Bytello Class Privacy Policy

Last updated: Aug 14th, 2023

Introduction

Bytello Class and its related services, including but not limited to providing powerful tools for educators to create and deliver lessons, engage with learners and achieve extraordinary learning outcomes (hereinafter referred to as "Product", "Services") are provided by Guangzhou Shirui Electronics Co., Ltd. (hereinafter referred to as "we", "us", or "our"). We highly value your privacy. This Privacy Policy (hereinafter referred to as "Policy") describes how we collect, use, and disclose, process, and store any personal information that you provided to us or that we collect from you when you use our products and services. If you are under 16 or otherwise regarded as a minor in your jurisdiction, do not provide any personal information without your parent’s or guardian’s permission.

This Policy applies to all Bytello Class software, applications, related websites that reference or link to this Privacy Policy. It also describes your rights and available choices regarding your personal information.

Data Controller: Guangzhou Shirui Electronics Co., Ltd. is the controller (or similar term under applicable laws) of any information processed in connection with this Policy.

It is our policy to comply with applicable data protection laws. We reserve the right to change the provisions of this Policy from time to time. We encourage you to periodically review this page for the latest information on our privacy practices.

I. What Information We Collect

The term of "personal information" or "personal data" means information that specifically identifies an individual (such as a name, mobile number, email address, or other account number), and information about that individual’s location or activities (such as information about your use of our Services, IP addresses or mobile device identifiers) when directly linked to personally identifiable information. Personal information also includes demographic information such as date of birth, gender, geographic area and preferences when such information is linked to other personal information that identifies or may identify you.

Personal information does NOT include "anonymized" information, which is data we collect about the use of our Services or about a group or category of products, services or users, or other data from which individual identities or other personal information has been removed so that the individual concerned cannot be identified directly or indirectly. Such data helps us understand trends and our users' needs so that we can better consider new features or otherwise tailor our Services. This Policy in no way restricts or limits our collection and use of such information.

We may collect information that you voluntarily provide to us, information that we collect automatically through your use of our Services, and certain information we obtain from third party sources. More information about the categories and sources of information is provided below.

1. Information provided by you

1.1 Account registration information

When you sign up and create an account, for the purpose of providing you our Services, we collect the following information about you:

• Email address;
• Email verification code;
• Password;
• Country/Region;

We collect the Country/Region about your organization for the purpose of helping you to select the correct one from some repeated organization names (if any), and of helping us to identify the areas we need to serve and store the data.

We will also collect your birthdate in order to recognize whether you are above 16 or any ages   otherwise regarded as an adult in your jurisdiction, and such type of information will not be saved by us.

Once you register, you will be able to review and change this information via the setting within our Product and it is your responsibility to ensure that your account details are kept up to date.

1.2 Account storage information

For helping you to store your teaching resource, when you use the service of account storage, we collect the following information about you:

• Files and documents saved and stored by you;
• Teaching materials provided by you;

Please be noted that the contents of such information will not be visited and read by us.

1.3 Class information

You are able to create a class within our Services, you can enter your students' information into Class, and you acknowledge and confirm that you have obtained valid consent from your students’ parents or legal guardian when you provide us with your students' information. In such case, we collect the following information that you provide to us:

• The name of your class,
• The grade of your class,
• The list of students’ names in your class.

1.4 Written content during lessons

For the purpose of providing interactive class and after-class reviews for teachers and students, when you draw or write content during class, we will automatically collect and store the following information:

• The content written by teachers in class,
• The content written by students in class.

The content written by teachers shall only be accessible to or viewed by the teachers themselves and the students in the corresponding class.

The content written by a student shall only be accessible to or viewed by the student himself/herself. In case on the teacher's request and with the student's consent, the content written by that student will be demonstrated to the whole class (including the teachers and other students in the corresponding class).

1.5 Resources recipient email address information

When you use the teaching resources sharing service, we collect the email address of the recipient who receiving the teaching resources shared by you.

1.6 Support service information

If you contact our customer care team, we collect the information you give us during the interaction. Sometimes, we monitor or record these interactions to ensure a high quality of the Services.

2. Information we collect automatically

We, or authorized third parties, automatically collect certain information from you when you use our Services. See below for more details:

2.1 Device information

We collect certain information about the device you use to access our Services, such as the device IP address, THREAD Identifier (TID), and the longitude and latitude information (approximate location which is accurate to country).

3. Information from third-party sources

3.1 Third-party account log-in information

When you use the third-party account to log in the Product, we collect your Google/Microsoft account information, including your registered email address, profile photo, user name, email verification information, zoom account (if any), teams account (if any), for the sake of user identity verification.

