- Application Data Cache
- Behaviorally-Targeted Advertising
- Contextual Targeting
- Cookies And Similar Technologies
- Club Members
- Club Services
- Club Signatory
- Club Student Account
- Club Student User
- Community Partner
- Direct Program; Direct Programming
- Educational Purpose
- Education Records
- Girls Who Code (GWC) Clubs HQ
- Girls Who Code (GWC) HQ
- HTTP Referrer
- IP Address
- Local Storage
- Non-Personally Identifiable Information
- Outside School Club Child Account
- Outside School Club Child User
- Outside School Club
- Outside School Club Facilitator
- Outside School Learner User
- Outside School Minor Account
- Outside School Minor User
- Persistent Identifiers
- Personal Information
- Pixel Tag
- School Club
- School Club Administrator
- Server Log Data
- Student Data
- Teacher Facilitator
- Third-party Advertising
- Unique Device Identifier
- User Data
Application Data Caches
An Application Data Cache is a data repository on a device. It can, for example, enable a web application to run without an internet connection and improve the performance of the application by enabling faster loading of content.
Behaviorally-Targeted Advertising or Targeted Advertising
Behaviorally-Targeted Advertising (also referred to as online behavioral advertising [OBA] or interest-based advertising) is defined by the Digital Advertising Alliance (DAA) as "the collection of data online from a particular computer or device regarding Web viewing behaviors over time and across non-affiliate Websites for the purpose of using such data to predict user preferences or interests to deliver advertising to that computer or device based on preferences or interests known or inferred from the data collected." Behaviorally-targeted advertising does not include i) contextual targeting; ii) advertising or marketing to an individual in response to that individual's specific request for information or feedback; or iii) processing personal information solely for measuring or reporting advertising performance, reach or frequency.
This definition has largely been accepted by the Federal Trade Commission, and is described in similar fashion in its Self-Regulatory Principles for Online Behavioral Advertising. This type of advertising is precluded by the Children’s Online Privacy Protection Act (COPPA) for children under 13 without prior, verifiable parental consent, as well as by the existing self-regulatory advertising groups, including DAA and the Network Advertising Initiative (NAI). This is in contrast to contextual targeting or advertising which is permitted under COPPA.
* Please also see the definition of “Targeted Advertising” in the Colorado Student Data and Transparency Act here (and below) as well as Florida here as an example of the definition of “Targeted Advertising” in state student privacy laws, with similar definitions in many other state student privacy laws, as well as our Student Data Protection Addendum for more information on the prohibition of using Student Data for targeted advertising to students. Also see the California Attorney General's guidance on the Student Online Personal Information Protection Act (SOPIPA) here.
Colorado Student Data Transparency Act:
"Targeted Advertising" means selecting and sending advertisements to a student based on information obtained or inferred over time from the student's online behavior, use of applications, or personally identifiable information. "Targeted Advertising" does not include: (a) advertising to a student: (i) at an online location based on the student's current visit to that location or in response to the student's request for information or feedback; and (ii) without the collection and retention of a student's online activities over time; (b) adaptive learning, personalized learning, or customized education; or (c) with the consent of a student or the student's parent, using the student's personally identifiable information to identify for the student institutions of higher education or scholarship providers that are seeking students who meet specific criteria.
Contextual Targeting (also referred to as contextually relevant advertising) is defined by DAA as advertisements that are delivered “based on the content of a Web page, a search query, or a user’s contemporaneous behavior on the website.” NAI expands a bit further explaining, “the ad selected depends upon the content of the page on which it is served, or ‘first party’ marketing in which ads are customized or products are suggested based on the content of the page or users’ activity on the page (including the content they view or the searches they perform).”
The FTC echoes this in policy statements and in comments surrounding COPPA as well as the legislative history of COPPA where they proposed the following definition:
Contextual Advertising is ‘‘the delivery of advertisements based upon a consumer’s current visit to a Web page or a single search query, without the collection and retention of data about the consumer’s online activities over time.’’ The FTC notes that Contextual Targeting, “is more transparent and presents fewer privacy concerns as compared to the aggregation and use of data across sites and over time for marketing purposes.” Contextual Targeting is permitted under COPPA.
