Crick Software is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified, you can be assured that it will only be used in accordance with this privacy statement.
This policy ensures Crick Software:
- Complies with the data protection law.
- Follows good practice.
- Protects the rights of staff, customers, and suppliers.
- Is open about how it stores and processes data.
- Protects itself from the risks of a data breach.
Crick Software may change this policy by updating this page. You should check this page from time to time to ensure that you are happy with any changes.
What we do with the information we gather
We may collect the following information:
- On our website, we may ask for first name, last name, company name, email address, country, state, phone number
- We may also collect the following information from customers when they register for the Service; company and customer contact information including names, email address, geographic region, website address and postal address
Additionally, we may collect the following information:
- Name and job title
- Contact information including, email address, website address, and phone number
- Demographic information such as geographic region, zip code, preferences, and interests
- Other information relevant to customer surveys and/or offers
We require this information to understand your needs and provide you with a better service. We are processing this data when:
- Collecting your details through forms on our website.
- Updating or adding your details to our customer database.
- Using the information to improve our products and services.
- Sending promotional emails about new products, special offers, or other information which we think you may find interesting, using the email address that you have provided; we do not send these to student email addresses
- Using your information to contact you for market research purposes.
- Using the information to customize our websites according to your interests.
Automated processing of data
- We automatically collect certain information to track visitor activity on our websites. We use this information to improve the content of our sites as well as to provide visitors with a more relevant overall experience with our organization and our site. This information may include information that identifies you as an individual or relates to an identifiable individual, including; name, title, company name, job function, expertise, postal address, telephone number, or email address. We may also collect other information that does not reveal your specific identity or does not directly relate to an identifiable individual such as browser and device information, information collected through cookies, pixel tags, and other technologies, and demographic information. We never share this information or information you provide us with third parties except to the extent necessary to provide our service.
- If you fill out a web form on our site, your information will be stored in our CRM system and some of your past browsing on our site may be available to us to determine your interests. We may use this information to more effectively engage with you and improve our site. However, if you use private browsing as described below, you may provide us your information without making your past browsing activity available to us. If you do not wish for us to have your personal information, please do not fill out any of the web forms on this site.
- If you provide your email address, some information is collected about when/if the email was opened and what links were clicked. This information is used to assess the engagement and success of an email campaign.
- Clicking on a link in any of these emails may cause you to be personally identified on our site and may cause some part of your past browsing history on our site to be available to us so we may more effectively engage with you and improve our site. If you do not wish for this tracking to occur, you can unsubscribe from our mailings or use private browsing mode to avoid tracking.
- We never use visitor identification techniques that involve sharing information you provide us with other sites or vice versa. We never store any information in your computer’s Flash local shared objects area (i.e., we never use what is known as ‘flash cookies’).
Software and apps
We do not collect data in any of our products. Our applications are installed onto client computers and users’ work is saved locally, except in network installation where it is saved to a shared folder on your server. You will specify the shared
folder during the installation process.
The iPad apps are purchased via the Apple App Store and all information about who the app belongs to is linked to your Apple ID and is held by Apple. Our apps do not collect or share information.
For information regarding the data collected when using the Chromebook apps please click on the button below.
The Chromebook apps use your Google ID and Google domain to install. We collect your Google email address as your unique identifier. This address is used to determine the status of your current license.
Students and personally identifiable information
The only student information that we store is the student’s email address and basic profile info. This is required to confirm that they are a licensed user.
Applications that integrate with a Chrome or a Google account must declare their intent by requesting permissions. These permissions to your browser and account must be granted in order to integrate with Chrome and Google accounts. Below is a list of these permissions and why they are required. At no time will Crick Software request or have access to your Google account password.
- Send email on your behalf (allows the app to send an email when the option is selected by the user)
- Google Drive
- View and manage the file in your Google Drive (allows the user to manage their Google Drive files from within the app)
- Basic account info
- View your email address (used to identify the user for licensing the app)
- View your basic profile info (user’s name)
- Device Camera (allows the app to use the camera when the option is selected by the user)
You can revoke these permissions at any time on your Google Account Permissions page, however if you do this, the Crick Chromebook apps will cease to work.
Crick Software employees will only access content on our servers to manage licensing for the Chromebook apps. The customer information visible to Crick Software employees is:
- School/organization details
- Users’ email addresses and basic profile info
- Date when users started using the service
- Date when users last used the app
- Log of licensing requests (includes timestamp and a device identifier)
This information is used and displayed in http://apps.cricksoft.com to make it simpler for a school to manage their subscriptions and decide which users to add or remove.
We will delete your email address and basic profile info after 2 years of not using our service.
