Privacy Policy

StudySesh Inc.

Effective: June 3, 2020

This privacy policy explains how StudySesh, Inc. (“StudySesh”) uses, shares and protects personal information that we collect, including any of our respective sub-domains (“Site(s)”). By visiting one of our Sites or purchasing, enrolling in or using our products, services and mobile software application (the "Service"), you agree to this Privacy Policy, as it may be amended from time to time. This Privacy Policy is incorporated into the Terms and Conditions ("TOS") and the definitions of the TOS apply herein.

Notice for European Union Residents

This Service is primarily intended for residents of Canada. If you are a resident of the European Union ("EU") and you purchase a Service or are otherwise subject to our TOS, you have additional privacy rights discussed in the Privacy Policy Addendum for Residents of the European Union, described here.

Notice to Residents of the State of California

If you are a resident of the State of California, in the United States of America, and you purchase a Service or otherwise subject to our TOS, you have additional privacy rights described here.

Definitions

Data Controller means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal information are, or are to be, processed. For the purpose of this Privacy Policy, we are a Data Controller of your Personal Data.

Data Processor (or Service Provider) means any natural or legal person who processes the data on behalf of the Data Controller. We may use the services of various Service Providers in order to process your data more effectively.

Personal Data is any information about an individual from which that individual can be identified. Your name, address, phone number and bank account number are examples of personal data. It does not include data where the identity has been removed (anonymous data). We collect Personal Data from you in various ways, including when you visit the Site(s), create an account with us, purchase, enroll in and use our Services, use our Apps, answer surveys, participate in our social media communities, such as on Facebook, and when you send us feedback.

Data Subject is any living individual who is using our Service and is the subject of Personal Data.


Information we Collect

Account Registration

When you create an account with StudySesh, we collect the information you provide us, such as your name, email address, phone number, birth date, and payment information. You may choose to share additional info with us and set up other preferences (such as your preferred pronouns).

Ratings and Feedback

When you rate and provide feedback, we collect all of the information you provide in your feedback for marketing purposes.

Communications

When you contact us or we contact you, we collect any information that you provide, including the contents of the messages or attachments you send us.

Video and Audio Data

When you use the Services via the video camera or microphone on your device, whether computer or mobile phone, you agree and consent that we may use such applications on your devices to operate the Services. Further, you consent and agree that we may collect this information, including video and audio content. However, StudySesh is not permitted to sell any of the above-described information in this paragraph, including video and audio content.

Children under the age of 13 are not permitted to purchase or use the Services.  Children under the age of eighteen (18) may provide information to StudySesh and participate in the Service only with consent of a parent or guardian.

Information about your Device

When you log-on to our websites or to our App(s), we automatically receive information from your device, including your IP address and location. We and our service providers may use “Cookies” to keep, and sometimes track, information about you, and to create a personalized web experience.

When you access the Service with a mobile device, this Usage Data may include information such as the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data.

We may use and store information about your location if you give us permission to do so (“Location Data”). We use this data to provide features of our Service, to improve and customize our Service. You can enable or disable location services when you use our Service at any time by way of your device settings.

Cookies

Cookies are small data files that are stored on your device’s web browser. Cookies track where you travel on our Site and what you look at and purchase. You agree to the use of cookies in this way. Most web browsers can be set to inform you when a cookie has been sent to you and provide you with the opportunity to refuse that cookie. We and our service providers may also use so-called "pixel tags", "web beacons", "clear GIFs" or similar means (collectively, "Pixel Tags") in connection with some Site pages and HTML-formatted email messages to, among other things, compile aggregate statistics about Site usage and response rates.

A pixel tag is an electronic image, often a single pixel (1x1), that is ordinarily not visible to Site visitors and may be associated with cookies on the visitors’ hard drives. Pixel Tags allow us to count users who have visited certain pages of the Site, to deliver branded services, and to target our promotional or advertising campaigns and determine their effectiveness.

Examples of Cookies we use:

  1. Session Cookies. We use Session Cookies to operate our Service.

  2. Preference Cookies. We use Preference Cookies to remember your preferences and various settings.

  3. Security Cookies. We use Security Cookies for security purposes.

  4. Advertising Cookies. Advertising Cookies are used to serve you with advertisements that may be relevant to you and your interests.