"Targeted Advertising" does not include: (a) advertising to a student: (i) at an online location based on the student's current visit to that location or in response to the student's request for information or feedback; and (ii) without the collection and retention of a student's online activities over time; (b) adaptive learning, personalized learning, or customized education; or (c) with the consent of a student or the student's parent, using the student's personally identifiable information to identify for the student institutions of higher education or scholarship providers that are seeking students who meet specific criteria.
Cookies and similar technologies
Cookies may be placed in your browser by third-party advertising companies when you view content off of our site (such as an embedded YouTube video) to help deliver the ads you see online. These “third-party Cookies” may be used to “remember” parts of your online activities in order to deliver ads tailored to your interests. For example, if you read an article online about running, a Cookie may be used to note your interest in running. As you continue to surf the web, you may see coupons to save money on running shoes. We do not allow any third parties to place Cookies on our site for advertising purposes in any areas where a student, learner or child using our service in the non-school context (e.g. Outside School Minor User) is logged into his or her account.
Other similar technologies
Other technologies are used for similar purposes as a Cookie on other platforms where Cookies are not available or applicable, such as the Advertising ID available on Android mobile devices and the Identifiers for Advertiser (“IDFA’) on iOS devices. Most modern mobile devices (iOS, Android, and Windows 10 and above) provide mobile advertising identifiers. These are randomly-generated numbers that are associated with your device that often come with options to reset the identifier and opt-out of advertising across apps (“Cross-App Advertising”) and in some cases (such as with the IDFA) opt-in to advertising. They are included to provide advertisers a method to identify your devices without using a permanent device identifier, like your phone’s serial number. We do not use any of these technologies where a student, learner or child using our service is logged into his or her account.
Please see our Online Tracking Technologies Policy for more information.
“Club Signatory” means an individual over eighteen (18) years of age who has the authority of either their (a) LEA (e.g. District), (b) School, or (c) Community Partner to sign contractual agreements with Girls Who Code.
Club Student Account
A Club Student Account is an account used by a Club Student User who is using the Girls Who Code Club Service at the direction of a school either in school or for Educational Purposes connected to a school or classroom and whose school has a contractual relationship with Girls Who Code.
Club Student User
“Club Student User” means a child (under the age of eighteen (18)) who is using the Girls Who Code Club Service at the direction of a school either in school or for Educational Purposes connected to a school or classroom and whose school has a contractual relationship with Girls Who Code.
“Community Partner” means a non-school Club administrator who provides administrative oversight for one or more non-school Clubs. This may include community centers, associations, or libraries. Community Partners may have access to certain Personal Information of a User, based on that User type.
“De-Identified or De-Identified Data” is information that has all direct and indirect personal identifiers removed such that the data cannot reasonably be used to identify, describe, or contact an individual. This includes, but is not limited to, Persistent Unique Identifiers, name, ID numbers, date of birth, and school ID.
For EU and UK residents, anywhere we use the term De-Identified, we will apply the General Data Protection Regulation, including as implemented or adopted under the laws of the United Kingdom (GDPR) definition of "pseudonymization" which states that pseudonymization is "the processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information.” Additionally, consistent with the GDPR, we will ensure that the “additional information” is kept separately and subject to technical and organizational measures to ensure non-attribution to an identified or identifiable person.
If you are a resident of the Province of Quebec, anywhere we use the term “De-Identified”, we will apply the Quebec’s Act Respecting the Protection of Personal Information in the Private Sector definition of “anonymized” which states that anonymized is information concerning a natural person that is processed in such a way that it is “irreversibly no longer allows the person to be identified directly or indirectly”.
If you are a resident of California, we follow the definition of De-identified as set forth under the California Consumer Privacy Act of 2018 (CCPA) as amended and its implementing regulations, including amendment by the California Privacy Rights and Enforcement Act of 2020 (CPRA) and its implementing regulations.
For residents located in additional states with a consumer privacy law (such as Colorado, Utah, or Virginia) and such law has also defined the term “De-identified”, we will apply such definition as applicable.
Girls Who Code commits to maintaining and using De-identified Data only in a De-identified form and will not attempt to re-identify the information, except that Girls Who Code may attempt to re-identify the information solely for the purpose of determining whether or not its De-identification processes are sufficient.
A device is a computer that can be used to access our website or services. For example, a device could be a desktop, tablet or smartphone.
