1.2 Please note, we have no control over the systems, websites, mobile applications, or other resources of third parties (“External Systems”). External Systems and the companies which operate them are responsible for complying with the CCPA and GDPR independently, and we do not assume any duty to ensure that an External System linked from, or which links to, the Resources, complies with the CCPA or GDPR.
- “PERSONAL INFORMATION” DEFINED
2.1 “Personal Information” has varying definitions depending on the laws applicable to you. The Resources are controlled and provided from within the Unites States, however, Company complies with laws and regulations such as the CCPA and GDPR, which each mandate certain definitions of Personal Information.
2.2 In regard to more specific definitions, (i) under the CCPA (California Civil Code § 1798.140(o)(1)), Personal Information is considered to be information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household, and (ii) under the GDPR is considered to be User Data which can be used to directly or indirectly identify the applicable user.
2.3 As used herein, Personal Information, includes, without limitation, information such as (i) contact data, including, your first and last name, driver’s license number, biometric information, user name or alias, physical street address, city, state, zip code, phone number and email address, (ii) financial data (such as your PayPal account number, credit card number, credit card expiration date, and credit card verification code), (iii) demographic data (such as your zip code and gender), and (iv) other legal data (such as your social security number and other sensitive information) or any number of attributes, which taken together may identify you or enable you to be directly identified (such as physical, physiological, genetic, mental, economic, cultural or social characteristics).
2.4 Although an Internet Protocol (IP) address can only be used to determine the location of your device within a large radius (on the scale of miles or kilometers), Personal Information, for the purpose of the CCPA and GDPR also includes your IP address, and moreover, certain cookies in relation to your use of the Resources.
2.5 Notwithstanding the fact that we may treat certain User Data as User Data which is not Personal Information, and cannot be used in order to identify a user (“Non-Personally-Identifiable Data”), to the extent that the CCPA or GDPR applies to you, we will always treat information based upon such applicable law’s characterization of Personal Information. For example, the IP or cookies of a user within the United States and outside of California may be treated as Non-Personally-Identifiable Data, while the same attribute may be treated by the CCPA and GDPR as Personal Information.
2.6 Please note, under the CCPA, public information, aggregate consumer information, and de-identified consumer information are not deemed to be Personal Information. Public information is any information accessible by public records, including as may be obtained by specific request (such as a Freedom of Information Act request). Aggregate consumer information is information which is not specific to your identity, but which may indicate your behaviors and preferences based on statistical comparisons and analytics.
- INFORMATION COLLECTION AND TRACKING
3.1 You can use certain aspects of the Resources without giving away any Personal Information except for your IP address and certain other data provided by your ISP or device. We may use analytics tools, such as Google Analytics, and various cookies in order to improve and analyze the use of our Resources. The information collected by these analytics tools is mostly anonymous traffic data including browser information, device information, language. We do not collect additional information, such as your age, gender, interests, clickstream, or anything associated with a so-called user “Internet passport.”
3.2 The following chart summarizes the type and character of User Data we collect, and gives certain examples of User Data which we do not collect.
Type of User Data Some Examples of This Type of User Data Do We Collect This Type
Identifiers A real name, Internet Protocol address, email address, or other similar identifiers. We collect certain User Data provided by your ISP when you use the Resources. We further collect this type of User Data pursuant to Section 3.3 below.
Personal Information enumerated in the CCPA Customer Records statute See Section 2.3 for examples.. We may collect this type of User Data pursuant to Section 3.3 below.
Protected classification characteristics under California or federal law. Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). We will only collect this type of User Data to the extent you specifically provide it to us.
Commercial information and purchase history data Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. We may collect this type of User Data pursuant to Section 3.3 below, but only in connection with your use of the Resources.
Biometric data Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. We do not presently collect any biometric data.
Internet or other similar network activity data Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. We may collect this type of User Data pursuant to Section 3.3 below.
Geolocation data. Physical location or movements. We may collect this type of User Data pursuant to Section 3.3 below.
Device sensory data Audio, electronic, visual, thermal, olfactory, or similar information. We may collect this type of User Data pursuant to Section 3.3 below.
Professional or employment-history and other information Current or past job history or performance evaluations. We will only collect this type of User Data to the extent you specifically provide it to us.
