Privacy Policy (Former Version)

Effective Date of Policy: January 26, 2023

COMMON SENSE MEDIA PRIVACY POLICY

Welcome! Below you will find the privacy policy for Common Sense Media, Inc. ("we" or "us"). We are dedicated to protecting your privacy and handling any Personal Information we obtain from you with care and respect. The Common Sense Media Privacy Policy (the "Policy" or the "Privacy Policy") is designed to answer your questions regarding how we collect, protect, use and share information. It covers all information collected from visitors to the Common Sense Media website, www.commonsensemedia.org (the "Site"), and all other applications ("apps") and websites that link to this Privacy Policy (collectively, the "Services"). Please be aware that Common Sense Media also maintains certain websites and apps, which are governed by their own privacy policies. In addition, surveys are governed by the privacy policies displayed in the survey, which may differ from this privacy policy. If you are using another Common Sense Media website or app or responding to a survey, please be sure to consult the applicable privacy policy, as it may differ from this Policy. We hope this information increases your confidence in Common Sense Media and enhances your experience on our Services.

Throughout this Policy we use the following capitalized terms:

We use the term “Personal Information” to refer to information about an identified or identifiable natural person. It includes any information that can be used to identify (directly or indirectly) or contact a specific individual, such as the individual's name, postal address, email address, telephone number, or online identifier.
We use the term “Children” to refer to younger kids for whom collecting parental consent is required under applicable laws. For example under COPPA in the United States, children for these purposes are considered to be individuals under the age of 13. This age range may vary in other countries and regions. Where consent is required or recommended for a particular purpose or practice, we aim to get parental consent for youth in accordance with the age designated by the country they are in.
We use the term “Teen” to refer to older kids for whom collecting parental consent is not required under applicable laws. In the US a Teen would be a kid that is 13 or older yet under 18. This age range may vary in other countries and regions but, in all cases, an individual over 18 is not considered a Teen.

Please see our separate Terms of Use, which governs the use of the Services. We encourage you to read this Policy before using the Services, and not to use the Services if you disagree with any part of this Policy. By using the Services or by clicking a box that states that you accept or agree to this Policy, you signify your agreement to the terms and conditions of this Policy.

EEA+ Users – acceptance of this Policy does not limit any rights or remedies that might be available to you at law. Please note that the terms of this Policy that are specific to individuals in the EEA+ are set out in Section VIII (CSM: EEA+ Privacy Policy).

The Services are controlled and operated by Common Sense Media, a nonprofit organization in the United States. Subject to our obligations (if any) under our Terms of Use, we may limit the availability of the Services, in whole or in part, to any person, geographic area or jurisdiction we choose, at any time in our sole discretion.

I. INFORMATION THAT WE COLLECT ON OR THROUGH THE SERVICES

Through the Services, you can be a part of an active and vibrant community of families and educators interested in the impact of media on their children and students. Visitors who complete the membership process through our Services may become registered members ("Members"). Members can engage in a range of activities on our Services, such as creating user reviews on media products, participating in surveys and polls, and saving favorites to a personal page. If you are not currently a Member, you may click here to register, or here if you are an educator, and become eligible for our Services' features.

You can also choose to subscribe to Common Sense Media, which gives you one year of unlimited access to all of our media ratings and reviews.

A. Personal Information

We collect different types of Personal Information depending on whether you are a Non-Member or a Member, and what type of Member you are, as explained below, to provide our Services and carry out legitimate interests. For information on the collection, use and disclosure of Children's Personal Information, please see our Children's Privacy Policy.

All Visitors: Visitors to the Services may register and opt-in to receive Common Sense Media email newsletters by providing their name, email address, and zip code. Please note that our newsletters are not currently available to any Members under the age of 18. If you are a Member or visitor who is under 18 you should not attempt to sign-up for our newsletters.

We also may collect Personal Information through surveys or questionnaires. Your participation in surveys and questionnaires is entirely voluntary. Surveys are governed by the privacy policies displayed in the survey, which may differ from this privacy policy

Adult Members: If you wish to become a Member, you must provide us with certain Personal Information as part of the registration process, including, for example, name, email address, school information (for educators), and password. We additionally ask for zip code or country of residence.

Subscribers may need to provide payment information, including name, email address, and billing address to process donations and subscriptions. Common Sense receives address information; all other payment information is processed by a third party payment provider and not by Common Sense. See “B. Collection of Information by Our Service Providers” and DONOR SECTION for more information.

If you are a subscriber you may also optionally choose to provide us with information about your children such as their ages and names so we can personalize your experience on the Services and within our email newsletters. Subscribers may also add a profile picture to their account.

For Educator Members who are required to use certain logins and platforms, we provide you with the option to register or login and link your Member account on the Site with a single-sign on service such as Google. These services will authenticate your identity and will share certain Personal Information that you allow us to collect, as discussed below.

If you wish to become an Educator Member on the Site, you must provide us with your school name or select that you're not an educator in a school and select your educator type. Educator Members can optionally provide additional information such as a bio, profile picture, and links to social media accounts.

