Last Updated: August 1, 2018
Instructure, Inc. (“INSTRUCTURE”) is committed to protecting your privacy. We have prepared this Privacy Policy to describe our practices regarding the personal information that may be collected from users of our websites, including https://www.instructure.com and http://www.canvas.net and any other sites that link to this Privacy Policy (“SITE”), Instructure’s Canvas iOS and Android Applications (“APPS”), and other related educational services (“SERVICES”). By submitting personal information through our Site, Apps, or Services, you expressly consent to the processing of your personal information in the U.S. in accordance with this Privacy Policy. The use of personal information collected through our service shall be limited to the purposes described in this Privacy Policy.
FOR EU AND EEA RESIDENTS
Instructure complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union (“EU”) and Switzerland to the United States (“U.S.”) respectively, as that term is defined in the Privacy Shield Framework. Instructure has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. Instructure is committed to subjecting all personal data received from the EU and Switzerland, in reliance on the Privacy Shield Framework, to the Framework’s applicable principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List: https://www.privacyshield.gov/list.
Instructure’s privacy policy, as provided below, describes the types of personal information that Instructure collects, the types of third parties to which it discloses personal data, and the purposes for which it does so. Instructure collects contact and demographic information to respond to requests or to personalize and deliver the services. Instructure transfers this information to third parties acting as an agent on its behalf. Instructure is accountable for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party. Instructure complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
Residents of the EU and Switzerland have the right to access the personal information that Instructure maintains, and in some cases, may have the right to correct or amend information that is inaccurate or has been processed in violation of the Privacy Shield Principles, to the extent allowed by law. To exercise this right, contact us at privacy@instructure.com. To learn more about the choices you have over your personal information, please see the subsection below entitled, “Your Choices Regarding Your Personal Information.”
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Instructure is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Instructure may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Residents of the EU and Switzerland with inquiries or complaints regarding this Privacy Policy should first contact Instructure at:
privacy@instructure.com
6330 S 3000 E, STE 700
Salt Lake City, UT 84121
(801) 869.5000
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
DATA YOU PROVIDE TO US.
We collect information from you, such as first and last name, gender, e-mail and mailing addresses, professional title, company name, and password when you create an account to log in to our network. When you order Services on our Site or Apps, you provide us or our third party payment processor with information necessary to complete the transaction, which may include your name, credit card information, billing information, and shipping information. We also may retain information on your behalf, such as files and messages that you store using your account. If you provide us feedback or contact us via e-mail, we will collect your name and e-mail address, as well as any other content included in the e-mail. When you participate in one of our surveys, we may collect additional profile information. We also collect other types of personal information and demographic information that you provide to us voluntarily.
DATA COLLECTED VIA TECHNOLOGY.
To make our Site, Apps, and Services more useful to you, our servers (which may be hosted by a third party service provider) collect information from you, including browser type, operating system, Internet Protocol (IP) address (a number that is automatically assigned to your computer when you use the Internet, which may vary from session to session), domain name, and/or a date/time stamp for your visit. We also use cookies and web beacons (as described below) and navigational data like Uniform Resource Locators (URL) to gather information regarding the date and time of your visit and the solutions and information for which you searched and which you viewed. Like most Internet services, we automatically gather this data and store it in log files each time you visit our Site, use our Apps, or access your account on our network. We may link this automatically-collected data to personally identifiable information.
“COOKIES” are small pieces of information that a website sends to your computer’s hard drive while you are viewing a website. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on our Site.
“WEB BEACONS” are digital images we use to log information on our Site and in our emails. We use web beacons to manage cookies, count visits, and to learn what marketing works and what does not. We also use web beacons to tell if you open or act on our emails.
“FLASH COOKIES” are used to store your preferences such as volume control or to display content based upon what you view on our websites to personalize your visit. Third party partners who provide certain features on our websites, such as videos, may place Flash cookies on your device. They may use Flash cookies to track your Web browsing activity and to display personalized advertising. Flash cookies are different from other cookies because of the amount of, type of, and way in which data is stored. Cookie management tools provided by your browser usually will not remove Flash cookies. To learn more about Flash cookies, who has placed Flash cookies on your device, and how to manage privacy and storage settings for Flash cookies click here: http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html#117118. We do not control the privacy practices of the third parties who place or track Flash cookies and this privacy policy does not cover their practices. You should visit the privacy policies of companies who place Flash cookies to understand their practices.
Most web browsers are set to accept cookies by default. If you prefer, you can typically remove and reject cookies from our Site with your browser settings. If you remove or reject our cookies, it will affect how our Site and Services work for you.
“ANALYTICS” We use analytics services to help analyze how users use the Site and Apps. These services use cookies and scripts to collect and store information such as how users interact with our Apps, errors users encounter when using our apps, device identifiers, how often users visit the Site, what pages they visit, and what other sites they used prior to coming to the Site. We use the information we get from Google Analytics only to improve our Site, our Apps, and our Services. Please see the following links for more information about Google Analytics: http://www.google.com/privacy_ads.html, http://www.google.com/privacy.html, and http://www.google.com/analytics/tos.html. We do not tie the information gathered using third party analytics to your personally identifiable information.
BLOGS/FORUMS
Our Site and Apps offer a publicly accessible blog and community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. Anytime you post on our blog please be aware that you may be posting using a third party application and we have no access or control over this information. Our privacy policy does not cover the practices of these third parties. Your interaction with these third party applications is governed by the privacy policy of the company providing it.