DIrect Program Services; Direct Programming
“Direct Program Services” and/or “Direct Programming” at Girls Who Code consists of all non-Club activities (e.g. GWC Summer Immersion Programs, Self Paced Programs, College Loops, and Workforce Programs). For Outside School Minor Users, Direct Programming requires parent or guardian signed consent forms, and for participants over the age of eighteen (18), their signed consent form. Direct Programming is not connected to a school or a classroom or at the specific direction of a school.
Consistent with the Student Privacy Pledge, ‘Educational or School Purposes’ are services or functions that customarily take place at the direction of the educational institution/agency or their teacher/employee, for which the institutions or agency would otherwise use its own employees, and that aid in the administration or improvement of educational and school activities (e.g., instruction, administration, and development and improvement of products/services (including new products) intended for educational/school use). Additionally, consistent with both the Student Online Personal Information Protection Act (SOPIPA) and other state student privacy laws, and the Student Privacy Pledge, this does not preclude the use of student Personal Information for adaptive learning or customized student learning or education purposes. We also consider “Educational Purposes” to be services or functions that a child’s parent or legal guardian directs Girls Who Code (such as through setting up their child’s account, or otherwise providing their consent to us) to provide to their child for educational or learning activities outside of school (e.g. Outside School Minor User for Direct Program Services or an Outside School Child Club User for Outside School Clubs).
Education Records shall have the meaning set forth under the Family Educational Rights and Privacy Act (“FERPA”) cited as 20 U.S.C. § 1232g(a)(4); 34 CFR Part 99. Certain Student Data elements will also be considered Education Records.
Girls Who Code Clubs HQ (or GWC Club HQ)
“Girls Who Code Clubs HQ” or “GWC Clubs HQ” means a custom web application built to support Girls Who Code Club Programs and Services, similar to a learning management system.
Girls Who Code HQ (or GWC HQ)
“Girls Who Code HQ” or “GWC HQ” means a custom web application built to support Girls Who Code Direct Programs Services, similar to a learning management system.
An HTTP Referrer is information transmitted to a destination webpage by a web browser, typically when you click a link to that webpage. The HTTP Referrer contains the URL of the last webpage the browser visited.
Every device connected to the Internet is assigned a number known as an Internet protocol (IP) address. These numbers are usually assigned in geographic blocks and are typically controlled by your Internet Service Provider (ISP), your company, or your university. An IP address can often be used to identify the location from which a device is connecting to the Internet. IP addresses can be used to combat fraud and compliance with geographical legal restrictions and can be used to target advertising. When Girls Who Code stores an IP address, we store it in truncated or encrypted form. Additionally, we only use IP address information collected from students under 13 for internal business purposes.
Local Storage enables websites to store and retrieve data in a browser on a device. When used in “Local Storage” mode, it enables data to be stored across sessions (for example, so that the data is retrievable even after the browser has been closed and reopened). One technology that facilitates web storage is HTML 5. Other technologies include local shared objects, sometimes known as “Flash Cookies.” For more information, please see our Online Tracking Technologies Policy.
Non-Personally Identifiable Information
This is information that on its own does not permit direct association with any specific individual. For example, we consider the following to be non-personally identifiable information: your zip code, approximate location (e.g region, city, zip), your browser type, and non-unique device identifiers (e.g. Chromebook model). We also consider aggregated, De-identified and/or anonymized data to be non-personally identifiable information. Anything that is Personal Information is excluded from the definition of non-personal information. Not all jurisdictions have the same definition for Personal Information and non-personally identifiable information.
Outside School Child Club Account
“Outside School Child Club Account'' is an account used by a child (under 13) using the Girls Who Code Club Services not connected to a school or a classroom or at the specific direction of a school. Outside School Child Club Accounts must be created by the parent/guardian of the Outside School Child Club User. If an Outside School Child Club User is enrolled in an Outside School Club and, additionally, as a Club Student User (e.g. they are registered in both an Outside School Club and an School Club), these two Club accounts will be connected and their data will be stored together, but they may still require separate logins/names and passwords (separate Outside School Child Club Account and Club Student Account), but that data may be stored in one place and shared only with respect to the Club product. Any other Student Data will be stored separately from non-Student Data.