For adult members, your first name and the first initial of your last name will be displayed on your public user profile (“Profile”) page and next to any reviews that you post on our Site. Non-Educator Members have the option to not display your name and we will instead display your screen name which can be a pseudonym of your choice. Teen members are identified by their screen name.

Teen Members: If the Member is a Teen, we do not ask for name or zip code, but we do ask for birthdate information (month and year only) and country. We also ask for username and password, and email address.

Your screen name identifies you on the Services if you opt-out of using your name or do not provide us with that information. For instance, YOUR SCREEN NAME IS INCLUDED IN YOUR PROFILE THAT IS VIEWABLE BY OTHER MEMBERS AND IS DISPLAYED WITH REVIEWS THAT YOU WRITE. SINCE THE SCREEN NAME IS VIEWABLE BY OTHERS, WE SUGGEST THAT YOU NOT USE YOUR REAL NAME FOR YOUR SCREEN NAME OR PASSWORD, IN ORDER TO PROTECT YOUR PRIVACY.

Please note that if you are a Child for whom parental consent is required in respect of any processing of your Personal Information, aspects of the Children’s Privacy Policy apply to you as well. Please also see the EEA+ Privacy Policy.

Child Members: To learn about our practices regarding children's Personal Information, please read our Children's Privacy Policy. When we intend to collect Children's Personal Information, we take additional steps to protect their privacy, including:

Notifying parents about our information practices with regard to Children;
Limiting our collection of Children's Personal Information to no more than is reasonably necessary to participate in an online activity; and
Providing parents with access to, and the ability to request changes to or deletion of, Children's Personal Information that we have collected.

If you decide that you no longer want to be a Member, you can delete your account at any time. To delete your account, login to your account, visit your Account Settings page, and then click the "Close my Account" link located towards the bottom of the page. Once you delete your account, all of your Personal Information stored in your account and Profile on our site will be removed and any reviews you posted will remain on the site but the author name will switch to "anonymous" so your name will no longer be connected with your content (unless you have chosen to include your Personal Information in that content itself – in which we recommend you request that we remove all content associated with your account). If you wish to delete your reviews you may do so before you delete your account. Or, you can contact us at Contact Support and request that we delete your content (including reviews) and account for you.

Alternatively, if you decide that you would like your posted reviews deleted from our Services, you can do this at any time by logging into your account, viewing the review or comment, and clicking the "delete" button. You can also send us an email at Contact Support with your screen name, date of submitted review or comment, and title of media type that was reviewed. Please note that your request or deletion does not ensure complete or comprehensive removal of the content or information, as, for example, some of your content may have been reposted by another user. PLEASE NOTE THAT WE ARE NOT RESPONSIBLE FOR THE USE BY OTHERS OF ANY PERSONAL INFORMATION YOU DISCLOSE IN YOUR PROFILE OR ON PUBLIC-FACING AREAS OF THE SERVICES.

We may receive your Personal Information from other sources, such as Common Sense events, Common Sense education partners, activity on Common Sense social media platforms, and public databases.

B. Collection of Information by Our Service Providers

We use third-party service providers ("Payment Services"), to handle donations made by credit card and other payment transactions submitted to our Services. If you wish to make a donation or payment, you will be directed to a webpage that is hosted by a Payment Service (or its service providers) and not by us (such page, a "Payment Service Page"). Any Personal Information that you provide through a Payment Service Page will be collected directly by a Payment Service rather than by us, and will be subject to that Payment Service's privacy policy rather than this Policy. We have no control over, and shall not be responsible for, a Payment Service's use of information collected through a Payment Service Page. PLEASE NOTE THAT THIS POLICY DOES NOT ADDRESS THE COLLECTION AND USE OF INFORMATION THROUGH ANY PAYMENT SERVICE PAGE OR THE PRIVACY OR INFORMATION PRACTICES OF THE PAYMENT SERVICES.

EEA+ Users should see the Payment and Donation Processing section of our EEA+ Privacy Policy for specific information regarding treatment of their Personal Information by Payment Services.

C. Cookies and Other Technologies

For information about cookies and similar other technologies, what they do, and how to disable the non-necessary ones, please refer to our full Cookie Policy.

Certain information, like aggregated information or high-level location information, such as the browser language and country during the user session, is treated as non-Personal Information unless applicable law requires otherwise. We may use or disclose such information for any purpose. For instance, we may compile and share aggregate data about the geographic locations or other demographics of our Members, provided that this information does not personally identify any of these Members.

II. HOW WE USE INFORMATION COLLECTED ON THE SITE

A. How We Use Personal Information

We use Personal Information to process requests made through our Services, such as requests to receive our e-newsletters, requests for membership and questions or comments submitted through our Services. You may opt-out of receiving our e-newsletters at any time by clicking the "unsubscribe" or “manage my email preferences” links located at the bottom of newsletters, or by visiting commonsense.org/contact and sending a request using our online form.

Fulfillment of Requests. We may use Personal Information about you to fulfill the purpose for which such information was provided (e.g., to send newsletters to you or respond to your requests or inquiries and provide related customer service).

