Welcome to our website at www.goosooftacademy.org and thank you for your interest. We take the protection of your Personal Information very seriously and process your data in accordance with the Colorado Privacy Act (“CPA”) and the EU`s General Data Protection Regulation (“GDPR”).
Personal Information is information that makes it possible to identify a natural person. This includes in particular, your name, date of birth, address, telephone number, e-mail address, but also your IP address. Anonymous data as such only exists if no personal reference to the user can be made.
The Data Controller
In accordance with the CPA and the GDPR, the person responsible for processing of Personal Information when using the website is:
36 South 18th Avenue,
Suite D, Brighton, 80601
If you have any questions, you can reach us at [email protected] or call us on +1 610-234-7814.
Categories of data subjects and types of data processed
During the course of using our website and services, we process the following types of data from visitors and users:
inventory data (e.g., names, addresses),
contact data (e.g., e-mail, telephone numbers),
content data (e.g., text entries, messages, testimonials),
usage data (e.g., web pages visited, interest in content, access times.
Purpose of the processing
The Purpose of processing Personal Information are:
provision of the online offer, its functions and contents,
responding to contact requests and communicating with users,
security measures, and
Relevant legal basis
In accordance with the CPA and the GDPR, the following legal basis, unless specifically described below apply:
to fulfill our services and carry out contractual measures and respond to enquiries,
to fulfill our legal obligations, and
to protect our legitimate interests.
Security of your Personal Information
We take appropriate technical and organizational measures, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.
The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access to, input, disclosure, ensuring availability and segregation of the data. We also have procedures in place to ensure the exercise of data subjects’ rights, deletion of data and response to data compromise.
Furthermore, we already take the protection of Personal Information into account during the development and selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and through data protection-friendly default settings.
Cooperation with processors and third parties
If, in the course of our processing, we disclose data to other persons and companies, transmit it to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission (e.g. if a transmission of the data to third parties, such as to payment service providers, is necessary for the performance of the contract, you have consented, a legal obligation provides for this or on the basis of our legitimate interests. If we commission third parties to process data on the basis of a so-called “processing agreement”.
Transfers to third countries
If we process data in a third country (i.e., outside the USA) or if this is done in the context of using third-party services or disclosing or transferring data to third parties, this is only done if it is done in order to fulfill our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests.
Under the CPA, you can exercise the following rights:
Right to Know/Access
Right to Delete
Right to Opt-out of Sale
Right to Non-Discrimination
Right to Rectification
Right to Limit Use and Disclosure of Sensitive Personal Information
Under the GDPR, you can exercise the following rights:
Right to information
Right to rectification
Right to object to processing
Right to deletion
Right to information
Right to data portability
Right of objection
Right to withdraw consent
Right to complain to a supervisory authority
Right not to be subject to a decision based solely on automated processing.
Please contact us at any time with questions and suggestions regarding data protection and to enforce your rights as a data subject.
Deletion of data
The data processed by us will be deleted or its processing restricted in accordance with Colorado`s Statutory Retention Periods and other applicable laws for up to 3 years. Unless expressly stated, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. I.e., the data is blocked and not processed for other purposes.
We process the data of our customers within the scope of our contractual services. In doing so, we process:
inventory data (e.g., customer master data, such as names or addresses), contact data (e.g., e-mail, telephone numbers),
content data (e.g., text entries, testimonials, and messages),
contract data (e.g., subject matter of contract, term, this may also include non-Personal Information such as a student’s academic grades),
payment data (e.g., payment confirmations and payment history),
usage data and metadata (e.g., in the context of evaluating and measuring the success of marketing measures).
As a matter of principle,
we do not process special categories of Personal Information, unless these are components of commissioned processing. The purpose of the processing is the provision of contractual services, billing, and our customer service. We process data that is necessary for the justification and fulfillment of contractual services and point out the necessity of their disclosure. Disclosure to external parties only takes place if it is necessary in the context of the service.
we do not collect or store any payment transaction information such as credit card numbers or bank details during the payment process. You only provide this information directly to the respective payment service provider (currently PayPal and Stripe).
When processing the data provided to us within the scope of providing our courses, tuitions, and classes, we act in accordance with the instructions of the client as well as the legal requirements of the CPA and the GDPR and do not process the data for any other purposes than those specified in the course, tuition and/or class.
We delete the data after the expiry of statutory warranty and comparable obligations. The necessity of storing the data is reviewed every three years; in the case of statutory archiving obligations, the deletion takes place after their expiry.
In the case of data disclosed to us by the user within the scope of a course, tuition and/or class, we delete the data in accordance with the specifications of the course, tuition and/or class, in principle after the end of the course, tuition and/or class.
Administration, financial accounting, office organization, contact management
We process data within the scope of administrative tasks as well as organization of our business, financial accounting, and compliance with legal obligations, such as archiving.
In doing so, we process the same data that we process in the context of providing our contractual services. The purpose and our interest in the processing lies in the administration, financial accounting, office organization, archiving of data, i.e., tasks that serve the maintenance of our business activities, performance of our tasks and provision of our services.
The deletion of data with regard to contractual services and contractual communication corresponds to the information mentioned in these processing activities.
In this context, we disclose or transmit data to the tax authorities, consultants such as tax advisors or auditors as well as other fee offices and payment service providers.
When contacting us, your details are processed for the purpose of handling the request and its processing. The user’s details may be stored in a customer relationship management system or comparable enquiry organization. We delete the enquiries if they are no longer necessary. We review the necessity every two years; furthermore, the legal archiving obligations apply.
Within the Testimonial section, we may display certain Personal Information, share certain details, knowledge and insights. When you approve and submit your Testimonial to us your consent is obtained, and you have choices about the information in your Testimonial.
The storage of Testimonials is based on your consent. You can revoke your consent at any time. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing operations already carried out remains unaffected by the revocation.
On our website there is the possibility to subscribe to a free newsletter. When you register for the newsletter, the data from the input mask is transmitted to us. If you register for our newsletter, which informs you about our latest products and services, the Personal Information you provide in this context (full name and e-mail address) will be processed by us for the purpose of sending you the newsletter. The legal basis for the newsletter is your consent as well as our legitimate interest. You can revoke your consent at any time with effect for the future.
The hosting services used by us for the purpose of operating this website is Hostinger International, Ltd. In doing so, Hostinger processes inventory data, contact data, content data, contract data, usage data, meta data and communication data of customers, interested parties and visitors of our website on the basis of our legitimate interests in an efficient and secure provision of the website in conjunction with the provision of contractual services and the conclusion of the contract for our services, including but not limited to our courses, tuitions, and classes).
Collection of access data and log files
We, or rather Hostinger, collect data on every access to our website on the basis of our legitimate interest. The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.
Log file information is stored for security reasons (e.g., for the clarification of abuse or fraud) for a maximum of 7 days and then deleted. Data whose further storage is necessary for evidentiary purposes is exempt from deletion until the respective incident is finally clarified.
Databases or data sets that include Personal Data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose Personal Data may have been compromised, and the notice will be accompanied by a description of action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after which the breach was discovered.
Our services are restricted to users who are 18 years of age or older. We do not knowingly collect Personal Information from anyone under the age of 18. If you suspect that a user is under the age of 18, please contact us.
Because we’re always looking for new and innovative ways to improve our website and services, this policy may change over time. We will notify you before any material changes take effect so that you have time to review the changes.
Who should I contact for more information?