Digital Learning Services Privacy Notice – Canada

Primary/Secondary Student/Youth Users

Pearson receives authorization and consent to collect, process and otherwise handle Personal Information of a Primary/Secondary Student User or a Youth User under this Privacy Policy and the EULA when a parent, Institution or Educator of such User (a) purchases the Services for such User; (b) establishes an User Account for such User; (c) registers such User to use the Services; (d) instructs such User to establish an account or register to use the Services; or (e) directs such User to complete schoolwork or assignments using the Services. Such authorization and consent also will be deemed to have been granted for all Primary/Secondary Education Student/Youth Users who are included in an Educator’s course roster in the Services or who access the Services through access codes provided by their Institution or Educator or through account credentials that an Educator has associated with the User’s Personal Information, such as through the Educator’s course or learning management system. Educators and their Institutions are responsible to obtain any additional legally required consents for Primary/Secondary Education Student Users and Youth Users.

Other Users

Pearson receives authorization and consent from Users other than Primary/Secondary Users to collect, process and otherwise handle Personal Information under this Privacy Policy and the EULA when the User: (a) purchases the Services; (b) establishes an account or registers to use the Services; (c) accesses the Services through access codes provided by their Institution or Educator or through account credentials that an Educator has associated with the User’s Personal Information, such as through an Institution’s course or learning management system; or (d) uses the Services.

Global Nature of the Services

For some of Pearson’s Services, Personal Information may be transmitted, stored and processed in a country other than the one in which the User resides, or the Educator or Institution is located. The authorization and consent for Pearson to collect, process and otherwise handle Personal Information under this Privacy Policy includes consent and authorization for the User’s Personal Information to be transferred and stored in countries outside of their residence, which may include the United States and the United Kingdom, as well as any country where the Educator or Institution may be located or the User may visit.

Payment Data

If a Customer purchases the Services online directly from Pearson, payment data submitted by that Customer will be used and disclosed to the Customer’s financial institution and Pearson’s payment processing vendor for the purpose of processing payment for the Services ordered.

Account Data

Pearson collects and processes Account Data to set up, maintain and enable a User account to use the Services. Account Data may include a User’s name (unless an alias is used with Educator or Institution approval/coordination), email address, country, user name and password, as well as the Institution and course identifier for any courses for which User uses the Services. For some Services, a User’s mobile phone number may also be collected and used for User authentication. With coordination/approval by the Educator, a User may be registered for a User account using an alias* instead of actual first and last name. Account Data does not include student coursework or responses, scores, grades or instructor feedback on interactive exercises, assignments or assessments.

Course Data

Course Data means educational data collected, generated or processed through use of the Services in connection with educational coursework. Course Data includes assignments, student coursework, responses to interactive exercises, assignments, scores, grades and instructor comments. Pearson collects and processes Course Data in order to provide the Services to Users, Educators and Institutions for educational purposes.

Community/Forum Postings; Other Communications

Information posted by a User in a community or forum or communicated with a communication tool provided through the Services may constitute Personal Information. Postings and communications will be visible to and shared with all members of the community or forum. Pearson is not responsible for further use or disclosures by others who are members of the community or forum or recipients of any communications.

Google Drive/Microsoft One Drive

Some Services may have the capability to connect to the User’s cloud service drive (“Drive”), such as a Google Drive or Microsoft One Drive, so that the User can upload or download documents directly from or into their Drive. Before they do so, the User will receive a prompt asking them to click "Allow" to enable the Services to connect to their Drive. A User may remove this connection in the settings for their Drive account at any time. Pearson will use this connection to access their Drive only for the purpose of uploading or downloading documents that they specifically select with limited metadata to allow identification and retrieval, so that they can access and use the documents within the Services or download them to Drive. Pearson will use, process and store these documents and associated personal data in accordance with this Privacy Notice.

Cookies and Related Technologies

The Services use cookies to enable Users to sign-in to the Services and access stored preferences and settings. Users, Educators and Institutions have a variety of tools to control the use of cookies, web beacons and similar technologies, including browser controls to block and delete cookies. Disabling or blocking these technologies, however, may prevent or impair required functionality and use of the Services.

Application and System Logs

Application and system logs are critical to ensuring the delivery, availability and security of the Services. Pearson automatically collects log data related to User interaction with the Services. This data may include browser type, type of computer/device and technical information about the User’s means of connection to the Services, such as operating system, internet service provider and IP address. This data is collected and used for support purposes and to monitor the health of the Services, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale the computing resources for the Services.

Feedback, De-Identified and Aggregate Data

Pearson may provide Users with the opportunity to evaluate and provide feedback on the Services on a voluntary basis. Pearson may use and disclose such data in de-identified form, as well as other de-identified data and de-identified aggregate data collected and processed through the Services, to deliver, maintain, support, evaluate and improve the Services, conduct educational research, develop new products and services and for other purposes. De-identified data is not considered Personal Information under this Privacy Policy.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver the Services.