Additional Communications. If you register to become a Member of our community or sign up to receive one of our e-newsletters, we may use the Personal Information submitted in connection with your application to contact you with surveys or important communications regarding Common Sense Media. We may additionally use Personal Information to contact you about Common Sense content, features, opportunities, and products that may be of interest to you.

Membership. If you become a Member, we may use your Personal Information to maintain and update your Profile and postings in our online reviews, surveys and polls. All content that you submit to the Services is governed by our Terms of Use. We may also use Personal Information to send updates and communications to our Members, such as our e-newsletters, surveys and other important Common Sense Media communications such as information regarding the Services or changes to our terms, conditions and policies.

Internal Operations and Analysis. We may also use Personal Information about you for our internal business purposes, such as data analysis, audits, enhancing or modifying our products and services, and so forth.

We may also use Personal Information to personalize your experience on the Services by presenting content and market opportunities and products tailored to you and to allow you to participate in sweepstakes, contests and similar promotions and to administer these activities.

B. How We Use Information Collected Through Digital Citizenship Quizzes

Quizzes provided by Common Sense Education are available at the end of each lesson in the Digital Citizenship Curriculum. Each quiz includes 4-6 questions that have varied formats: multiple choice, drag and drop to complete a sentence, and drag and drop sorting. The quiz is autograded and students can see their results immediately. The quizzes are intended to assess student understanding after the teacher has completed the corresponding lesson.

Common Sense quiz reports (for the entire class and individual student) are only accessible to a teacher who is authenticated with Google Classroom and who requests specific quiz reports on specified students authenticated with Google Classroom. Common Sense works with the following third party service providers to provide Google Classroom integrated quizzes through the Digital Citizenship curriculum:

Learning Locker
Learning Locker is a Learning Record Store (LRS) database-driven application and analytics tool designed specifically for the learning sector. Common Sense uses Learning Locker to store, sort and share data as recorded using the xAPI specification from Google Classroom. Learning Locker may collect and store the following information including, but not limited to: Google User ID, quiz_id, quiz name, start time, start date, quiz completion, stop time, stop date, quiz duration, quiz questions, alphanumeric answers, quiz grade, and quiz ranking. Please read Learning Locker’s privacy policy for more information.
Google Classroom
Google Classroom is a free web service developed by Google and part of the G Suite for Education to help schools streamline the process of sharing files between teachers and students. Students using Google Classroom can view assignments, submit homework, and receive grades from teachers to help them stay on track and organized. The G Suite for Education core services are the heart of Google’s educational offering to schools. The core services include Gmail, Calendar, Classroom, Contacts, Drive, Docs, Groups, Sheets, Sites, Slides, Talk/Hangouts and Vault. Please read Google Classroom’s privacy policy for more information.

The Google Classroom service provides Common Sense with a Google Classroom authenticated teacher’s class roster of student Google IDs. Only authenticated teachers can access student first and last names associated with Google IDs for quiz reporting purposes. Common Sense requests authorization from teachers to access their Google Classroom class roster of student Google IDs in order to combine all the specified student Google IDs present in the class roster with their respective Common Sense quiz submission data and quiz grades in order to generate class and individual student quiz reports for teachers. All quiz reports are generated on-demand by the Google Classroom authenticated teacher and are not stored or retained by Common Sense. When a teacher requests a "class roster" or individual “student” quiz report, Common Sense loads the teacher’s specified Google IDs from our third-party service provider Learning Locker and matches student IDs with Google Classroom to create and display a class roster quiz report for the entire class, or individual student report to produce a Google Classroom listing that includes student names paired with quiz scores. Common Sense and our third-party service providers do not store or retain any class or individual student report data.

C. How We Use Information Collected Via Cookies and Other Technologies

We use information collected via cookies, web beacons and other technologies as described in our Cookie Policy

III. HOW WE DISCLOSE INFORMATION COLLECTED ON THE SERVICES

Except as expressly provided in this Policy, we will not share any Personal Information about you without your prior consent.

Profile Information. Each Member has a Profile on the Site, which includes the Member's name or screen name, Member photo, Member type, registration date, and links to the Member's posted reviews. You can change or remove information from your Profile by logging into the Site and clicking the "My Account" links located in your personal Account section.

Your Posted Reviews. If you post reviews or ratings on our Site, the contents of those postings may be displayed on our Site along with your name (first name, and first initial of last name) or screen name, Member photo, Member type, age (if under 18 years of age) and school information (if you are an educator). The ages of your kids may also be displayed if you provide this information and allow it to be posted (this information can also be selected to remain private).

Digital Literacy and Citizenship Curriculum Training. For Educator users who complete our Digital Literacy and Citizenship Curriculum Training, if requested by your school district, we may share your first and last name, school name, and completion date. The purpose of sharing this data is to help your district understand which teachers have received instruction on the Common Sense curriculum. Additionally, if your school receives E-rate support, it will help your district comply with CIPA.