Parental Information

If your parent, school, employer or other third-party purchases Programs on your behalf, or if an agent refers you to StudySesh, such third parties may provide us with Personal Data about you, including your first name, last name and email address. We may also collect Personal Data about you from our business partners and other StudySesh owned companies.


Use of Information

Use of Data

StudySesh uses the collected data for various purposes:

  1. To provide and maintain our Service;

  2. To notify you about changes to our Service;

  3. To allow you to participate in interactive features of our Service when you choose to do so;

  4. To provide customer support;

  5. To gather analysis or valuable information so that we can improve our Service;

  6. To market and advertise our services;

  7. To enforce and monitor use of Services to ensure that they are used compliantly to the TOS, this Privacy Policy, and applicable laws;

  8. To monitor the usage of our Service To detect, prevent and address technical issues; and,

  9. To provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information.

StudySesh Inc. will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer periods.

Disclosure of Service Providers

We may employ third party companies and individuals to facilitate our Service ("Service Providers"), provide the Service on our behalf, perform Service-related services or assist us in analyzing how our Service is used.

These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

Analytics

We may use third-party Service Providers to monitor and analyze the use of our Service.

Behavioral Remarketing

StudySesh uses remarketing services to advertise on third party websites to you after you visited our Service. We and our third-party vendors use cookies to inform, optimize and serve ads based on your past visits to our Service.

Google AdWords

For more information on the privacy practices of Google, please visit the Google Privacy & Terms page: Here

Twitter

You can learn more about the privacy practices and policies of Twitter by visiting their Privacy Policy page: Here

Facebook

For more information on the privacy practices of Facebook, please visit Facebook's Data Policy page: Here

Pinterest

You can learn more about the privacy practices and policies of Pinterest by visiting their Privacy Policy page: Here

Other Service Providers

We may use third-party Service Providers to monitor and analyze the use of our Service. These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

Disclosure to Third-Party Processors, Processing in U.S

We use third-party services providers to operate, provide and maintain some aspects of our website, and we may request and permit these service providers to process your user data under the terms of a written agreement with us. Under such agreements, the service provider is only permitted to obtain the user data it needs to deliver the service, must keep all user data confidential, and may process, use and retain user data only for the purpose of delivering the service in compliance with our agreement, instructions and policies, including this Privacy Policy and its principal third-party data processors are located in the United States, so user data is collected, stored and processed in the U.S.

Transfer of Data Outside of Canada

Your Personal Data will be held in the Canada.

Your Personal Data may also be stored, processed and accessed in other countries where you are located. You consent to the transfer of your Personal Data outside your country, including Canada.


Disclosure of Data

Business Transactions

If StudySesh is involved in a merger, acquisition or asset sale, your Personal Data may be transferred. We will provide notice before your Personal Data is transferred and becomes subject to a different Privacy Policy.

Disclosure for Law Enforcement

Under certain circumstances, StudySesh may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Marketing Purposes

If you are using the Services as a tutor, StudySesh may disclose an image that may contain your facial features, likeness or any other personal detail pertaining to you, including but not limited your full name, your employment title, or your employer, for marketing purposes.

Legal Requirements

StudySesh may disclose your Personal Data in the good faith belief that such action is necessary to:

  • To comply with a legal obligation

  • To protect and defend the rights or property of StudySesh

  • To prevent or investigate possible wrongdoing in connection with the Service

  • To protect the personal safety of users of the Service or the public

  • To protect against legal liability

Security of Data

The security of your data is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

Our Policy on "Do Not Track" Signals under the California Online Protection Act (CalOPPA)

We do not support Do Not Track ("DNT"). Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.

Payments and Processing of Payments

We may provide paid products and/or services within the Service. In that case, we use third- party services for payment processing (e.g. payment processors).

​We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.

PCI-DSS requirements help ensure the secure handling of payment information.

