Data privacy is important to DSE, which includes Down Syndrome Education International, Down Syndrome Education USA and Down Syndrome Education Enterprises CIC ("DSE").
Information we collect
We collect information that you provide to us when you access DSE Services. We also collect some information automatically when you use DSE Services. We describe the information collected through these means below.
We do not collect information about you from third-party organizations except in limited circumstances where your permission has been given (see below).
Information you provide to us
We collect information you provide directly to us including when you visit one of our websites, register for and/or use one of the DSE Services. This includes:
- Contact Information - When you contact us, we collect any contact information you may provide, including your name, email address, telephone number, and any information you may provide to us regarding your query.
- Advice Information - In addition to Contact Information, if you contact us for advice, we may collect information about your child (or the child or children you are working with). This might, for example, include your child's age, stage of development and your questions or specific concerns.
- Subscription Information - When you register to receive updates from us, we collect your email address, name, country of residence and your stated interests relating to Down syndrome.
- Order Information - When you make a purchase or attempt to make a purchase through our websites, we collect certain information from you, including your name, billing address, shipping address, payment information (including credit card numbers), email address, and phone number.
- Donation Information - When you make a donation, we collect certain information from you, including your name, billing address, payment information (including credit card numbers), email address, and phone number. If you are a UK taxpayer, we may request a Gift Aid declaration and collect information about that declaration (how and when it was provided, was it for a single or all donations from a certain date).
- Research Information - When you participate in a research study, we may collect certain information from you about your family and your child. We may also collect information through research assessments and observations. The specific information collected and the purposes for which it is collected will vary between each project. The specific details applicable to each project are provided to research participants and participants are asked to provide informed consent prior to enrolling in a study.
Information we collect automatically when you use DSE services
When you access or use DSE Services, we may automatically collect information about you, including:
- Website Requests - We log information about requests received by our websites, including your Internet Protocol ("IP") address, access times, browser type and language, device type, operating system and version, Internet Service Provider ("ISP"), location (as suggested by your IP address and ISP), the pages that you visit, the content you use and the URL of the web page you visited before navigating to the DSE Services. We also log information about whether your request originated from one of our communications, advertisements or social media posts. If you use our search web site, we log the terms or phrases you have searched for. The information we collect about Website Requests is anonymous - it is not directly linked to any personal information - except where you are using a DSE Service that requests or updates your information - for example, if your updating your email subscription. In other words, we track if you have used an online form where you provide personal information, but when you visit other pages on our web sites we track the requests anonymously and do not link them to you personally.
- Online Training Usage - In addition the information about Website Requests that we routinely collect, when you choose to access our online training services, we will collect information about your use of online training courses, including access to training modules, resource downloads and responses to assessments. This information is related to your personal training account.
- Email Monitoring - If you have subscribed to our mailing list, or if we send you an automated email in the course of providing a service you have requested, we may monitor whether you have opened the email or clicked on any links contained in the email. We track email opens using web beacons (also known as "tracking pixels"). Web beacons are electronic images (also called "gifs") that may be used in emails that help us to count visits, understand usage and communications effectiveness and determine whether an email has been opened and acted upon.
- App Usage - If you access DSE Services from a mobile device using a DSE app, we collect information about the device, including the hardware model, operating system and version, unique device identifiers, mobile network information (as allowed by the mobile network) or platform information (as allowed by the specific platform type). We do not ask for, access or track any location-based information from your mobile device at any time while downloading or using our mobile apps. The information we collect about App Usage is anonymous - it is not directly linked to any personal information.
- Website Error Reports - If you access DSE websites and an error occurs, we collect information about the error, including where the error occurred (page being visited/action being taken) and including your Internet Protocol ("IP") address, access times, browser type and language, device type, operating system and version, Internet Service Provider ("ISP"), location (as suggested by your IP address and ISP). The information we collect about Website Error Reports is anonymous - it is not directly linked to any personal information. However, it is possible that personal information could be included crash reports inadvertently. For example, if an error occurred while you were entering or editing personal information.
- App Error Reports - If you access DSE Services from a mobile device using a DSE app, we collect information about crashes or other errors, including information about the error (for example, where in the app it occurred, what the app was doing at the time), the hardware model, operating system and version, unique device identifiers, mobile network information (as allowed by the mobile network) or platform information (as allowed by the specific platform type). The information we collect about App Error Reports is anonymous - it is not directly linked to any personal information. However, it is possible that personal information could be included crash reports inadvertently. For example, if an app crashed while you were entering or editing personal information.
You may opt out of receiving newsletter/updates emails from DSE by following the opt-out instructions provided in those emails. You may also opt-out of receiving newsletter/updates emails and other promotional communications from us at any time by emailing firstname.lastname@example.org with your specific request. If you opt out, we may still send you other communications, such as notices related to your access to or use of DSE Services - for example, order confirmations and replies to requests for advice.
Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove or reject browser cookies or to prompt you before accepting such a cookie. Please note that, if you choose to remove or reject browser cookies, this could affect the availability or functionality of DSE Services that depend on them.
Browser "do not track" options
Some browsers offer a "do not track" ("DNT") option. Because no common industry or legal standard for DNT has been adopted by industry groups, technology companies or regulators, we do not respond to DNT signals. We will make efforts to continue to monitor developments around DNT browser technology and the implementation of a standard.