Third-Party Service Providers. We work with third-parties who provide services such as data analysis, payment or donation processing, order fulfillment, infrastructure provision, information technology services, content personalization, email delivery services, and market research or third-parties who provide other services to help improve or operate our Services. We may share Personal Information about you with third-parties solely for the purpose of enabling them to provide these services to us. These service providers are given access to Personal Information needed to perform their functions, but are restricted from using the Personal Information for purposes other than providing services for us. When we engage a third-party who will need to access and process your Personal Information as part of their services, we ascertain that the third-party is capable and obligated to provide at least the same level of data privacy and protection as we hold ourselves to. Our third-parties are required to notify us if they determine they can no longer meet the expected level of data privacy and protection, and we monitor for compliance to our data protection terms based on the nature of the services being provided.

Single Login: If educators register or login to the Services through a Single Sign-On Service, we will ask you for your permission to access your data on the Single Sign-On Service to create an account and Profile. In addition, we may use this data for several purposes, including:

Populating Account and Profile Fields: When you are connected via a Single Sign-On Service, we will pre-populate and update your account and Profile fields with data from the Single Sign-On Service that you allow us to access. You can update this information at any time on your Account and Profile pages.
Personalizing the Services: When you are connected via a Single Sign-On Service, we may personalize our Services experience by displaying your name (first name, and first initial of last name) and profile picture or avatar (which you can choose to not display and instead show your anonymous screen name and no image) on your public profile page, next to your posted reviews, or on other areas of the site where your posted content is displayed. We might also display lists of content for you that similar users also like.
Aggregate Reporting: When you are connected via a Single Sign-On Service, we may use Personal Information from the Single Sign-On Service that you allow us to access to learn more about the demographic information of our users.

Educator Members may disconnect from a linked Single Sign-On Service at any time by visiting the "My Account" or "My Profile" section of the Site.

We will not share any information about you collected on the Services with a linked Single Sign-On Service without your approval. This means that we will not post anything to your Google account or similar unless you give us specific permission to do so, and we will not contact your friends or followers at any time. We do not store or utilize the names of your friends or followers even if they are passed to us by a single sign-on service in the initial registration process.

Single Sign-On Services provide varying levels of control over the extent to which content or information you submit to the Services is also made public and shared on linked Single Sign-On Services. When you use a Single Sign-On Service to log into the Services:

You share your information with it and its privacy policy applies to the Single Sign-On Service's collection, use, and disclosure of such information.
In addition, the Single Sign-On Service may be able to collect information about you, including your activity on the Services, and it may notify your connections on the Single Sign-On Service about your use of the Services.
Such services may also employ unique identifiers which allow your activity to be monitored across multiple websites for purposes of delivering targeted advertising to you.

Please note that the privacy policies and terms of use of linked Single Sign-On Services may be different from our own and we encourage you to read them. We also encourage you to familiarize yourself with the privacy controls and account settings on linked Single Sign-On Services for information on how to customize your privacy settings with respect to content or information submitted to the Services.

Law Enforcement; Emergencies; Compliance. Notwithstanding any other provision of this Policy to the contrary, we reserve the right to use your Personal Information, and to disclose it to others, as we believe to be necessary or appropriate: (a) under a requirement of applicable law, (b) to comply with legal process, (c) to respond to governmental requests, (d) to enforce our Terms of Service, (e) to protect our operations, (f) for assistance in fraud detection and prevention; (g) to protect the rights, privacy, safety or property of Common Sense Media, you or others, (h) to permit us to pursue available remedies or limit the damages that we may sustain, and (i) in connection with a disposition of all or a substantial portion of our business, assets or stock, such as the sale of the Site or Services, a merger, consolidation, reorganization, joint venture, assignment, or bankruptcy or similar proceedings.

Personal Information about you may be transferred, stored, and processed by us or the third-parties we work with in countries whose data protection laws and regulations may be different to those of your country. We allow transfers of Personal Information made between countries or regions in a fashion that complies with applicable law.

IV. DONOR PRIVACY POLICY

At Common Sense, we are strongly committed to protecting the privacy of our donors. We are dedicated to protecting your privacy and handling any Personal Information we obtain from you with care and respect.

In addition to obtaining information from you, we may supplement your information with data from public databases, including to research donors and conduct fundraising analysis, including to assess individuals’ philanthropic interests and ability to support Common Sense. We are not in the business of renting, selling, or trading our donors’ names or Personal Information, nor of sending mailings to our donors on behalf of other organizations. If this should ever change, we would only do so with your prior consent.

We may use third-party service providers to provide certain services on our behalf, including to process donations. To the extent that any third-party service provider is used to process donations, that service provider has assured Common Sense it will not use personal donor information for any purpose other than what is necessary to process the gift transaction for Common Sense. And any additional service providers, such as email providers, are given access to personal donor information only as needed to provide their functions for Common Sense.

This policy applies to all donor Personal Information received by Common Sense, both online and offline, on any Platform ("Platform", includes the Common Sense website and mobile applications), as well as through any electronic, written, or oral communications.