Disclosing your information
We do not scan any content. Our systems are not designed to associate personal information with your activities.
Personal information protection
Our sites have security measures in place to protect the loss, misuse and alteration of the information under our control. These measures include the use of secure servers to collect the information, encrypted databases, storage of the information in non-public areas of the servers, and other measures as deemed reasonable and necessary. In addition, once a subscription has expired for more than 24 months, the student personal information is deleted from our records.
Access to Student Personal Information
The only student information that we store is the student’s email address and basic profile info. This is required to confirm that they are a licensed user. If you would like to see what information we hold for you, a student or your child with a live subscription to our apps, email Chrome@cricksoft.com. We will first need to check that we have enough information to be sure of your identity. If we have any reason to doubt your identity, we will request official confirmation.
We will respond to you within 30 calendar days to provide you with the information. There will be no charge for complying with an access request for student personal information.
Once a subscription has expired for more than 24 months, the student personal information is deleted from our records.
We are committed to ensuring that your information is secure. In order to prevent unauthorized access or disclosure, we have put in place suitable physical, electronic, and managerial procedures to safeguard and secure the information we collect online.
Personal information protection
We take reasonable steps to secure your personally identifiable information against unauthorized access or disclosure. We encrypt the transmission of data on pages where you are required to provide payment information. However, it’s important to note that no security or encryption method can be guaranteed to protect information from hackers or human error. Information we collect may be stored or processed on computers located in any country where we do business.
Controlling your personal information
You may choose to restrict the collection or use of your personal information:
- If you receive information from us that is not of interest to you, you can easily unsubscribe by clicking on the link in the email. We will remove your details from our email list and will not send you information until or unless you ask us to do so.
- We will not sell, distribute, or lease your personal information to third parties unless we have your permission or are required by law. We will never sell, distribute or lease student information.
COPPA And FERPA Compliance
- Crick Software complies with the Children's Online Privacy Protection Act (COPPA). For our iPad and Windows/Mac products we do not hold any student data. For our Chromebook apps we only store the student’s email address and basic profile info. This is required to confirm that they are a licensed user and is removed as soon as their subscription ends. We do not hold any other student data or identifiers. The school or district will manage this information and will have oversight and control of login details.
- Family Educational Rights and Privacy Act (FERPA) policies specifically focus on the use of “personally identifiable information (PII).” As our products do not use any PII, we comply with FERPA policies.
A cookie is a small file which asks permission to be placed on your computer. Essential cookies are strictly necessary for the proper functioning of this website. Without these cookies, this website would not work properly. For example they are used when you sign in, to store your preferences, remember the contents of your shopping cart, and improve the performance and security of our website.
At any time, you can manage your cookie preferences to control whether you accept cookies that are used for performance and analytics, or advertising and targeting.
This cookie is placed by Facebook. It enables Crick Software to measure, optimize and build audiences for advertising campaigns served on Facebook. In particular it enables Crick Software to see how our users move between devices when accessing the Crick Software website and Facebook and to analyse which content a user has viewed and interacted with on our website. To learn more about the Facebook Pixel, please see: https://en-us.facebook.com/business/help/651294705016616
Dynamics 365 Marketing
This website uses Dynamics 365 Marketing to enable us to analyze the success of marketing campaigns, and target users based on data such as their page visits and interactions.
This website uses Live Chat, a web chat service provided by Social Intents. It enables website visitors to easily start a text-based chat directly with Crick Software staff, without needing to submit personal details or create an account. For Social Intents'
Links to other websites
Our websites may contain links to enable you to visit other websites of interest easily. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement.
If Crick Software were to contract with future companies, we have a commitment to only do so with those that are consistent with our principles and policies including successor entities.
Crick Software may change this policy for teachers and educators from time to time by updating this page. You should check this page periodically to ensure that you are happy with any changes.
For Student PII; if a change is made this will be flagged up in the new policy and terms and conditions, which they will have to consent to.
Data breach policy
As an organization that processes personal data, Crick Software must ensure appropriate measures are in place to protect against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data. The General
Data Protection Regulation specifies that all breaches (except those ‘unlikely to result in a risk to the rights and freedoms of natural persons') should be reported to the Information Commissioner.
In the event of a data breach or an information security incident, it is important that appropriate actions are taken to promptly report the breach to the Data Protection Team who will manage the incident and minimize associated risks.
