Privacy policy.

 

Introduction  

Design Science Studio, a website own and operated by habRitual LLC (“Company,” “our,” “we”) respects your privacy and is committed to protecting it through our compliance with this Privacy Policy. This Privacy Policy is part of our Terms of Use available here.

In this policy we describe the types of information we may collect from you or that you may provide when you use the designscience.studio website (the “Website”) and our practices for collecting, using, protecting, and disclosing that information.

Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it, as you agree to this Privacy Policy by using the Website. If you do not agree with our policies and practices, do not use the Website.

 [A1]This is where you would hyperlink to the terms of use.

Children Under the Age of 18  

The Website is not intended to be used by children under 18 years of age and you are not allowed to use the Website or provide information on it if you are under 18 years of age. If you believe we might have any information from a child under 18, please contact us immediately at designsciencestudio@bfi.org so we can delete it.

If you are based in the European Economic Area (“EEA”) you may only use the Website if you are over the age at which you can provide consent to data processing under the laws of your country or if verifiable parental consent for your use of the Website has been provided to us.

Under the Children’s Online Privacy Protection Act (COPPA), the privacy policy must include extensive additional sections if the Website is directed to children under the age of 13 OR is directed to a general audience and the company has actual knowledge that it collects personal information from children under 13. This includes plug-ins and ad networks that you might use on your Website, and “personal information” is defined very broadly (including name, address, email address or screen name, photograph, location, etc.). Some people also want to give off the vibe that their services are only for adults so they voluntarily increase this age up to 18 and older, which is what we have done here since we cannot see a viable reason for marketing this to children, but let me know if this isn’t correct.  

Information We Collect And How We Collect It

 

We collect several types of information from and about users of the Website, including:

 

  • Information by which you may be personally identified, such as name, phone number, location, photograph, and e-mail address;

  • Other information that you voluntarily enter by typing it into the Website;

  • Information used for membership and application purposes;

  • Information about your artwork, portfolio, personal online presence including links to websites and blogs, and your personal social media handles;

  • Information about others that you submit to the Website or use to share information in the Website; and

  • Information about your internet connection, the equipment you use to access the Website, and Website usage details.

 

We collect this information:

  •  Directly from you when you provide it, such as by typing information into the Website or using an application

  • Automatically as you use and navigate through the Website, such as usage details, IP addresses, web browser preferences, and information collected through cookies and other tracking technologies. Although we do not correlate tracking information to individuals, some information collected, such as IP addresses, will be unique.

 

In some countries, including countries in the EEA, the information referenced above in this Privacy Policy may be considered personal information under applicable data protection laws. If you do not want us to collect this information, do not use the Website.

How We Use Your Information  

We process and use information that we collect about you or that you provide to us, including any personal information:

  • To develop, provide, and improve the Website and its curriculum and services to you.

  • To provide you with information, products, or services that you request from us.

  • To provide you with notices about your account, application, and the curriculum including expiration and renewal notices.

  • To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.

  • To improve the Website and our services.

  • To expand and improve data collection systems.

  • To notify you about changes to the Website or any products or services we offer or provide though it.

  • In any other way we may describe when you provide the information.

Disclosure and Recipients of Your Information  

We may disclose aggregated information about our users, and information that does not identify any individual, without restriction.

We may disclose specific personal information that we collect or you provide to these categories of recipients:

  • To contractors, employees, service providers, and other third parties we use to support the Website.

  • To third party service providers to help us improve the Website.

  • To our subsidiaries and affiliates.

  • To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of the Company’s assets.  

  • For any other purpose disclosed by us when you provide the information.

  • To third party contractors in order to analyze Website performance and user behavior and/or to improve the Website.

  • To comply with any court order, law, or legal process, including to respond to any government or regulatory request.

  • If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of the Company, our customers, or others.

CalOPPA, California’s law governing privacy policies, requires a privacy policy for any Website that collects personally identifiable information from its users.  As legally defined, “personally identifiable information” refers to details collected on the Internet about an individual consumer, including an individual’s first and last name, a physical street address, an email address, a telephone number, a Social Security number, or any other information that permits a specific individual to be contacted physically or online. The term extends to details such as a person’s birthday, height, weight or hair color that are collected online and stored by an operator in personally identifiable form.

 

Under CalOPPA, we must list at least the categories of PII that the Website collects. Does this cover all of the categories of information that you collect? It should be updated if/when you collect additional information.

 [A2]CalOPPA requires the privacy policy to include “A list of the categories of third parties with whom the operator may share such personally identifiable information.” This  list is fairly broad to allow you to share information in many likely cases, but also narrow enough that the company does have some obligations related to keeping personal information confidential.

Legal Basis for Processing and Retaining Your Data

We collect, process, and retain personal information we collect from you (i) when we have your consent, such as agreeing to this Privacy Policy and our Terms of Use and continuing to use the Website, (ii)  when we need the personal information to perform a contract with you, and/or (iii) when we have a legitimate business interest in doing so that is not overridden by your rights, such as to provide the Website and its services to you when you wish to use it and communicating with you about your usage of the Website.

In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person. If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).