Please note: if you choose to make your donation ‘anonymously’, we will not use information relating to your donations for the purposes described, whether or not you would have been eligible based on the amount of the relevant donation.

V. HOW LONG WE KEEP YOUR PERSONAL INFORMATION

We keep your Personal Information only for as long as it is warranted to provide our Services, fulfill our commitments to you, and/or adhere to legal or regulatory requirements. If you are a Member or a donor, we keep your Personal Information for the duration of our relationship. Certain Personal Information may be kept and archived for longer though, as required for recordkeeping purposes or backing up Services’ data for example. When Personal Information is expired, or is no longer needed and does not have to be retained, we may return, delete, destroy, or anonymize it, depending on what method is systematically and procedurally possible, most secure, and what our related retention commitments are.

VI. IMPORTANT DISCLOSURES, PRACTICES AND CONTACT INFORMATION

Links. For your convenience and information, we may provide links to websites and other third-party services and content that is not owned or operated by us. The third-party websites, services and content to which we link may have separate privacy notices or policies. We are not responsible for the privacy practices of any entity that we do not own or control. The inclusion of a link or such third-party services/content on the Services does not imply our endorsement of the linked site, or that content or service.

Security. We seek to use reasonable administrative, organizational, technical, and physical measures to help protect the Personal Information you provide to us from loss, misuse, and unauthorized disclosure, alteration, or destruction. Only authorized personnel have access to Personal Information you provide to us and each employee with access to Personal Information is obligated to maintain its integrity and confidentiality. Unfortunately, no data transmission can be guaranteed to be 100% secure or error free. If you have reason to believe that your interaction with us is no longer secure, you should immediately notify us in accordance with the section below entitled "Contacting Us." Please note that if you notify us by physical mail, this will delay the time it takes for us to respond to the problem.

Updating Your Personal Information. If you are a Member, you can update your Personal Information at any time by accessing your account. To do this, just click on the "My Account", "My Profile" or "My Desk" link.

Changes to the Privacy Policy. We reserve the right to change this Policy, and any changes to our Policy will become effective upon our posting of the revised Policy on the Site. Use of the Services following such changes constitutes your acceptance of the revised Policy then in effect. If we make changes to this Policy we will take reasonable steps to alert users of the Services that the Policy has been updated.

VII. CONTACTING US

If you have any questions or requests about this Policy, or the practices of the Services, please contact us through the Privacy Requests Portal or write to us at:

Corporate Headquarters
Privacy Department
Common Sense Media
699 8th Street, Suite C150
San Francisco, CA 94103

VIII. CSM: EEA+ Privacy Policy

Who does this Section VIII apply to? This Section VIII (CSM: EEA+ Privacy Policy) applies to users and other relevant individuals who are based in the European Economic Area and the UK (together, the EEA+; who we refer to as "EEA+ Users"). All references to "you", "your" or "user(s)" in this Section VIII (CSM: EEA+ Privacy Policy) are references to such EEA+ Users only.

Why do we have a specific EEA+ Privacy Policy? Applicable data protection laws, including the EU General Data Protection Regulation and the so-called ‘UK GDPR’ (together, the GDPR), require us to provide information about our data processing practices and the rights available to relevant EEA+ Users.

Our representatives.

If you have any privacy questions or requests, you can easily submit them to CSM through our Personal Data Rights Request Form, available here.

Our EU representative appointed under the EU GDPR is Verasafe. Verasafe can be contacted by mail at:
- VeraSafe Ireland Ltd., North Point Business Park, New Mallow Road, Cork T23AT2P, Ireland
Our UK representative appointed under the UK GDPR is Common Sense Media, a registered charity and company in England and Wales ("Common Sense Media UK”). Common Sense Media UK can be contacted by mail at:
- 1 Paternoster Square, London, EC4M 7DX, UK, with mail sent "FAO Common Sense Media: UK Representative"

What do we mean by "Personal Information"? Under the GDPR, “Personal Data” refers to information about an identified or identifiable natural person. Throughout this Policy we use the term "Personal Information" to mean "Personal Data."

What are your rights in relation to your Personal Information? Under certain circumstances, by law you have the right to:

Access. Request access to your Personal Information.
Correction. Request correction of inaccurate or incomplete Personal Information that we hold about you.
Erasure. Request erasure of your Personal Information.
Objection. Object to our reliance on our Legitimate Interests (see below) as the legal basis of processing of your Personal Information
Restriction. Request the restriction of processing of your Personal Information until we address your request, establish its accuracy or our reasons for processing it.
Portability. Request the transfer of your Personal Information in a portable format to you or a third party of your choice.
Withdraw consent. Withdraw your consent to any Processing that relies on it as a legal basis (see below).

How to exercise your rights? If you want to exercise any of the rights described above, you can do so by using our Privacy Requests Portal. Typically, you will not have to pay a fee to access your Personal Information or to exercise any of the other rights listed above. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive, or, we may refuse to comply with that request. We may need to request specific information from you to help us confirm your identity and expedite your request.