​We primarily work with Stripe as our Payment Processor. Stripe's Privacy Policy can be viewed at https://stripe.com/us/privacy

European Union GDPR Data Processing Addendum

The Provider requires the Customer to accept the provisions of this Data Processing Addendum ("DPA") which is intended to meet the data protection adequacy and security requirements of the GDPR-Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC. Therefore, if the GDPR applies to the Customer's activity (for instance because the Customer is established in the European Union or established outside the European Union but the Customer offers good or services to data subjects who are in the European Union) — the Customer needs to accept these Data Processing Addendum terms to be compliant with GDPR so that the Customer can process such GDPR-eligible personal data with the Provider. Unless the Customer accepts the Agreement involving this DPA, the Customer's contract with the Provider will lack those terms therefore if GDPR applies to the Customer's activity the Customer must refrain from using the Provider's Service unless the Customer accepts this DPA.

  1. The terms "personal data", "data subject", "processing", "controller", "processor" and "supervisory authority" as used in this DPA have the meanings given in the GDPR.

  2. For the reasons mentioned above, if the Customer with any connection to the EEA, as stated  above, chooses to accept Terms and Conditions and enter the Agreement, the Customer enters this Data Protection Agreement which reflects the conditions governing processing and security of the personal data the Customer submits to the Provider's system or which may be processed by the Customer when connect the Customer's e-mail account thereto, i.e. submitted, stored, sent or received via our Platform and App, hereinafter referred to as the "Customer Data". Please note that whenever the word "the Customer" is used in this DPA, it means any persons who use the Services on the Customer's behalf, including the Customer's employees, subcontractors and other personnel members.

  3. In accordance with the GDPR regulations, this DPA shall be governed and construed in accordance with the laws of Ireland as a European Union's member state. The DPA is concluded for the whole period from the acceptance of the Agreement and this DPA until the end of the Provider's provision of the Services under the Agreement, which shall include periods of suspension of Services' provision or other post-termination periods when the Provider may refrain from deleting the Customer's data.

  4. The Customer Data will be processed via the Provider's Services and for the purpose to provide the Customer with full functionalities of the Provider's Services and Website and related operational and technical support related to the Customer's usage of the services so the duration of the processing will last until the expiry of this DPA or until deletion of all the Customer Data. The Provider will process the Customer Data in accordance with our Privacy Policy.

  5. The Provider shall not be the controller of the Customer Data the Customer may submit to the Provider's Services and will process such information within the Services solely in the processor's role and – depending on the scope of the Customer's activity – the Customer may be the controller or processor of this data. If the GDPR applies to the processing of Customer Data and the Customer is the processor, the Customer explicitly warrants the Provider that the Customer's instructions and actions with respect to that Customer Data processing, including hereby appointment of the Provider as another processor, have been authorized by the relevant controller.

  6. The personal data which may be processed (i.e. submitted, stored, sent or received) by the Customer when the Customer uses the Services may include the following categories of data: names, e-mail address, telephone, profession, company's name and address, city and country of the company, user IDs, presentations, images, calendar entries and other data which may be relevant for the Customer's purposes of permitted usage of the Provider's Services.

  7. The Customer Data which the Customer may process might concern the following categories of data subjects: users of the Services who may include the Customer's employees and contractors, the personnel of the Customer's customers, suppliers and subcontractors or any other person who transmits data via the Services, including any individuals collaborating and communicating with users of the Services.

  8. If the explicit consent of data subject is the legal basis to process the Customer Data via the Provider's Systems, the Customer represents and warrants the Provider that each such consent is freely given and taken in accordance with applicable laws. In this context the Customer indemnify the Provider of all claims and actions of third parties related to the processing of Customer Data via Services without explicit consent or other legal basis under the respective laws.

  9. By entering this DPA the Customer instructs the Provider to process Customer Data only in accordance with applicable laws and only to:
    1. Provide the Services', App's and Website's functionalities and related customer and technical support;
    2. To provide you with our actions, services and support specified by your usage of the Services and demanded when you use the Services (such as sending e-mail messages, campaign settings, etc.); or,
    3. As further documented in herein DPA, Terms of Services, Privacy Policy or otherwise documented in any instructions you may give us in writing, via e-mail or other written electronic communication and that we acknowledge as constituting instructions for the Customer Data processing.

  10. We will comply with your instructions (including with regard to international personal data transfers) unless any European Union or European Union member states' law we could be potentially subject to requires us to otherwise process the Customer Data. If this is the case, we will inform you on this obligation (unless law prohibits us from doing so on important grounds of public interest). We will also inform you if your instructions for data processing if we believe it may infringe regulations of the GDPR.