3.2 Third-party cloud storage information

When you use the service provided by third-party cloud storage, for the sake of binding your third-party cloud storage service and your Account ID, we collect the following information about you:

• Files stored within the third-party cloud storage (in no event shall we access or store your cloud storage resources unless at your command);
• Email address;
• Your User Certificate.

After you bind your account of Google Drive with your Account ID, our use of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements. Currently, we do not transfer information received from Google APIs. If we transfer information received from Google APIs, our transfer of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

3.3 Third-party class information

When you use the service provided by Google Class, for the sake of importing class information from Google Class, we collect the following information:

• The name of the imported Google Class,
• The grade of the imported Google Class,
• The class of the imported Google Class,
• The list of students' names of the imported Google Class,
• The account information of Google Class.

You acknowledge and confirm that you have obtained valid consent from the imported students’ parents or legal guardians when you provide us with the imported students’ information.

3.4 No special categories of information

We do not request or intend to collect any "special categories of information", such as any information on health, race, religion, political opinions or philosophical beliefs, sexual preferences or orientation. We also want to kindly remind you to be cautious when sharing this information about yourself (or others) in our Services.

4. Cookies and Other Similar Technologies

By using our Services, you agree that we may automatically collect certain information through the use of "cookies" or other similar tracking technologies to analyze trends and administer the Service. Many browsers enable you to control the use of cookies at the individual browser level. Cookies are small text files that are stored on your device by us to ensure that the Services' normal operation and your convenient access to it. Cookies usually contain identifiers, site names, and some numbers and characters. We only use the strictly necessary cookies which enables out Services to function such as login tokens. We generally treat information collected by Cookies and similar technologies as non-personal information as they do not contain any of your personally identifiable information. However, to the extent that Internet Protocol (IP) addresses or similar identifiers are considered personal information by the laws of the countries concerned, we will also follow the laws of the countries concerned. If you wish to block, erase, or be warned of cookies, please refer to your browser or mobile device's instructions or help screen to learn about these functions. You may not be able to delete or disable cookies on certain mobile devices and/or certain browsers.

Remember, if a browser or mobile device is set not to accept cookies or if a user rejects a cookie, some portions of the Website or Services may not function properly. For example, you may not be able to sign in and may not be able to access certain Website or Service features or services.

We will not use cookies for any purpose other than those stated in this Policy.

II. How We Store Your Personal Information

The personal information we collect from you may be stored on a third-party cloud storage located in different countries or regions:  

The personal information we collect and generate in our operations in European Economic Area (EEA) is processed and stored in a third-party cloud storage located in Germany, except for cross-border transmissions permitted under the applicable law.

The personal information we collect and generate in our operations in the United State is processed and stored in a third-party cloud storage located in the United State, except for cross-border transmissions permitted under the applicable law.

The personal information we collect and generate in our operations in the south-east Asian regions and countries is processed and stored in a third-party cloud storage located in Singapore, except for cross-border transmissions permitted under the applicable law.

We store your personal information in response to the requirements of laws, regulations or our commercial purposes. We will delete or anonymize your personal information beyond the above retention period.

III. How We Share Your Personal Information

We will not share your personal information with third parties for their own marketing or commercial purposes. 

IV. How We Protect Your Personal Information

1. We have taken reasonably feasible and technical measures to protect collected services-related data. However, please be attention, even if we undertake reasonable measures to protect your data, there is no website, internet transmission, computer system or wireless connection that are definitely safe. 

2. We have taken safeguarding measures in accordance with industry standards to protect the personal information you provided and prevent data from unauthorized access, public disclose, use, modification, damage or loss. We take all reasonably practical measures to protect your personal information. In particular: 

(1) We encrypt a lot of information. For instance, we do not store your password but only store the Hash value after your password's double layer SHA as a proof of security authentication. The HASH algorithm of SHA is irreversible. Therefore, no one can find your password according to the Hash value. We periodically review practices regarding information collection, storage and possessing (including physical security measures), to prevent various systems from unauthorized access. 

(2) We use computer system that has limited access and merely allow our employees who need to know personal information in order to help us process it or authorized staff from the Services companies to access personal information. These people are required to comply with strict contractual confidentiality obligations. Failure to comply with the obligations will lead to legal liabilities or termination of contract with us. 

(3) The security of your information is extremely important to us. Therefore, we endeavour to ensure the security of your Personal information and implement measures such as security encryption during storage and transmission to prevent your information from unauthorized access, use, or disclosure. At the same time, no one can access the specific content of some encrypted data except the users themselves. 