Collated User Data and inferred or interpolated User Data User preference and habit profile data We may collect this type of User Data pursuant to Section 3.3 below.
3.3 We may collect User Data from the sources set forth below. This is not an exhaustive list, however we endeavor to make it clear when we collect Personal Information.
3.3.1 Registration information which you provide when registering for our services or products, offered through the Resources or a third party’s services or products. For example, you will be required to submit Personal Information such as your name, address, email, and date of birth to verify your identity prior to establishing your account.
3.3.2 Billing information, such as a PayPal account number or credit card number, which is required to process the payment for the products or services you order from us.
3.3.3 Other information we collect, such as the city of your birth and your mother’s maiden name, which is used to verify your identity in the event you forget your login information required for our online products or services.
3.3.4 Information you provide to us in response to our communications. For example, we may request that you provide your e-mail address so that we may send you notifications, alerts, special offers and newsletters.
3.3.5 Information that you provide to us through customer service communications and correspondence and general feedback.
3.3.6 Geolocation Information. The location of your device. For more information and to learn how to disable collection of location information, please see below.
3.3.7 Information about your device, including your hardware model, operating system and version, device name, unique device identifier, mobile network information, and information about the device’s interaction with the Resources.
3.3.8 Information about how you use the Resources, including your access time, “log-in” and “log-out” information, browser type and language, country and language setting on your device, Internet Protocol (“IP”) address, the domain name of your Internet service provider, other attributes about your browser, mobile device and operating system, any specific page you visit on our platform, content you view, features you use, the date and time of your visit to or use of the Resources, your search terms, the Resources you visited before you visited or used the Resources, data about how you interact with the Resources, and other clickstream data.
3.3.9 Information from sources other than the Resources, as may be legally permissible.
3.3.10 As authorized by you, in connection with your order of certain products or services through the Resources which require such User Data.
3.3.11 Information sourced from social or other new media plug-ins used for easy sharing and following our social media pages. Using our Resources does not automatically result in sharing data on these social media networks. These plugins remain inactive (idle) until clicked upon. Once clicked upon, you will be taken to the said social media networks with their own specific privacy policies you are recommended to consult.
3.4.1 Remember that you have visited us or used the Resources before. This allows us to identify the number of unique visitors we receive, so that we can provide enough capacity to accommodate all of our users.
3.4.2 Customize elements of the layout and/or content of the Resources, including, without limitation, advertisements and promotions.
3.4.3 Collect data about the way you interact with the Resources (e.g., when you use certain features).
3.4.4 Collect data to assess and improve our advertising campaigns, including sending information to our business partners.
3.4.5 Allow our business partners (including third parties) to use these tracking technologies to track your behavior on the Resources (including when you use multiple devices) and on partner External Systems.
3.4.6 Enable third parties to collect data about the way you interact across sites outside of the Resources.
3.4.7 Collect anonymous statistical information about how you use the Resources (including the length of your web or application session) and the general location from which you access the Resources, so that we can improve the Resources and learn which elements and functions of the Resources are most popular with our users.
3.6 Web Beacons. Aspects and pages within the Resources also may contain “web beacons” (also known as Internet tags, pixel tags and clear GIFs). A web beacon is an electronic image, often a single pixel (1×1), that is ordinarily not visible to Resources visitors and may be associated with cookies on the visitors’ hard drives. Web beacons do not contain any Personal Information, and allow us to count users who have visited certain pages of the Resources, to deliver branded services, and to help determine the effectiveness of promotional or advertising campaigns. Web beacons allow third parties to obtain information such as the IP address of the computer that downloaded the page on which the beacon appears, the URL of the page on which the beacon appears, the time the page containing the beacon was viewed, the type of browser used to view the page, and the information in cookies set by the third party. We use log files to store the data that is collected through web beacons.
3.7 Location Information. In order to provide certain services, we may require access to location information, including precise geolocation information collected from your browser or device. If you do not consent to collection of this information, certain services will not function properly and you will not be able to use those services. You may stop our collection of location information at any time by changing the preferences in your browser or on your mobile device.
- STORAGE AND PROCESSING. We may, and we may use third-party service providers to, process and store your information. The third-party service providers that we engage will at all times be bound by confidentiality obligations and other appropriate restrictions with respect to their use and collection of your information.