  11. We enable you to delete Customer Data during this DPA by using functionalities within Services – including moving data to archive for limited periods or by instant permanent deletion. If the term indicated above expires or you choose to delete data permanently, the Customer Data may not be recovered. Each of such actions will be acknowledged as your instructions to delete relevant Customer Data you submitted or keep within our systems. When the Agreement is terminated or otherwise expires, we shall delete your data, including Customer Data, and/or give you their copy (return them) subject the terms of Agreement.

  12. Under this DPA the Customer authorities the Provider to engage any other third parties as other processors and therefore –the Provider will inform the Customer about such planned engagement and the Customer is authorized to object to such appointment terminating the Agreement within 90 days written notice. If the Provider engages another processor for carrying out specific processing activities on the Customer's behalf (which is unlikely), the same data protection obligations as set out in the DPA will be imposed on that other processor, including in particular providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that the processing will meet the requirements of the GDPR.

  13. The Provider has implemented and will maintain all the appropriate technical and organizational measures to protect Customer Data to ensure a level of security against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to Customer Data, including encryption of personal data, introducing and maintaining systems ensuring the ongoing confidentiality, integrity, availability and resilience of processing, systems ensuring ability to restore the availability and access to Customer Data in the event of a physical or technical incident.

  14. The Customer shall acknowledge that the above-mentioned technical and organizational measures to protect Customer Data involve i.a.: physical security, logical security, separation of databases, policy regarding the removal of magnetic and optical data (including hard drives, portable storage media, backup platforms, etc.), procedures regarding database management, provisions regarding the collection, marking, verification, processing, and distribution of the data, management of access to personnel, including determination of the methodology for providing access to data, restrictions upon access, and keeping an updated list of persons with access rights, confidentiality undertakings for those persons with access rights, encryption of personal data, provisions regarding operations of the systems and maintaining ongoing data integrity, confidentiality, availability and resilience of processing systems and services, monitoring for the discovery of breaches of data integrity and methodology for reparation of such breaches, provisions regarding employee reliability and record of data misuse in accordance with the level of data sensitivity. We shall also regularly test, assess and evaluating the effectiveness of technical and organizational measures for ensuring the security of the Customer Data processing.

  15. If the Customer has further questions on the Provider's technical and organizational means for personal data protection, the Customer shall inquire the Provider to provide the Customer with additional information prior to submitting Customer Data to the Provider's systems or it shall be otherwise considered that the Customer agreed that taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing of Customer Data as well as the risks to individuals our data protection standards are appropriate to the risk in respect of the Customer Data.

  16. The Provider also ensures that their employees, contractors and sub-processors have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality to the extent applicable to their scope of performance.

  17. If the Provider becomes aware of a data incident – meaning a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Data on systems managed by or otherwise controlled by the Provider, excluding unsuccessful attempts or activities that do not compromise the security of Customer Data, unsuccessful login attempts, pings, port scans, denial of service attacks, and other network attacks on firewalls or networked systems – we will notify the Customer of the Data Incident promptly and without undue delay and promptly take reasonable steps to minimize harm and secure Customer Data. Such Data Incident notification will describe, to the extent possible, details of the Data Incident, including steps taken to mitigate the potential risks and steps the Provider may recommend addressing the Data Incident. The Provider will deliver such notification to the Customer's e-mail address or, at the Provider's discretion, by phone call or other direct communication. It is the Customer's sole responsibility to provide the Provider with and update the Customer's current and valid contact information. Neither of the Provider's notifications or communications regarding Data Incidents shall be construed as an acknowledgement of fault or liability with respect to the Data Incident.

  18. By entering this DPA the Customer explicitly acknowledges, agrees and confirms that the Provider will never assess the contents of Customer Data the Customer may submit, store, send or receive using the Provider's Services in order to identify information subject to any specific legal requirements or to assess the Customer's compliance with any laws or infringements thereof. Therefore, the Customer is solely responsible for complying with applicable incident notification laws and fulfilling any third party notification obligations related to any Data Incident(s).

  19. The Customer agrees that, without prejudice, the Customer shall be solely responsible for their use of the Services, including: making appropriate use of the Services and exercise adequate security controls to ensure a level of security appropriate to the risk in respect of the Customer Data, securing the account authentication credentials, systems and devices which the Customer may use to access the Services and backing up their Customer Data.