3. In case of personal information security incident is likely to result in high risk to the rights and freedoms of personal information subjects, we will promptly inform you of the relevant information related to the leakage by email.

V. How long do we retain your personal information?

1. We retain your personal information for the period necessary for the purpose of the information collection described in this Privacy Policy or required by the applicable laws, the requirements of laws and regulations. We will cease to retain and delete or anonymize personal information once the purpose of collection is fulfilled, and/or after we terminate the operation of the corresponding product or service, and/or after we confirm your request for erasure.

2. We may retain your personal information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. When we no longer need to use your information, we will remove it from our systems and records and / or take steps to anonymise it promptly so that you can no longer be identified from it.

3. To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting, or other requirements.

4. However, we may continue to retain certain data to the maximum extent permitted by applicable laws. If you would like to delete your data, please refer to the heading of "Your Rights" below.

VI. Your Rights

As the subject of the personal information, you are entitled to have the rights provided by the privacy laws in your jurisdiction. Your rights may include part or all of those described underneath. You can exercise your rights entitled by the privacy laws in your jurisdiction at any time by sending us relevant requests to support@bytello.com. Your rights may include:

1. Right to be informed: 

We publish this Policy to inform you of how we handle your personal information. We are committed to the transparency of the use of your information. 

2. Right to access your personal information: 

You have the right to access personal information we hold about you, how we use it, and who we share it with. We offer controls that enable you to:

• access your information (including your profile image, nickname, email, country/region, language, bound third-party accounts & cloud storage) by navigating to the "Me"- "Account Settings" - "Profile" tab on the Product;
• request a copy of your information by navigating to the "Me" – "Account Settings" on the Product.

3. Right to correct your personal information: 

You have the right to correct your information where that information is not accurate. We offer controls enable you to:

• correct your Account’s personal information (including profile photo, user name, country/region, language, connected third-party accounts & cloud storage) by navigating to the "Me" - "Account Settings" - "Profile" on the Product;
• correct your email by navigating to the "Me" - "Account Settings" - "Security" - "Account security services" on the Product.

You can also correct the aforementioned personal information by contacting us via the email stated in this Policy.

4. Right to delete your personal information: 

You can remove certain personal information that we have stored about you via the email stated in this Policy. However, please note that we may need to retain personal information if there are valid grounds under data protection laws for us to do so (e.g., for the defense of legal claims or freedom of expression) and we will respond to you and let you know if that is the case.

You can delete your account by navigating to the "Me" – "Account Settings" - "Security" -"Account security services" on the Product. We may delete all your personal information six months after your deleting your account.

5. Right to restrict processing: 

In limited circumstances, you have the right to request us to stop processing your personal information we hold about you other than for storage purposes in certain circumstances.

6. Right to data portability: 

You can request a copy of certain data in a machine-readable form that can be transferred to another provider, if such right is requested by the privacy laws in your jurisdiction. 

You can export a copy of your personal information (including profile photo, user name, email, country/region) by navigating to the "Me" – "Account Settings" – "Security" – "Account security services" on the Product.

7. Right of Refusal: 

In certain circumstances (including where data is processed on the basis of legitimate interests or for the purposes of marketing) you may object to that processing.

If you are located in the European Economic Area ("EEA"), you may also object to the processing of your personal information for certain purposes:

• To stop receiving marketing communications from us: you may demand that we stop any direct marketing to you, at any time. You will find a link or instructions to unsubscribe in any such communications from us.
• For other purposes: you may object to the processing of your personal information where such processing is based on a legitimate interest as described above. Please describe the reasons relating to your particular situation to justify your request. If applicable, we will stop the processing unless we have compelling legitimate grounds.

8. Right to Withdraw Consent: 

You may withdraw your consent for the processing of your personal information by submitting a request to us via email. We will deal with your request within a reasonable time frame from the time when the request was received, and thereafter not processing your personal information as per your request.

You may also withdraw your consent by navigating to the "Me" - "Account Settings" – "Privacy" on the Product.

Please note that your withdrawal of consent could result in certain legal consequences. Depending on the extent to which you authorize us to process your personal information, it may mean that you will no longer be able to enjoy the use of our services. However, any decision on your part to withdraw your consent or authorization will not affect personal information processing previously performed with your permission.

9. Right to Refuse Automated Decision: 

You may have rights not to be bound by automatic decisions, including user profiling, if such right is requested by the privacy laws in your jurisdiction. You may exercise your right to refuse automated decision by navigating to the "Me" – "Account Settings" - "Privacy" on the Product.