- USE OF INFORMATION
5.1 We may use information about you for a number of purposes, including:
5.1.1 Making available for use, improving, and developing the Resources
5.1.2 Determining whether the Resources, our products, and/or our services, as applicable, are available in your region or country.
5.1.3 Processing or recording transactions.
5.1.4 Otherwise providing you with our services, products, and features you elect to use, and as applicable, purchase.
5.1.5 Displaying your historical transaction information or Resource use.
5.1.6 Providing, maintaining and improving the Resources.
5.1.7 Developing new products and services.
5.1.8 Communicating with you regarding the Resources, including, delivering the information and support you request, including technical notices, security alerts, and support and administrative messages including to resolve disputes, collect fees, and provide assistance for problems with the Resources or your user account.
5.1.9 Measuring, tracking, and analyzing trends and usage in connection with your use or the performance of the Resources.
5.1.10 Sending you information we think you may find useful or which you have requested from us about our products and services.
5.1.11 Conducting surveys and collecting feedback about the Resources.
5.1.12 Investigating, detecting, preventing, or reporting fraud, misrepresentations, security breaches or incidents, other potentially prohibited or illegal activities, or to otherwise help protect your account, including to dispute chargebacks on your behalf.
5.1.14 Verifying your identity (e.g., through government-issued identification numbers).
5.1.15 Complying with any applicable laws or regulations, or in response to lawful requests for information from the government or through legal process;
5.1.16 Fulfilling any other purpose disclosed to you in.
5.2.1 We sometimes disclose the User Data we collect to our affiliated companies for marketing purposes and to enhance our products or services to better suit your needs. When identifying methods of improving our products or services, or if we think a product or service may be of interest to you, we may extend select special offers of goods or services to you. If you would like to opt-out of receiving these offers, please refer to Offering You Choices section below.
5.2.2 We sometimes disclose the User Data we collect to companies that operate various services for us, such as marketing, distribution, PayPal, credit card processing, order fulfillment, administrative services, advertising, or certain product functionalities, or who otherwise provide goods or services which may be of interest to you. If you provide information to us, you are expressly consenting to receiving telephone calls, emails or text messages, or direct mail, from us, or on our behalf, regarding the products and services offered on the Resources.
5.2.5 We may share your User Data as permitted by law.
5.2.6 Personal Information will not be sold, leased or otherwise made available to any person or entity not authorized by or associated with us, however, please be advised that certain Personal Information becomes a matter of public record upon the filing of certain documents with the appropriate government agency or court.
5.2.7 We may disclose your Personal Information in special cases when we have reason to believe that disclosing this information is necessary: (a) to identify, contact or bring legal action against someone who may be causing injury to or interfering (either intentionally or unintentionally) with: (i) our legal rights or property, (ii) another visitor or anyone else that could be harmed by such activities; or (b) by operation of law or at the request for cooperation from law enforcement or another governmental agency.
5.2.8 In the event we go through a business transition, such as a merger, acquisition by another company, reorganization, a divestiture, a sale of all or a portion of our assets, or in the unlikely event of bankruptcy, your Personal Information and any information you provide to us will likely be among the assets transferred, and you hereby consent to such transfer.
- YOUR RIGHTS AND CHOICES
6.1 We give you many choices regarding our use and disclosure of your Personal Information for marketing purposes. You may opt-out from:
• Receiving marketing-related emails from us and our affiliates: If you do not want to receive marketing-related emails from us and our affiliates on a going-forward basis, you may opt-out from receiving such emails either by using the unsubscribe mechanism provided in the email or by emailing us at info@MadAboutWeddings.com.
• Receiving marketing-related SMS text messages from us and our affiliates: If you do not want to receive marketing-related SMS text messages from us and our affiliates on a going-forward basis, you may opt-out from receiving such messages by texting back “STOP” or by emailing us at info@MadAboutWeddings.com.
• Our sharing of your Personal Information with unaffiliated third parties for their marketing purposes: If you prefer that we not share your Personal Information on a going-forward basis with unaffiliated third parties for their marketing purposes, you may opt-out from such sharing by emailing us at info@MadAboutWeddings.com.