  20. As we provide solely online Services, we shall have no obligation to protect Customer Data that the Customer may choose to store or transfer outside of the Provider's systems, for instance for physical storage – in any form. If the Customer has further questions on the Provider's technical and organizational means for personal data protection, the Customer shall inquire the Provider to provide additional information prior to submitting Customer Data to the Provider's systems or it shall be otherwise considered that the Customer agrees that taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing of Customer Data as well as the risks to individuals our data protection standards are appropriate to the risk in respect of the Customer Data.

  21. Notwithstanding the Provider's obligations in respect to this DPA, the Customer shall also take all the reasonable precaution steps in order to ensure appropriate security and to prevent any destruction, loss, alteration, disclosure, unauthorized or illegal access to or acquirement of Customer Data and any other personal data the Customer may process using via the Provider's Services. If the data the Customer processes via Services were accessed or obtained by an unauthorized person or if there occurs a breach of such personal data security, the Customer shall immediately notify the Provider on such Data Incident and shall cooperate with the Provider in order to take any steps deemed required for the mitigation of any loss or damage.

  22. If the Customer breaches any obligations they may have under the GDPR the Customer shall be unconditionally and solely liable and it shall compensate the Provider and any third parties or data subjects against (a) any damage, loss, costs, taxes and expenses (including legal charges related to judicial experts and lawyers), (b) the refund of any fines or penalties paid by us to the supervisory authority, (c) any other damages resulting from the negligence, fault or gross misconduct or from any breach of an obligation related to Customer Data and other personal data processed via the Services as a consequence of non-complying with this DPA and the GDPR.

  23. The Provider will consider any breach of any representation or provision of the DPA and the GDPR by the Customer shall represent a gross breach of the Agreement and it shall entitle the Provider to terminate the Agreement immediately by sending a termination notice, without any grace or remedy period and without any other formality, notification or intervention of any court of law or another jurisdictional body.

  24. To the extent necessary for the reason of this DPA, the Provider will make available for the Customer's review the documents and information to demonstrate our compliance with our obligations under this DPA.

  25. If GDPR applies to the processing of Customer Data, we will also allow the Customer or the Customer's appointed independent auditor to conduct audits (including inspections) to verify the Provider's compliance with obligations under this DPA, including the Provider's documentation and we will contribute to such audits. In any case such audits will be subject to prior arrangements and reasonably agreed terms for such audits and inspections which may involve fees based on our reasonable costs of such reviews. If the Customer wishes to appoint an auditor, the Provider may object to the Customer's choice if in the Provider's reasonable opinion the appointed auditor is not suitably qualified or independent, a competitor of the Provider or otherwise manifestly unsuitable. If this is the case the Provider will require the Customer to appoint another auditor or conduct the audit itself.

  26. If applicable, the Provider will assist the Customer in ensuring compliance with any of the Customer's obligations in respect of data protection impact assessments and prior consultation, including if applicable the Customer's obligations pursuant to Articles 35 and 36 of the GDPR, taking into account the nature of the processing and the information available to the Provider, for instance by providing additional security information or providing the information with regard to performance of the Agreement including this Data Processing Addendum.

  27. During the term of the Agreement, the Provider will enable the Customer to access, rectify and restrict processing of Customer Data, including deletion of this data (subject to the hereinabove terms) and to export Customer Data – in a manner consistent with the functionalities of the Services.

  28. If the Provider receives any request from a data subject in relation to Customer Data the Provider may process, the Provider will advise the data subject to submit their request to the Customer and the Customer shall be responsible for responding to any such request including, where necessary, by using the functionality of the Services. Nevertheless, taking into account the nature of the processing of Customer Data via the Services, the Provider will assist the Customer in fulfilling any obligation to respond to requests by data subjects, including obligation to respond to requests for exercising the data subject's rights laid down in Chapter III of the GDPR. Depending on the case, the Provider may provide you Services' functionalities to perform our commitments you assist you or we may help you in other appropriate manner, including serving you with additional information on processing of Customer Data.

  29. Shall the Customer have any questions in respect of this Data Protection Addendum, please contact the Provider at: info@studysesh.com.