We retain your information as long as we have your consent and an ongoing legitimate business interest to process your personal information. After this retention period elapses at the reasonable determination of the Company, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

Choices About Your Personal Information

We strive to provide you with choices regarding the personal information you provide to us. To that end, any personal information you provide to the Website is done completely voluntarily and knowingly by you – if you don’t want us to collect or use personal information in accordance with this Privacy Policy, do not enter it into the Website, do not submit an application and do not use the Website. We do not have third-party advertisements or cookies that might be collecting your information without you knowing it.

 

Accessing, Correcting, and Deleting Your Information  

You can review and change your personal information by logging into the Website and visiting your account profile page. You may also send us an email at connect@designscience.studio to request access to, correct, or delete any personal information that you have provided to us. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.

 

Do Not Track Settings

The Company does not track its customers over time and across third party websites to provide targeted advertising, and therefore does not respond to Do Not Track (DNT) signals. However, some third-party websites track your browsing activities when you use their websites so that they can tailor their content to your preferences. If you are visiting such sites, your web browser may allow you to set the DNT signal on your browser so that third parties (particularly advertisers) know you do not want to be tracked.

Your California Privacy Rights  

California Civil Code Section § 1798.83 permits users of the Website that are California residents to request certain information regarding our disclosure of personal information to third parties for direct marketing purposes. We do not share information for this purpose, but you may still request more information about our compliance with this law by sending an email to connect@designscience.studio

Transferring Your Information

The Company is a worldwide service operated from California. By using the Website, you authorize us to transfer and store your information outside your home country, including in the United States, for the purposes described in this Privacy Policy. The privacy protections and the rights of authorities to access your information in these countries may not be the same as in your home country. We take additional measures when information is transferred from the European Economic Area (EEA). This includes having standard clauses approved by the European Commission in our contracts with parties that receive information outside the EEA. We also rely on European Commission adequacy decisions about certain countries, as applicable, for data transfers to countries outside the EEA.

Data Security  

We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access. For example, access by a user to their personal information is available through a password and unique customer ID selected by the user. This information is encrypted through the Website with Secure Socket Layer technology (SSL) and is also encrypted when it is stored by us to prevent unauthorized parties from viewing such information. Also, we perform regular malware scanning of the Website and all servers and computers used by us to support the Website. All Company employees are required to adhere to our security and confidentiality procedures and undergo training related to maintaining the security of user personal information.

Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to the Website. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website.

EEA Users

You have options in relation to the information and data that we have about you.  To exercise any of the options discussed below, please contact us at connect@designscience.studio . If you’re an EEA user, you may:

  • Access the information we have about you. We'll will make an effort to share this information with you within a reasonable time.

  • Have your information corrected or deleted. 

  • Object to us processing your information. You can ask us to stop using your information, including when we use your information to send you marketing emails or push notifications. We only send you marketing material if you've agreed to it, but if you'd rather we don't, you can easily unsubscribe at any time by clicking on the “unsubscribe” or “opt-out” link in the marketing emails we send you, or by emailing us at the email address above.

  • Withdraw your consent for us to collect and process your personal information at any time.  Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.

  • Have the information you provided to us sent to another organization, where we hold this information with your consent or for the performance of a contract with you, where it's technically feasible.

  • Complain to a regulator or other supervisory authority. If you're based in the EEA and think that we haven't complied with data protection laws, you have a right to lodge a complaint with the Data Protection Commission in Ireland or with your local supervisory authority.

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. 

Third Party Links

The Website may contain links that lead to other websites, and the Company is not responsible for the privacy practices, content, and/or activities of these linked websites. Nonetheless, we seek to protect the integrity of the Website and welcome any feedback about these external websites.

Changes to Our Privacy Policy 

We will post any changes we make to our Privacy Policy on this page and you will be notified of any material changes on the Website home page and in an email to the most recent email address that you provided to us, if any.

CalOPPA requires the privacy policy to include a description of the process (if any) by which the consumer can review and request changes to his or her personally identifiable information as collected by the website operator. Is this an accurate description of this process?

Under CA law (AB 370), privacy policies for websites or services used by CA residents must  disclose how a business’s website or online service responds to Do Not Track signals (“or other mechanisms that provide consumers the ability to exercise choice regarding the collection of personally identifiable information about an individual consumer’s online activities over time and across third-party Web sites or online services”) from Web browsers. You are not required to respond to DNT signals in a certain way, but simply disclose these procedures. Therefore, if you ignore them, that is fine, you just need to tell users in the privacy policy that this is the case. I recommend asking the developer what we should put here. If the Website does honor DNT settings, we could instead put: “We do not track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.”

If preferred, the law also allows you to instead provide “a clear and conspicuous hyperlink in the operator’s privacy policy to an online location containing a description, including the effects, of any program or protocol the operator follows that offers the consumer that choice.”

 Under the GDPR, you need to tell EU users whether you transfer data internationally.

If your business transfers personal data to a different country or international organization, you need to let users know this. The language here is one acceptable way to do this but we will need to edit to reflect how you specifically transfer information.

The privacy policy must include the measures that are used to keep personal information safe. The measures listed here are common ways to do this, but we should modify to make as accurate to your company’s practices as possible, including adding to or deleting what is already listed here. 

Under CalOPPA you must include how you will notify users of material changes to the privacy policy within the privacy policy.

Organization and Contact Information

The Website is property of habRitual, a California LLC. For general information about the Website, this Privacy Policy, or anything else, you can contact us at:

  • habRitual, Data Protection Officer

    • admin@habritual.studio