10. Right to lodge complaints to the supervisory authority: 

To help us verify that you are the subject of the personal information and exercise your rights outlined above, we may require you to provide sufficient proof of identification. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

If you are concerned about the way in which we are managing your personal information and think we may have breached any relevant laws and obligations, please contact us.

We will respond and reply to you as soon as possible. Generally, we will reply to you within one (1) month upon receipt of your request (If necessary, we may extend it by an additional two (2) months as permitted by law. We will inform you the reason for the extension within the aforementioned 30-day period, such as the request is too complicated or too much in volume). In certain circumstances, you can also contact the Administrator of your company/school to exercise your rights more easily.

If you feel we have not resolved your concern, you have the right to lodge a complaint with your local privacy or data protection regulator. 

VII. How We Process Children’s Personal Information

Our Services are mainly adult-oriented and we do not offer services directly to a child or use personal information of children for the purposes of marketing. A child should not create his/her own user account. We treat anyone under 16 years old (or equivalent minimum age in relevant jurisdiction) as a child. We do not knowingly collect any information about or market to children, minors or anyone under the age of 16. If you are less than 16 years old, we request that you do not submit information to us. If we become aware that a child, minor or anyone under the age of 16 has registered with us and provided us with personal information, we will take steps to terminate that person’s registration. 

VIII. How Your Personal Information is Transferred Globally

For the purposes described in the Privacy Policy, your information may be transferred to other countries or regions where our server may locate in accordance with applicable law. We may also transfer your personal information to third-party service providers and business partners and your data may therefore also be transmitted to other countries or regions. However, this does not change our commitment to comply with this Privacy Policy and to protect your personal information.

If we need to transfer personal information outside of your jurisdiction, whether to our affiliates or third-party service providers, we will comply with related applicable laws. We will take corresponding protective measures according to the requirements of applicable laws to ensure data security. 

If personal information collected and generated in the European Economic Area is transferred to countries outside the European Economic Area, we will ensure that proper protective measures are taken to comply with General Data Protection Regulation ("GDPR"). 

For more information on protection measures on personal information in scenario of cross border data transfer, please contact us. 

IX. How This Policy is Updated

We reserve the right to update or modify this Policy from time to time. For significant changes to our Privacy Policy, we will push the updated Privacy Policy to you through our device and obtain your consent again; nonetheless, we will post the notification on our website to notify you about the changes to this Policy.

X. Inconsistency

In case of any inconsistency between this Policy and other privacy policies on personal information management related to the Services, this Policy will prevail to the extent of the inconsistency. 

XI. Contact Us

If you have any concerns or doubt over our Privacy Policy, please contact us via: 

support@bytello.com

Mailing Address: 192 Kezhu Road, Science Park, Huangpu District, Guangzhou City, Guangdong Province P.R.China 

Special Terms for United States

If you are using the Services in United States, the following additional terms apply. If any conflict arises between the main Privacy Policy, the following terms shall prevail:

Minimum Age. In the United States, the minimum age for users is 13. We therefore do not knowingly collect any personal information from children under the age of 13 in the United States without parental consent, unless permitted by law.

Your Rights. We provide you with a number of rights described in the section "Your Rights" above in accordance with applicable law, including the right to request to access, correct, delete, and take your data with you. We will not unlawfully discriminate against you for exercising your rights. If we refuse to take action on your request, you may appeal this refusal within a reasonable period after you have received notice of the refusal. You may file an appeal by contacting us at support@bytello.com. For Users who are California residents, you have the following extra rights under the California Consumer Privacy Act, and you have the right to be free from unlawful discrimination for exercising your rights under the Act:

You have the right to request that we disclose certain information to you and explain how we have collected, used and shared your personal information over the past 12 months.

You have the right to request that we delete your personal information that we collected from you, subject to certain exceptions.

We did not sell personal information and therefore did not process requests for opt-out of sale.

California "Shine The Light" Law. For users located in California, we do not share your personal information with third parties for those third parties' direct marketing purposes.

In addition, under California law, operators of online services are required to disclose how they respond to "do not track" signals or other similar mechanisms that provide consumers the ability to exercise choice regarding the collection of personal information of a consumer over time and across third party online services, to the extent the operator engages in that collection. At this time, we do not track our Users' personal information over time and across third-party online services. This law also requires operators of online services to disclose whether third parties may collect personal information about their users' online activities over time and across different online services when the users use the operator’s service. We do not knowingly permit third parties to collect personal information about an individual User’s online activities over time and across different online services when using the Services.