Privacy Policy Addendum for California Residents

This Privacy Policy Addendum supplements the Privacy Policy and describes additional rights of residents of the State of California.

​Persons with disabilities may obtain this notice in alternative format upon request by contacting us at info@studysesh.com

Your California Privacy Rights.

California residents are entitled once a year, free of charge, to request and obtain certain information regarding our disclosure, if any, of certain categories of personal information to third parties for their direct marketing purposes in the preceding calendar year. We do not share personal information with third parties for their own direct marketing purposes.

California Consumer Privacy Act

The California Consumer Privacy Act (“CCPA”) provides California residents with rights to receive certain disclosures regarding the collection, use, and sharing of “Personal Information”, as well as rights to know/access, delete, and limit sharing of Personal Information.

The CCPA defines “Personal Information” to mean “information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” Certain information we collect may be exempt from the CCPA because it is considered public information (i.e., it is made available by a government entity) or covered by a specific federal privacy law, such as the Gramm–Leach–Bliley Act, the Health Insurance Portability and Accountability Act, or the Fair Credit Reporting Act. Your rights are described below:

Right to Notice at Collection Regarding the Categories of Personal Information Collected.

You have the right to receive notice of the categories of Personal Information we collect, and the purposes for which those categories of Personal Information will be used. This notice should be provided at or before the time of collection. The categories we use to describe the information are those enumerated in the CCPA.

  • Identifiers. We collect your name, phone number, contact address and e-mail address when you engage with our website. We use this information to manage and provide the Services that you request, respond to your requests, and to communicate with you about the Services. We collect your social media handle when you interact with our Services through social media. We use this information to improve the user experience and our Service.

  • Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). In addition to the identifiers in the above section, we collect your credit card number to provide you with requested Services.

  • Internet or other similar network activity. We automatically collect information about your browsing history and your interaction with the content of our Services to measure activity, determine the effectiveness of our Services, and improve them.

  • Sensory Data. We collect your audio or voice recordings to provide you with Services.

We may use any of the categories of information listed above for other business or operational purposes compatible with the context in which the Personal Information was collected.

We may share any of the above-listed information with Service Providers, as described above. Service Providers are restricted from using Personal Information for any purpose that is not related to our engagement. The types of Service Providers with whom we share information and the services they provide are described in the Privacy Policy. We have not sold any personal information.

Right to Know/Access Information

You have the right to request access to Personal Information collected about you over the past 12 months and information regarding the source of that information, the purposes for which we collect it, and the third parties and service providers with whom we share it. You may submit such a request as described below. To protect our users’ Personal Information, we are required to verify your identity before we can act on your request.

Right to Request Deletion of Information

You have the right to request in certain circumstances that we delete any Personal Information that we have collected directly from you. You may submit such a request as described below. To protect our users’ Personal Information, we are required to verify your identity before we can act on your request. We may have a reason under the law why we do not have to comply with your request, or why we may comply with is in a more limited way than you anticipated. If we do, we will explain that to you in our response.

How to Submit a Request

You may submit a request to exercise your rights to know/access or delete your Personal Information by sending us an email at info@studysesh.com.

Only you or your authorized agent may make a verifiable consumer request related to your personal information.  If you use an authorized agent to submit a request on your behalf, we may require that you (1) provide the authorized agent written permission to do so, and (2) provide a copy of the authorization or provide a copy of a power of attorney that complies with California Probate Code sections 4000 to 4465 so that we can verify the identity of the authorized agent.

In verifying requests, we employ reasonable measures to detect fraudulent requests and prevent unauthorized access to your personal information. To meet our obligations, we are required to verify your identity, and the identity of your authorized agent, if the request is submitted via an agent, by associating the information provided in your request to personal information previously collected by us.

If we suspect fraudulent or malicious activity on or from the password-protected account, we may decline a request or request that you provide further verifying information.

You may only make a verifiable consumer request twice within a 12-month period. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify your identity or authority to make the request.

Right to Opt Out of Sale of Personal Information to Third Parties

You have the right to opt out of any sale of your Personal Information by Graham Holdings to third parties. We do not sell information to third parties.

Right to Information Regarding Participation in Data Sharing for Financial Incentives

You have the right to be free from discrimination based on your exercise of your CCPA rights.  We do not discriminate against anyone who chooses to exercise their CCPA rights.