Outside School Child Club Users
“Outside School Child Club User” means a child (under 13) using the Girls Who Code Club Services not connected to a school or a classroom or at the specific direction of a school, including for educational and other learning activities at home, such as through accessing Code at Home materials on Girls Who Code HQ platform. Any data collected from Outside School Child Club Users would not be considered Student Data.
Outside School Club
An Outside School Club is a club not connected to a school or a classroom or at the specific direction of a school. This may include community centers, associations, or libraries.
Outside School Club Facilitator
An Outside School Club Facilitator is an adult (over eighteen (18) years of age) that facilitates an Outside School Club not connected to a school or a classroom or at the specific direction of a school. This may include community centers, associations, or libraries. The Outside School Club Facilitator may have access to Outside School Child Club User or Outside School Minor User Personal Information, but not Student Data, for the purposes of facilitating the Outside School Club.
Outside School Learner User
Outside School Minor Account
“Outside School Minor Account'' is an account used by an Outside School Minor User for either an Outside School Club Account or Direct Programming Account. When an Outside School Minor User participates in multiple Girls Who Code activities, they may have multiple accounts with separate “logins”/names, and the Outside School Minor User data may be stored separately or within the same database, depending on the User, but will not be stored with Student Data (except as noted):
One Club Member enrolled in multiple Clubs
If a Club Member is enrolled as an Outside School Minor User in an Outside School Club and, additionally, as a Club Student User (e.g. they are registered in both an Outside School Club and an In-School Club), these Club accounts will be connected and their data will be stored together, but they may still require separate logins/names and passwords (separate Outside School Minor Account and Club Student Account), and that data may be stored in one place and shared. We will maintain the same restrictive uses of the data as set forth in our Student DPA for all of this data stored together.
One User enrolled in multiple GWC Services
If a User is enrolled as an Outside School Minor User in Direct Programming and, additionally, as a Club Student User (e.g. they are registered in both a GWC Summer Program and a School Club), the Club account may not be connected to the Direct Programming account, and their data will be stored separately. They may still require separate logins/names and passwords (separate Outside School Minor Account and Club Student Account), but that data will be stored separately.
Outside School Minor User
“Outside School Club Minor User” means a minor (between the ages of 13-17) using the Girls Who Code Services (including Clubs) not connected to a school or a classroom or at the specific direction of a school, including for educational and other learning activities at home, such as through the Summer Immersion Program (SIP). Any data collected from Outside School Minor Users would not be considered Student Data.
This is a persistent and unique identifier that can be used to recognize a user over time and across different websites or online services. For example, this can be an IP address, a unique device identifier or a device serial number.
Personal Information is data that can be used to identify or contact a particular individual, such as the individual’s name, email address or billing information, or other data which can be reasonably linked to that data or to that individual’s specific computer or device. When anonymous or non-personal information is directly or indirectly linked with personal information, this anonymous or non-personal information is also treated as Personal Information. We will consider persistent identifiers that are not anonymized, de-identified or aggregated as Personal Information. Not all jurisdictions have the same definition for Personal Information and non-personally identifiable information. Additionally, please check here for the definition of Personal Information under the Children’s Online Privacy Protection Act (“COPPA”) which we follow for any Personal Information collected from children under 13. Please also see the COPPA FAQ for more information.
If you are a resident of California, we follow the definition of Personal Information as set forth under the California Consumer Privacy Act of 2018 (CCPA) as amended and its implementing regulations, including amendment by the California Privacy Rights and Enforcement Act of 2020 (CPRA) and its implementing regulations.
For residents located in additional states with a consumer privacy law (such as Colorado, Utah, or Virginia) and such law has also defined the term “Personal Information”, we will apply such definition as applicable.
For EU and UK residents, anywhere we use the term Personal Information, we will apply the General Data Protection Regulation, including as implemented or adopted under the laws of the United Kingdom (GDPR), definition of "personal data" which states that “personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
A Pixel Tag is a type of technology placed on a website, or within the body of an email for the purpose of tracking activity on websites or when emails are opened or accessed, and is often used in combination with Cookies. Pixel refers to the software code that is placed within a web page in order to trigger the placing of Cookies and transmits information to us or our third party service providers. This enables two websites to share information. The resulting connection can include information such as a device’s IP address, the time a person viewed the pixel, an identifier associated with the browser or device, the type of browser being used and the URL of the web page from which the pixel was viewed. A Pixel Tag is also known as a web beacon or Clear GIFs. There may or may not be a visible graphic image associated with the pixel, and often the image is designed to blend into the background of a web page or email.