Your right to complain. We would love to be able to resolve your questions, requests and complaints about your Personal Information directly. However, if you feel we have not been able to satisfactorily resolve an issue, you may contact your local data protection supervisory authority.

For the contact information of the Data Protection Authorities for each Member State of the European Economic Area, please visit: https://edpb.europa.eu/about-edpb/board/members_en
The UK's Data Protection Authority's details are below:

The Information Commissioner's Office
Water Lane, Wycliffe House
Wilmslow - Cheshire SK9 5AF
Tel. +44 303 123 1113
Website: https://ico.org.uk/make-a-complaint/

What Personal Information do we use? The table below describes the categories of Personal Information that we process in the context of the Services we currently make available to EEA+ Users and in other relevant areas of our operations.

Category of Personal Information collected	What does this include?
Identity Data	Adult Members: Name, username or similar identifier, age, profile picture, and password and other log-in credentials. Adult Members’ children: If our Adult Members choose to provide it to us, we may also receive the ages and names of Adult Members’ children. Educator Members: (in addition the above) your school’s name, your professional title, grades and subjects taught, social media links, and your profile profile picture or other avatar. Teen Members: username or similar identifier, country of residence, month and year of birth, and password and other log-in credentials.
Contact Data	Adult Members: zip/postal code and country of residence, email address.
Parental Data	Your email address when it is provided by your Child where we need your parental consent to comply with the GDPR. Any other Personal Information that you choose to provide us during the course of our correspondence relating to the administration of your Child’s Profile.
Service Personalization Data	Adult and Teen Members: the preferences that you set by configuring your Profile to identify the topics and content you want to see as part of the Services (including in any emails you ask us to send). Adult Members’ children: we may obtain knowledge of your child’s preferences as a result of how you configure your Profile (e.g., by using our ‘For Your Family’ function) to identify the topics and content your children might want to see (including in any emails you ask us to send you).
Communication Interaction Data	Adult Members: information about your engagement with our email newsletters that is collected by the “web beacons” referred to in our Cookie Policy.
Payment Data	Subscribers: information necessary to process payments for your Common Sense Media subscription (including affecting renewals, if and as applicable), such as name, email address, phone number, payment card information (including name as shown on your card, billing address (street address, city, state, country, ZIP code), expiration date, security code and payment card number, and associated details of subscriptions purchased from us (including any relevant payments taken). Please note, although our Payment Services providers require all this information to process payments on our behalf, we do not receive your full security code and payment card number – we only receive the final four digits of your payment card number.
Donation Data	Name (unless you want your donation to be anonymous), email address, phone number, payment card information (including name as shown on your card, billing address, expiration date, security code and payment card number) and the amount of your donation(s). Please note, although our Payment Services providers require all this information to process donations on our behalf, we do not receive your full security code and payment card number – we only receive the final four digits of your payment card number.
Donor Analysis Data	Where available from the sources noted below: current and prospective donors’ biography data, contact data (email address and mailing address), financial status, income data, donation history, political contribution history, value of residence(s), and employment history.
Analytics Data	We use Google Analytics to collect certain internet log information and the details of the behavior patterns of people who visit the Site. We configure Google Analytics to avoid collecting any information which could directly identify a person. We do not seek to identify those visitors whose interactions with the Site are being monitored.
Technical Data	Data routinely collected by online services, such as browsing activity, Internet protocol (IP) address, your log-in data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the Services. Certain elements of this Technical Data may be associated with or collected via certain of the online identifiers described in our Cookie Policy.
Review and User Submitted Data	Where you post a comment or submit a review on our Site, in addition to certain Identity Data attached to your account (which will depend on whether you are a Teen Member or an Adult Member), we will also collect any Personal Information that you choose to include in that content.
Survey Data	Depending on the survey, in addition to certain Identity Data, Contact Data, and Technical Data, we will also collect any other information requested by, or that you submit in response to, a survey. This may include demographic data such as gender, race/ethnicity, income, education level, living situation, among other details about you.
Event and Webinar Data	We need your email address (and in certain instances other requested Identity Data and Contact Data) to sign you up as attendee at events or webinars for which you register, and to provide you with the necessary details about that event or webinar. We may record some events and webinars. Where relevant, all presenters will have their image and audio, and relevant comments and opinions, published to attendees and captured in the recording. If you are an attendee and you choose to share your image and audio during an event or webinar — your image and audio will also be published to others at the event or webinar, and will be captured in any recording. If you are an attendee and you choose to otherwise participate or interact in an event or webinar (e.g., by submitting questions to a Q&A) — your questions and comments may be published to others at the event or webinar, and will also form part of the recording.

What is our “legal basis” for processing your Personal Information? In respect of each of the purposes for which we use your Personal Information (see below), the GDPR requires us to have a "legal basis" for that use. Most commonly, we will rely on one of the following legal bases:

Where we need to perform a contract we are about to enter into or have entered into with you (“Contractual Necessity”).
Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests (“Legitimate Interests”). More detail about the specific legitimate interests pursued in respect of each Purpose we use your Personal Information for is set out in the table below.
Where we need to comply with a legal or regulatory obligation (“Compliance with Law”).
Where we have your specific consent to carry out the processing for the Purpose in question (“Consent”).