TESTIMONIALS
We display personal testimonials of satisfied customers on our Site in addition to other endorsements. With your consent we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact us at privacy@instructure.com.
USE OF YOUR DATA
In general, personal information you submit to us is used either to respond to requests that you make, or to aid us in serving you better. Instructure uses your personal information in the following ways: to create and maintain your account; to identify you as a user in our system; to operate, maintain, and improve our Site, Apps, and Services; to personalize and improve your experience; to send you administrative e-mail; to respond to your comments or inquiries; to protect, investigate, and deter against fraudulent, unauthorized, or illegal activity; and to make telephone calls to you, from time to time, as a part of secondary fraud protection or to solicit your feedback with your permission.
DISCLOSURE OF YOUR PERSONAL INFORMATION
We will share your personal information with third parties only in the ways that are described in this privacy policy or with your consent.
AFFILIATES. Although we currently do not have a parent company, any subsidiaries, joint ventures, or other companies under a common control (collectively, “AFFILIATES”), we may in the future. We may share some or all of your information with these Affiliates, in which case we will require our Affiliates to honor this Privacy Policy.
THIRD PARTY SERVICE PROVIDERS. We may share your personal information with third party service providers for the sole purpose of providing you with the Services that we offer you through our Site. For example, we may share data with service providers who host our websites or provide email services on our behalf.
OTHER DISCLOSURES. Instructure may disclose information about you if it believes such disclosure is necessary to (a) comply with laws or to respond to lawful requests and legal process; or (b) protect or defend the rights, safety, or property of Instructure, users of the Services, or any person including to enforce our agreements, policies, and terms of use or (c) in an emergency to protect the personal safety of any person. We may also share information about you in connection with or during negotiation of any merger, financing, acquisition, bankruptcy, dissolution, transaction or proceeding involving sale, transfer, divestiture or disclosure of all or a portion of our business or assets to another company. In the event that information is shared in this manner, notice will be posted on our Site. We may also share de-identified and/or aggregated data with others for their own uses.
NOTICE TO CALIFORNIA RESIDENTS - YOUR CALIFORNIA PRIVACY RIGHTS (AS PROVIDED BY CALIFORNIA CIVIL CODE SECTION 1798.83).
California's "Shine the Light" law, Civil Code section 1798.83, requires certain businesses that share customer personal information with third parties for the third parties' direct marketing purposes to respond to requests from California customers asking about the businesses' practices related to such information-sharing. Alternately, such businesses may have in place a policy not to disclose a customer's personal information to third parties for the third parties' direct marketing purposes if the customer has exercised an option to opt-out of such information-sharing. We have such a policy in place. As described in our Privacy Policy, you can opt-out of our sharing of your personal information with third parties for the third parties' direct marketing purposes by emailing us at privacy@instructure.com. To find out more about your opt-out rights, please review our Privacy Policy or contact us by e-mailing privacy@instructure.com or writing Instructure, Inc. 6330 S 3000 E, STE 700 Salt Lake City, UT 84121. Please note that under California law businesses are only required to respond to a customer making such a request once during any calendar year.
SOCIAL NETWORKING PLATFORMS.
We may allow you to connect and share information with certain social networking platforms (“SOCIAL NETWORKING PLATFORMS”) (e.g., a Facebook application). By choosing to use these Social Networking Platforms, you allow Instructure to share information with the Social Networking Platform. For example, you might use an application to publish Instructure related notices on your Facebook wall. If you do not want us to continue to provide your information to the Social Networking Platform, you may change your privacy settings in the Social Networking Platform. You can also access certain features of our Site using Social Networking Platforms. These services will authenticate your identity and provide you the option to share certain personal information with us such as your name, email address, and other personal information to pre-populate an application.
We do not control the privacy practices of the Social Networking Platforms and sign-in services you choose to use and this privacy policy does not cover their practices, you should visit the privacy policies of any Social Networking Platform or sign-in service you choose to use to understand their practices.
CHANGES TO PERSONAL INFORMATION. You may change some of your personal information in your account by editing your profile within the Service. You may also request changes or deletions by e-mailing us at the e-mail address set forth below. We will respond to your request, when permitted by law, within 30 days. We may be unable to delete information that resides in our archives.
SECURITY OF YOUR PERSONAL INFORMATION. Instructure takes reasonable steps to help protect your personal information in an effort to prevent unauthorized access, use, or disclosure. Despite these measures, you should know that Instructure cannot fully eliminate security risks associated with personal information. No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security. Any content you post while using the Services is at your own risk. If you have any questions about security on our Site or Apps, you can contact us at the contact information set forth below.
CONTACT INFORMATION
Instructure welcomes your comments or questions regarding this Privacy Policy. Please e-mail us at privacy@instructure.com or contact us at the following address or phone number:
Instructure, Inc.
6330 S 3000 E, STE 700
Salt Lake City, UT 84121
(801) 869.5000
CHANGES TO THIS PRIVACY POLICY.
Instructure may change this Privacy Policy from time to time. If we make any changes to this Policy, we will change the “Last Updated” date above. If such changes are material, a notice of the changes will be posted along with the revised Privacy Policy. We encourage you to visit this page from time to time for the latest on our privacy practices.