Do Not Track

Do Not Track (DNT) is a proposed mechanism for allowing website visitors to control the collection of certain usage data. Although there has been research into the development of a standard to support the use of DNT signals, there is no adopted standard to follow. The Services do not currently respond to Do Not Track signals.

Educators and Institutions

Pearson uses the Personal Information to deliver the Services for educational purposes. In delivering the Services, Pearson may provide and disclose Personal Information to the User’s Educator and Institution and as otherwise directed by the Institution or the Educator. Educators and Institutions may export grade book information and other Course Data from the Services for the purpose of maintaining educational records.

Evaluation

Pearson may use and disclose Personal Information, as requested or authorized by an Institution or by an applicable governmental educational agency or authority, for administrative, audit and evaluation purposes, such as to evaluate the educational efficacy and effectiveness of the Services.

Improper Conduct

Pearson may use and disclose Personal Information of a User to the User’s Educator, Institution, law enforcement and other regulatory officials for the purpose of investigating and addressing suspected illegal conduct, misappropriation of password access, academic dishonesty or misconduct or any other conduct prohibited by law, the EULA or a User’s Educator, Institution or other applicable regulatory authority.

Affiliates and Contractors

Pearson may disclose Personal Information to affiliated Pearson companies and other companies and organizations who perform work for Pearson under contract and are obligated to protect the privacy of Personal Information consistent with this Privacy Policy.

Other Circumstances

Pearson also may disclose or use Personal Information: (a) with the User’s consent (or, if a Youth User, with the consent of the Youth User’s parent); (b) in response to a subpoena, court order or legal process, to the extent permitted or required by law; (c) as required by law; (d) to protect the security and safety of the User and other persons, data, assets and systems, consistent with applicable law; (e) in connection with a sale, joint venture or other transfer of some or all of its company or its assets, subject to the commitment of the acquiring entity to comply with this Privacy Policy; (f) as authorized or directed by an Institution or Educator for whom Pearson acts as a service provider; or (g) to investigate or address actual or suspected fraud or other illegal activities; or (h) in order to exercise its legal rights, including enforcement of the EULA or any applicable contract with the User or the User’s Educator or Institution

Communications and User Feedback

Pearson may communicate with Users by email to provide updates and information about the Services and to request User evaluation and feedback about the Services and interest in Pearson research project participation. Pearson will provide Users with a means to express email preferences or unsubscribe to emails in accordance with applicable law. Pearson will only send transactional and operational emails permitted by applicable law to Users who have expressed a preference not to receive email.

Marketing and Advertising

Pearson will not use Personal Information of Primary/Secondary Student Users or Youth Users for marketing purposes and will not knowingly direct or send marketing communications to a Primary/Secondary Student User or a Youth User. Pearson may use Personal Information of other Users to market products and services of Pearson and affiliated Pearson companies to such Users, provided that (a) such use and marketing is consistent with applicable law and Pearson’s legal obligations; (b) such Personal Information excludes Payment Data and Course Data; (c) the Users are not Primary/Secondary Student Users or Youth Users; (d) the Users have not opted out of receiving marketing; and (e) where required by applicable law, express or implied consent to marketing exists and has not been withdrawn. Pearson may provide such Personal Information to a third party service provider on a restricted basis to provide such marketing solely on behalf of Pearson and affiliated Pearson companies, but not for marketing of any third party products or services. Pearson does not permit third-party ad networks or similar services to access or collect Personal Information within the Services. Users may change their marketing preferences at any time. Pearson will not knowingly direct or send marketing communications to a User who has expressed a preference not to receive marketing.

No Sale of Personal Information

Pearson does not sell or rent User Personal Information.

Data Protection Laws

Pearson is committed to complying with all other data protection laws applicable to its delivery of the Services.

Account Data

Users may access and modify Account Data through the Account Profile features and functionality of the Services.

Course Data

Students and parents should direct access, amendment and export requests for Course Data and any education records to their Educator or Institution. Access, correction or deletion may be limited by restrictions to maintain academic fairness and the validity, security and intellectual property rights in educational assessments and materials and any applicable restrictions or requirements of the Educator, Institution or law. In many cases, Institutions and Educators will be able to use the built-in functionality of the Services in order to address access, amendment and export requests. Upon request of the Institution, Pearson will provide reasonable assistance to the Institution, consistent with the terms of its agreement with the Institution. In certain cases, Pearson may not be able to fully satisfy such requests, such as a request for confidential Pearson company information or requests in a specific or proprietary format that Pearson is unable to support or requests that are prohibited by law.

User Responsibilities

To protect Personal Information, Users, Educators and Institutions are urged to: (a) protect and never share their passwords; (b) only access the Services using secure networks; (c) maintain updated internet security and virus protection software on their devices and computer systems; (d) immediately change a password and contact privacy.officer@pearsoncanada.com if there is a suspicion that the password has been compromised; and (e) contact privacy.officer@pearsoncanada.com if there is another security or privacy concern or issue.