation and the so-called ‘UK GDPR’