In each case, please make clear in your email what you are opting-out from. We will try to comply with your request(s) as soon as reasonably practicable.
Please note that, if you opt-out as described above, we will not be able to remove your Personal Information from the databases of third parties with which we have already shared your Personal Information as of the date that we implement your opt-out request. Please note that you may still receive information from third parties to whom we have disclosed your information prior to the time you opted-out. You should contact each party in the event that you no longer want to receive information from such party. Please also note that, if you do opt-out from receiving marketing-related messages from us, we may still send administrative messages to you; you cannot opt-out from receiving administrative messages.
6.2 If you would like to review, correct, update, suppress, delete or otherwise limit our use of your Personal Information that you have previously provided to us or content you have previously posted on the Resources, you may contact us by emailing us at info@MadAboutWeddings.com. In your request, please make clear what Personal Information or posted content you would like to have changed or removed and what limitations (if any) you would like to place on our use of your Personal Information. We will try to comply with your request as soon as reasonably practicable. Please note that such request does not ensure the complete or comprehensive removal of Personal Information or content posted on the Resources. For example, we may need to retain certain information or content for recordkeeping purposes, and there may also be residual information or content that will remain within our databases and other records that will not be removed. We are also not responsible for changing, removing or suppressing information or content from the databases of third parties with which we have already shared your Personal Information or content.
6.3 The CCPA provides California residents with specific rights regarding their Personal Information. This Section 6.3 applies only to California residents or other persons who are afforded the rights and protections of the CCPA.
Access to Specific Information and Data Portability Rights You have the right to request that we disclose certain information to you about our collection and use of your Personal Information over the past 12 months. Once we receive and confirm your verified request in compliance with the CCPA, we will provide a report to you which sets forth the following with respect to you: (i) categories of Personal Information collected (ii) sources for such collection, (iii) our business or other commercial purpose for selling any such Personal Information, (iv) categories other third parties with which we have shared your Personal Information, (v) the specific scope of any information shared to those third parties, and (vi) if we have sold or transferred your Personal Information, separate lists which set forth (1) each sale, with the categories transferred to each purchaser, and (2) each business-related transaction, with the categories used in connection therewith.
Deletion Request Rights You have the right to request that we delete any of your Personal Information in our possession and collected from the Resources, subject to certain limitations or exceptions. Once we receive and confirm your verified request in compliance with the CCPA, we will delete your Personal Information from our records, unless a limitation or exception applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to: (i) complete a transaction for which we collected such Personal Information, provide a good or service that you requested and do not wish to terminate or rescind, or otherwise carry out any obligations which are or may become necessary to consummate any obligations to you or requests by you, (ii) detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities, (iii) maintain, repair, or improve the Resources, including the correction of errors that impair existing intended functionality, (iv) exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law, (v) comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.), (vi) engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent, (vii) facilitate any lawful internal use or review in connection with our internal processes, or (viii) comply with any law, regulation, order of governmental authority, or other legal process.
Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a verified request in compliance with the CCPA. You may make such a request on your own behalf, on your minor child’s behalf, or on behalf of any entity for which you are a duly appointed representative listed on the California Secretary of State’s website. You may only make such a request for access or data portability twice within a 12-month period with respect to any specific user. Please provide us sufficient information to verify user with respect to whom the request relates, and that you have authority on behalf of such user. Always describe your request with sufficient detail to enable our understanding, response, and implementation.
Response Timing and Format We make commercially reasonable efforts to respond to a verified request in compliance with the CCPA within forty-five (45) days of receipt of each request. We will inform you as soon as practicable if we believe we require more to evaluate or undertake your requested actions. We will deliver our written response by mail or electronically, at your option, at the contact information you provide with your request. Any disclosures we provide will only cover the 12-month period preceding our receipt of the verified request in compliance with the CCPA. If we are unable to comply in part or in full, we will provide our reason with the reply to a request. With respect to any data portability request, we will select data formats in our reasonable discretion. We reserve the right to charge a reasonable fee to you for our cost and administrative expense in connection with any request under the CCPA, if your exercise of right is excessive, repetitive, patently unreasonable or without basis, or is otherwise intended to harass, pester, or hinder us or our Resources. We will notify you of any fees with our response to a request under the CCPA.