A School Club is a Girls Who Code Club Service provided at the direction of a school, either in school or for Educational Purposes connected to a school or classroom, and whose school has a contractual relationship with Girls Who Code.
School Club Administrator
School Club Administrator means an employee of a school or district who provides administrative oversight for one or more School Clubs.
Sell also does not include sharing, transferring or disclosing of Student Data or other Personal Information with a service provider that is necessary to perform a business purpose (such as detecting security incidents, debugging and repairing, analytics, storage or other processing activities) provided that the service provider does not further use or sell the Personal Information or Student Data except as necessary to perform the business purpose. Girls Who Code is also not “Selling” Personal Information or Student Data (i) if a user directs Girls Who Code to intentionally disclose Personal Information or Student Data or uses Girls Who Code to intentionally interact with a third party, provided the third party does not also sell the Personal Information; or (ii) if a parent or a third party authorized by a parent, lawfully acquires student data (e.g. enhanced classroom reports or photos for free or for a fee).
If you are a resident of California, we follow the definition of Sell or sale as set forth under the California Consumer Privacy Act of 2018 as amended (“CCPA) and its implementing regulations, including an amendment by the California Privacy Rights and Enforcement Act of 2020 (CPRA) and its implementing regulations.
Server Log Data
Like most websites, our servers automatically record the page requests made when you visit our websites. These “server logs” or “log data” typically include your web request, IP address, browser type, browser language, the date and time of your request and one or more Cookies that may uniquely identify your browser.
“Student Data” means any Personal Information, whether gathered by Girls Who Code or provided by a school or its users, students, or students’ parents/guardians for a school purpose, that is descriptive of the student including, but not limited to, information in the student’s educational record or email, first and last name, birthdate, home or physical address, telephone number, email address, or other information allowing physical or online contact, discipline records, videos, test results, special education data, juvenile dependency records, grades, evaluations, criminal records, medical records, health records, social security numbers, biometric information, disabilities, socioeconomic information, food purchases, political affiliations, religious information, text messages, documents, student identifiers, search activity, photos, voice recordings, geolocation information, or any other information or identification number that would provide information about a specific student. To the extent U.S. law applies, Student Data may include Education Records. Student Data as specified in Exhibit A to our Student Data Privacy Addendum is confirmed to be collected or processed by the Girls Who Code pursuant to our services. Student Data shall not include De-Identified data or information that has been anonymized, or anonymous usage data regarding a Club Student’s use of our services. For clarity, any data collected from Outside School Minor Users or Outside School Club Child Users will not be considered student data.
A Teacher Facilitator is an adult (over eighteen (18) years of age) that facilitates a School Club connected to a school or a classroom or at the specific direction of a school or school district. The Teacher Facilitator may provide “School Consent” for Club Students involved in the School Club.
We consider Third-Party Advertising on our service to mean third-parties that would directly advertise their products or services on our service (i.e., such as when an advertiser would bid to place an advertisement directly on a platform such as Facebook). We don’t allow third parties to advertise directly on our service in user logged-in areas of our service. We also do not use third-party ad servers (such as Google AdWords or AdSense) in user logged-in areas of our Service. However, we may serve Contextually Relevant Advertising for third-party products and services ourselves that we believe may be of interest to you (e.g., our collaboration with an in-person learning opportunity in their geographical area).
Unique Device Identifier
A Unique Device Identifier (sometimes called a universally unique ID or UUID) is a string of characters that is incorporated into a device by its manufacturer and can be used to uniquely identify that device (for example an IMEI-number of a mobile phone). Different Unique Device Identifiers vary in how permanent they are, whether they can be reset by users, and how they can be accessed. A given device may have several different Unique Device Identifiers. Unique Device Identifiers can be used for various purposes, including security and fraud detection, syncing services such as a user’s email inbox, remembering the user’s preferences and providing relevant advertising.
User Data" means any personal information of a Girls Who Code User, provided that such data is electronic data and personal information submitted by or for a User (or collected by Girls Who Code and processed on behalf of a User) to the Services. User Data shall not include de-identified data or information that has been anonymized or anonymous usage data regarding a User's use of our services.