This procedure is designed to set out the process that should be followed to ensure a consistent and effective approach is in place for managing a data breach and ensure that:
- Data breach events are detected, reported and monitored consistently
- Incidents are assessed and responded to appropriately
- Action is taken to reduce the impact of a breach
- Relevant breaches are reported to the Information Commissioner within the 72-hour window
- Improvements are made to prevent recurrence
- Lessons learned are communicated to the wider organization
All users of information assets across Crick Software have familiaried themselves with this procedure, and are therefore aware of privacy risks and the need to be vigilant in order to ensure breaches are identified, reported and managed in a timely manner.
Support is provided to ensure everyone has access to the appropriate skills and training to carry out their role effectively. Gross negligence and intentional violations (including not reporting incidents/mistakes) are taken seriously and will lead to
1. Identify a data breach
A data breach can happen for a number of reasons, for example:
- Loss or theft of data or equipment on which data is stored, or through which it can be accessed
- Loss or theft of paper files
- Hacking attack
- Inappropriate access controls allowing unauthorized access to data
- Sending personal data to an incorrect recipient
- Equipment failure
- Human error
- Deliberate or accidental action (or inaction) by a controller or processor
- Unforeseen circumstances such as a fire or flood
2. Reporting an incident
It is important that as soon as a data breach is identified or suspected it is immediately reported to the Data Protection Team. The General Data Protection Regulation requires that all relevant breaches are reported to the Information Commissioner ‘without
undue delay….., not later than 72 hours after having become aware of it.’
As much information as is immediately available should be collated and given to the Data Protection Team who will look at the information, update the Personal Data Breach Log and ascertain whether any immediate corrective or containment actions are required.
The GDPR legislation defines a breach as:
“A personal data breach may, if not addressed in an appropriate and
timely manner, result in physical, material or non-material damage to natural persons such as loss of control over their personal data or limitation of their rights, discrimination, identity theft or fraud, financial loss, unauthorized reversal of
pseudonymization, damage to reputation, loss of confidentiality of personal data protected by professional secrecy or any other significant economic or social disadvantage to the natural person concerned.” (Recital 85)
Depending on the type and severity of the incident the Data Protection Team will assess whether a full investigation into the breach is required. Where required the Data Protection Team will appoint an appropriate investigator who will complete a
full breach report.
The investigation will:
- Establish the nature of the incident, the type and volume of data involved and the identity of the data subjects
- Consider the extent of a breach and the sensitivity of the data involved
- Perform a risk assessment
- Identify actions Crick Software needs to take to contain the breach and recover information
- Assess the ongoing risk and actions required to prevent a recurrence of the incident.
Incident response policy
Despite explicit guidelines for securing confidential electronic data, breaches can still occur. At such times, it is important that Crick Software respond as quickly as possible. Computer thefts or loss should be reported immediately to line manager.
Steps that we will take in the event of a data security breach are as follows:
1. Determination of the nature and scope of a breach
- Identification of the person reporting the breach (name, contact info, etc.)
- Record of the location, timeframe, and apparent source of the breach
- Preliminary identification of confidential data that may be at risk
- Data protection team
- Law enforcement (depending on the nature/scope of theft)
- Identify ongoing vulnerability of data to exposure from breach source (take immediate steps to address)
- Conduct preliminary analysis
- Prepare inventory of data at risk
- Determine if exposed data were encrypted
- Identify security measures that were defeated (and by what means)
4. Assessment of breach
- Identify affected individuals at risk of identity theft or other harm
- Assess financial, legal, regulatory, operational, reputational and other potential institutional risks
- Implement password changes and other security measures to prevent further data exposure
- Determine if exposed/corrupted data can be restored from backups; take appropriate steps
- Determine if value of exposed data can be neutralized by changing account access, ID information, or other measures
Based on the assessments above, the Data Protection Team will decide whether the breach incident needs to be reported to the ICO or the data subjects. Either way, the breach will need to be added to the breach log to include the following points:
- Nature and scope of breach
- General circumstances of the breach (e.g., stolen laptop, hacked database, etc.)
- Approximate timeline (e.g., date of breach discovery)
- Steps that Crick Software has taken to investigate and assess the breach
- Any involvement of law enforcement or other third parties
- Appraisal of any misuse of the missing data
- Steps we are taking to prevent future breaches of this nature
7. Post-incident follow-up
Following a data security breach, Crick Software will:
- Take steps to ensure that missing data cannot be used to access further information from our servers
- Pursue with law enforcement all reasonable means to recover lost data and equipment
- Review and modify as needed; all procedures, governing systems, administration, software management, database protections, access to hardware, etc., to prevent future data breaches of a similar nature
- Take appropriate actions if staff negligence or other’s behavior contributed to the incident
- Modify procedures, software, equipment, etc. as needed to prevent future data breaches of a similar nature
- Take appropriate action if personnel negligence caused or contributed to the incident