Personal Information Sales Opt-Out and Opt-In Rights If you are 16 years of age or older, you have the right to direct us to not sell your Personal Information at any time (the “right to opt-out”). We do not sell the Personal Information of consumers whom we actually know are younger than 16 years of age, unless we receive affirmative authorization (the “right to opt-in”) from either the consumer or parent or guardian of a consumer who is between 13 and 16 years of age, or the parent or guardian of a consumer less than 13 years of age. Consumers who opt-in to Personal Information sales may opt-out of future sales at any time. To exercise the right to opt-out, you (or your authorized representative) may submit a request to us by email at the address below. Once you make an opt-out request, we will wait at least twelve (12) months before asking you to reauthorize Personal Information sales. However, you may change your mind and opt back in to Personal Information sales at any time by visiting our website and sending us a message. We will only use Personal Information provided in an opt-out request to review and comply with the request.
In making the Resources available, we will not discriminate against you for exercising any of your rights under the CCPA. Subject to exclusions under the CCPA, we will not as a result of your exercise of rights under the CCPA (i) deny you goods or services generally available through the Resources, (ii) charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties, (iii) provide you a lesser level or quality of goods or services, or (iv) imply or suggest that you may receive a different price or rate for goods or services, or a different level or quality of goods or services. Notwithstanding the foregoing, we may offer you certain financial incentives permitted by the CCPA which proximally or actually result in different prices, rates, or quality levels. Any such financial incentive will reasonably relate to the value of the Personal Information to which it relates, provide a disclosure of material terms, and provide an opt-in, which may be revoked at any time.
8.1 We know it is very important to protect the information you share with us. We take appropriate security measures to help safeguard this information from unauthorized access and disclosure. For example, we restrict access to nonpublic Personal Information about you to our employees who need to have access to such information in order to provide products or services to you, as well as to authorized third parties (as stated above). We maintain physical, electronic, and procedural safeguards designed to protect your Personal Information. We protect your Personal Information over the internet by using a secure web server, which allows web applications and programs to interact with our web server via an encrypted session. If you access the Resources via a traditional web browser, you will know you are in secured area by “https” or a lock appearing in the lower right hand corner of your browser window. When you use the Resources, you may move in and out of secured areas.
8.2 You should feel confident using our Resources. However, no system can be completely secure. Although we take very significant steps to secure your information, there is always a chance that your information will not always remain secure, or our computers or systems are illegally accessed, and the data on them stolen or altered. You should always take great care in handling and disclosing your Personal Information. For example, avoid sending Personal Information through insecure email.
8.3 Please refer to the Federal Trade Commission’s Resources at http://www.ftc.gov/bcp/menus/consumer/data.shtm for information about how to protect yourself against identity theft. We assume no liability or responsibility to you or to any third party arising out of any loss, misuse, destruction, or alteration of your information.
- ACCESS TO INFORMATION, CORRECTION, DELETION, ACCOUNT DEACTIVATION, AND RELATED MATTERS
9.1 You have the right to request access to the information we have on you. You can do this by contacting us at info@MadAboutWeddings.com. We will make sure to provide you with a copy of the data we process about you. In order to comply with your request, we may ask you to verify your identity. We will fulfil your request by sending your copy electronically, unless the request expressly specifies a different method. For any subsequent access request, we may charge you with an administrative fee.
9.2 If you believe that the information we have about you is incorrect, you are welcome to contact us so we can update it and keep your data accurate. Any data governed by the GDPR that is no longer needed for the purposes specified herein will be deleted. If you are a user with rights under the GDPR, if at any point you wish for Company to delete information about you, you may simply contact us and instruct that we delete certain Personal Information, provided, that, such deletion may affect your use of the Resources.
9.3 If you wish to deactivate or cancel your account, you can do so by making a request to us by email or phone, using the contact details provided below.
- PERSONS UNDER THE AGE OF 13 AND ABILITY TO CONSENT
10.1 In order to use the Resources and/or its products and/or services, you must be at least 13 years of age. The Resources is not directed to or intended for use by persons under the age of 13 and we are not knowingly soliciting Personal Information from such persons or sending them requests for non-public Personal Information. If we become aware that we have inadvertently received Personal Information directly from someone under the age of 13, we will delete such information from our records. If you are under the age of 13, you must not use our products or services, including sending us any Personal Information.