Purposes for Processing. We have set out below, in a table format, the legal bases we rely on in respect of the relevant Purposes for which we use your Personal Information:

Purpose	Categories of Personal Information involved	Examples of how we use relevant Personal Information for a Purpose	Our legal basis for this use of data
Account creation, configuration, maintenance and performance	Identity Data Contact Data Payment Data (if applicable) Donation Data (if applicable)	To register your account on the Services, and to populate your profile fields. To provide you with the core elements of the Services. To provide you with access to the additional features and functions of Common Sense Media where either: you have paid for a subscription; or received a subscription as a perk made available by us as a result of a particular donation.	Contractual Necessity.
Service Personalization	Identity Data Contact Data Service Personalization Data Technical Data	To personalize your experience with our services and within our communications and to recommend Common Sense content, activities, features, and products that may be of interest.	Contractual Necessity.
Security	Identity Data Contact Data Analytics Data Technical Data	To keep our Services and associated systems operational and secure.	Compliance with Law. Legitimate Interests.
Troubleshooting and Service improvement	Analytics Data Technical Data Survey Data	To track issues that might be occurring on our systems. To test and improve the Services.	Legitimate Interests. It is in our legitimate interests that we are able to monitor and ensure the proper operation of our Services and associated systems and services.
Anonymized Data creation	Identity Data Contact Data Parental Data Service Personalization Data Communication Interaction Data Payment Data Donation Data Donor Analysis Data Analytics Data Technical Data Review and User Submitted Data Survey Data	We may create 'Anonymous Data' – this might include aggregated data such as statistical or demographic data. Anonymous Data may be created or derived from your Personal Information, but once in anonymous / aggregated form it will not directly or indirectly reveal your identity (i.e., it’s no longer Personal Information). We may use or disclose Anonymous Data for any purpose permitted by law, and do not require a legal basis to do so.	Legitimate Interests. It is in our legitimate interests that we are able to ensure that our Services and how we use information about our Users is as un-privacy intrusive as possible.
Newsletter and communications	Identity Data Contact Data Service Personalization Data Communication Interaction Data	To send you the newsletters and other communications that you have signed up for – and, where requested, to personalize the content of those communications to you. To inform you of upcoming webinars and events that we are (co-)hosting and to promote such webinars and events. To monitor your interaction with our communications (e.g., whether you have opened them).	Consent in respect of the both delivery of our newsletters and other communications (including event/webinar promotion), and monitoring your interactions with those communications.
Parental consent management	Parental Data	To send any parental consent request emails, and to engage in correspondence relating to the administration of parent’s children’s Profiles.	Compliance with Law.
User submitted content	Identity Data Review and User Submitted Data	As part of the Services, we post the reviews and other content you submit to the Site.	Contractual Necessity.
Processing Payments and Donations	Payment Data (where applicable) Donation Data (where applicable)	To process: (a) the payments from our subscribers (including renewals, if and as applicable); and (b) donations people make via our Site. Please note that this includes making available the means by which you provide your Payment Data or Donation Data (as applicable) to Payment Services to process payments or donations (as applicable) on our behalf. For more information, see the section titled Payment and Donation Processing (below).	Contractual Necessity.
Processing donation 'perks'	Identity Data Contact Data Donation Data	If and for so long as we elect to make available certain 'perks' to encourage donations, we may use this Personal Information: to assess your eligibility for any such ‘perks’; where applicable, to provide or make available any such ‘perks’ to you (e.g., by way of an ‘access code’); and/or where relevant, to send you a communication to notify you of your eligibility and to provide instructions on how to claim any such ‘perks’ for which you may be eligible as a result of your donation. Please note: if you choose to make your donation ‘anonymously’, we will not use information relating to your donations for the purposes described above, whether or not you would have been eligible based on the amount of the relevant donation.	Contractual Necessity.
Donor Analysis	Donation Data Donor Analysis Data	To enrich the profiles of our current and prospective donors.	Legitimate Interests. It is in our legitimate interests to establish those individuals who are likely to be interested in supporting the causes we wish to advance.
Donor Outreach	Donation Data Donor Analysis Data	Contacting current and prospective donors to engage interest and solicit donations.	Consent.
Analytics	Analytics Data Technical Data	To collect details of the behavior patterns of people who visit the Site.	Consent.
Running surveys and analyzing the responses	Identity Data Contact Data Technical Data Survey Data	From time-to-time we run surveys to better understand our users, our areas of professional interest, and how to improve our Services.	Legitimate Interests. It is in our legitimate interests to better understand: our user-base, how to improve our Services, whether or not to develop new Services (and if so how), and the areas in which we do business generally. We may seek consent for surveys that solicit special categories as required under Article 9 of GDPR.
Events and Webinars	Identity Data Contact Data Event and Webinar Data	Registering you for events and webinars and enabling your participation or attendance at these events and webinars (including communicating with you about the event or webinar for which you have signed up). Sharing a list of prospective attendees for an event or webinar with an organization with which we have partnered to co-host the event or webinar. Sharing a list of names of attendees for an in-person event with appropriate site security to ensure that only registered attendees attend the event. Recording the event or webinar. If an event or webinar is being recorded we will notify you in advance. Publishing the recording of the event or webinar (either on our website or a third-party platform (such as YouTube)).	Contract. Legitimate Interests. It is in our legitimate interests to record and publish events and webinars that we (co-)host, and to ensure that only registered attendees attend such events and webinars. It is in our event partner organizations’ legitimate interests to receive a list of prospective attendees to gauge interest in the event/webinar.