Information we collect from other sources
- Teachers, therapists and other professionals - We may collect information about your child's progress from your child's school or therapist, given your instruction and explicit consent, in order to provide advice to you.
- Social media sites - we may have access to certain information from a third-party social media service if you create or log into your online account through the service or otherwise provide us with access to information from the service - for example, if you contact us via a social media site or app or service. Any access that we may have to such information from a third-party social media service is in accordance with the privacy notice and authorization procedures determined by the social media service.
How do we use your information?
We may use the information collected through DSE Services for the limited purpose of providing those services. The information may be used for a variety of purposes, including:
- Advice Services - We use Contact Information and Advice Information to provide advice in response to your requests.
- Training Services - We use Contact Information and Online Training Usage data to provide online training services to registered participants.
- Order Processing - We use the Order Information that we collect to fulfill any orders placed through our websites (including processing your payment information, arranging for shipping, and providing you with invoices and/or order confirmations). Additionally, we use Order Information to communicate with you, screen our orders for potential risk or fraud, and, when in line with the preferences you have shared with us, provide you with information relating to our services and our work.
- Research - We use Research Information to conduct scientific studies that better inform our understanding of development and education for children with Down syndrome.
- Communications - We use the Subscription Information you provide to communicate with you about our services and our activities, to provide updates about research and to solicit donations and fundraising support.
- Quality Improvements - We use Website Error Reports and App Error Reports to improve our web sites and apps. Error reports enable us to fix bugs and improve performance.
- Website Analytics - We use the information we collect about Website Requests and Cookie Data and App Usage to monitor the usage and performance of our web sites and services and apps. For example, we track the total number of visitors to our web sites over time and the numbers of pages our web site visitors visit. We also track how long web site pages take to load and monitor how load speeds vary between browser, devices and network locations. We track how our clients use our apps - how often, for how long and what features they use. This helps us to plan for, deliver and improve our services and products.
- Fraud Detection - We use the Website Requests data that we collect to help us screen for potential risk and fraud (in particular, your IP address).
We share information with selected third parties to help us deliver some of our services.
- Google Analytics - We use Google Analytics to collect and aggregate data about visits to our web sites. For further information, please refer to an article summarizing Google Analytics' data practices.
- Microsoft Azure Application Insights - We also use Microsoft Azure Application Insights to collect and aggregate data about visits to our web sites and errors that may occur when visitors use our web sites. For further detail, please refer to Microsoft's information about data collection, retention and storage in Application Insights.
- Freshdesk - We use Freshdesk to manage emails and requests for information and advice that we receive. To do this, information that you provide to us is stored and processed using their systems. For further information about how Freshdesk protects privacy, please refer to the Freshworks privacy notice.
- Shipwire - We use Shipwire to ship our physical products from warehouses in the UK and in the USA. To do this, shipping information that you provide to us is stored and processed using their systems. For further information about how Shipwire protects privacy, please refer to the Ingram Micro Privacy Statement.
Security and data storage
We have implemented appropriate technical and organisational controls to protect your personal data against unauthorised processing and against accidental loss, damage or destruction. For example:
- We require all browsers to communicate with our web sites over a secure connection using Transport Layer Security (TLS) encryption. This protects the confidentiality of data you might submit to our web sites and data we provide to you as it is transmitted across the Internet.
- Most of our systems and services are securely hosted in Microsoft Azure. Azure provides highly secure hosting and data storage services and meets a broad set of international and industry-specific compliance standards, including the General Data Protection Regulation (GDPR), as well as many country-specific standards.
- We use Microsoft Office 365 services to send and receive emails, and store documents. Office 365 is a security-hardened service, managed and maintained by Microsoft.
You are responsible for choosing a secure password when we ask you to set up a password to access parts of our sites or apps. You should keep this password confidential and you should choose a password that you do not use on any other site. You should not share your password with anyone else, including anyone who works for us.
Unfortunately, sending information via the internet is not completely secure. Although we will do our best to protect your personal data in transit and once with us, we cannot guarantee the security of any personal data sent to our site while still in transit and so you provide it at your own risk. Please also note that emails are not routinely encrypted when in transit from your mail provider to ours via the Internet.
We store data securely on systems located in the UK, Netherlands, USA and Canada.
Legal grounds for using your personal data (EU)
We will only use your personal data where we have a legal ground to do so. We determine the legal grounds based on the purposes for which we have collected and used your personal data. In every case, the legal ground will be one of the following:
- Consent - For example, where you have provided your consent to receive newsletter/updates emails from us. You can withdraw your consent at any time by clicking on the "unsubscribe" link at the bottom of the email
- Our legitimate interests - Where it is necessary for us to understand our clients, conduct research, promote our services and operate our websites and apps efficiently. For example, we will rely on our legitimate interest when we analyse what content has been viewed on our sites and apps, so that we can understand how they are used.
- Performance of a contract with you (or in order to take steps prior to entering into a contract with you). For example, where you have purchased a service from us and we need to use your contact details and payment information in order to process your order and deliver your service.
- Compliance with law - In some cases, we may have a legal obligation to use or keep your personal data.
If you are a European resident, you have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, or deleted. If you would like to exercise this right, please contact us through the contact information below.
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail or by mail using the details provided below:
6 Underley Business Centre
18023 Sky Park Circle, Suite F
Irvine, CA 92614
6 Underley Business Centre
This policy was last updated on 1 June 2018 (version 20180601A).