- HOW LONG WE RETAIN YOUR INFORMATION
- US STATE PRIVACY RIGHTS OTHER THAN UNDER THE CCPA
12.1 The laws of certain states within the United States law permit residents of such states to request certain details about our disclosure of their Personal Information to third parties for direct marketing purposes during the immediately preceding calendar year. If you are a resident of any such state and would like to request this information, please contact us at the address listed below. California’s “Shine the Light” statute (Civil Code Section § 1798.83) permits users of our Resources who are California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please contact us at the address listed below.
- NOTIFICATION OF CHANGES
- VISITOR’S ACCEPTANCE OF THESE TERMS
- CONTACT US
16.1 If you wish to exercise any right afforded to you herein or under applicable law, or if you have any additional questions about our collection and storage of data, please contact us at info@MadAboutWeddings.com
16.2 If you have any questions or concerns regarding our notice, or if you believe our notice or applicable laws relating to the protection of your Personal Information have not been respected, you may file a complaint with our office listed above, and we will respond to let you know who will be handling your matter and when you can expect a further response. We may request additional details from you regarding your concerns and may need to engage or consult with other parties in order to investigate and address your issue. We may keep records of your request and any resolution.
- SPECIAL CONSIDERATIONS UNDER THE GDPR
17.1 The below table sets forth how we may process data received by a user entitled to the protections of the GDPR.
Contractual necessity • Data processed must be necessary for the Resources (or the purchase of products or services, as applicable) and defined in an agreement between a user and the Company
• Users have a right to withdraw consent, which must be brought to their attention
• Must be from a user over the age of consent in the applicable jurisdiction, otherwise given by or authorized by a parent / guardian
• Explicit consent is required for some processing (e.g., special categories of Personal Information)
Legitimate interests • If a business or a third party has legitimate interests which are not overridden by a user’s rights or interests.
• Processing must be paused if an individual objects to it
17.2 “Data controller” and “data processor” are important concepts in understanding a company’s responsibilities under the GDPR. Depending on the scenario, a company may be a data controller, data processor or both, and will have specific responsibilities as a result: A company is a data controller when it has the responsibility of deciding why and how (the “purposes” and “means”) the Personal Information is processed.
17.5 Any transfer of Personal Information outside of the EEA (European Economic Area) must meet certain legal requirements. To the extent we are in receipt of Personal Information being transferred from inside the EEA to any region outside the EEA, we will at all times comply with applicable restrictions.
17.6 To the extent that we operate as a data controller and/or processor, our workplace will at all times be cognizant of applicable restrictions, and comply therewith.
18.1 The Family Educational Rights and Privacy Act (“FERPA”) as set forth in 20 U.S.C. § 1232g; 34 CFR Part 99) is a Federal law that protects the privacy of student education records. The law applies to all educational agencies and institutions that receive funds under any program administered by the Department of Education (“DOE”).
18.2 To the extent that we are subject to FERPA, this Section sets forth our treatment of certain information which is subject to the regulations of FERPA.
18.3 In using the Resources, you may provide us with student data or interact with student data that has already been provided o us.
18.4 We may, from time to time, act as a “School Official” (as defined under FERPA), in the event that we:
18.4.1 Perform an institutional service or function for which an institution subject to FERPA would otherwise use its own employees;
18.4.2 Meet the criteria of a School Official in any FERPA-related notice from such institution; and
18.4.3 Act under the direction and control of such institution with regard to the use and maintenance of education records.
18.5 If we are classified as a School Official, we will use your education records only for authorized purposes, subject to obligations of disclosure absent authorized under FERPA and from the applicable institution or yourself.
18.6 We will always act in compliance with FERPA’s limitations on disclosure of your education records. See Section 8 above regarding how we secure your records in our possession.
18.7 To the extent you provide us with records which may be subject to, or protected by, FERPA, you will control what data is provided to us. Student data provided to us via the Resources should be limited to the information necessary for you to properly utilize the Resources. We will not ask you to provide, and you should not to enter, data about yourself or other persons protected under FERPA which is not reasonably necessary to avail yourself of the Resources (and otherwise in furtherance of an educational purpose)..