Purpose limitation. We will only use your Personal Information for the purposes for which we collected it as listed above, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Information for an unrelated purpose, we will update this Privacy Policy and we will explain the legal basis which allows us to do so. Please note that we may process your Personal Information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law (including the GDPR).

What happens when you do not provide necessary Personal Data or you withdraw consent? Where we need to process your Personal Information either to comply with law, or to perform the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. Similarly, if we rely on your consent to process your Personal Information, you are entitled to withdraw your consent, but if you do, we may not be able to provide certain services or features to you. We will keep you informed of when your access to service or features depends on your consent.

Our newsletters. EEA+ Users who are Adult Members, and other EEA+ Users over the age of 18, can opt-in to receiving our newsletters. Please note, however, that you may continue to receive ‘service-related’ and other non-marketing emails from us, including notices of any updates to our Terms of Use or this Policy.

How do you get consent from parents of Children when we are required to do so? We use the term "Children" to refer to younger kids for whom collecting parental consent is required under applicable laws. For example, under Article 8 of GDPR, when Personal Information is collected under the lawful base of consent (as provided by Article 6(1)(a) of GDPR) in relation to the offer of information society services directly to a Child parental consent is required. The age range that requires parental consent varies per Member State but in no event can be higher than 16 years of age. If parental consent is required in respect of any processing of a Children’s Personal Information, that Child must provide their parent’s email address. We use that email address to contact the Child’s parent to ask for their consent to the relevant processing – we also explain to the parent:

what Personal Information we collect about their Child;
how we use it and why; and
how the parent can revoke their consent and/or ask that we delete their Child’s Profile and their Personal Information.

If at this stage, the parent gives us their consent, we will carry out the processing. If not, we won’t.

What rights do EEA+ parents have? If you are a parent of a Child who is an EEA+ User, and we need your consent to certain processing of your Child’s Personal Information, please contact us if you:

believe your Child is participating in an activity on the Site that uses their Personal Information without the parental consent required by law; and/or
no longer wish for your Child to participate as a member of the Site,

We will delete your Child’s Profile, and any parental contact information we may hold, on request. If you wish to exercise these rights, you can do so through our Privacy Requests Portal.

Payment and Donation Processing. As noted above, your Payment Data and Donation Data is provided directly to Payment Services via their Payment Service Pages that we direct you to. When processing payments and donations on our behalf, Payment Services typically act as our ‘processor’ in respect of EEA+ Users’ Payment Data and Donation Data – essentially, this means that they only process your Payment Data and Donation Data for this limited purpose. However, Payment Services may also have their own legal and regulatory obligations that might require them to use your Payment Data and Donation Data for their own compliance-related purposes (e.g., security and fraud prevention) – THIS POLICY DOES NOT ADDRESS PAYMENT SERVICES’ PROCESSING OF PAYMENT DATA AND DONATION DATA FOR SUCH INDEPENDENTLY-DETERMINED PURPOSES, WHICH WILL BE SUBJECT TO THAT PAYMENT SERVICE'S PRIVACY POLICY RATHER THAN THIS POLICY.

Personal Information from Third Party Sources. In addition to the Personal Information that we collect directly from you we also collect certain of your Personal Information from the following categories of third party:

Single Sign-On providers – we may receive certain Identity Data, Contact Data, and Service Personalization Data relating to Educator Members who register for, and access their Profile using, a Single Sign-On Service.
Fundraising Tools – we derive or receive Donor Analysis Data from certain commercial- and publicly-available sources, which we use to enrich the profiles of our current and prospective donors (example of such data sources are the iWaves PROscores, WealthX CoreLogic, VeriGift, Larkspur Data databases).

International transfers. We are headquartered in the United States. The Personal Information that we collect from and about you will be stored and processed in the United States and may be stored and processed in other countries outside of the EEA+. However, it is our policy to ensure that adequate contractual or other safeguards are applied to Personal Information transferred outside of the EEA+ where required by the GDPR. If you have questions about the safeguards applied to your Personal Information, you may contact us at Contact Support.

The Healthy Young Minds Campaign

Chat GPT and Beyond: How to Handle AI in Schools

Constant Companion: A Week in the Life of a Young Person's Smartphone Use

2023 State of Kids' Privacy

Common Sense Media Announces Framework for First-of-Its-Kind AI Ratings System

Protecting Kids' Digital Privacy Is Now Easier Than Ever