1. Protecting your Personal Information
Zenva operates several online educational services which teach people from all over the world about writing computer code. You may have come to read our Policy from any one of the sites we operate, which include: https://academy.zenva.com, https://schools.zenva.com, https://app1.zenva.com and https://gamedevacademy.org among others (Websites).
Our two flagship products are Zenva Schools, designed for academic institutions and Zenva Academy which is designed for individuals. This Policy describes the Personal Information handling policies for the whole business. However, different data may be handled differently in the different systems so we highlight some differences below.
When we talk about Personal Information throughout this Policy, we mean information or an opinion about an identifiable individual (not a company), whether or not that information or opinion is true or in a material form (Personal Information).
2. A special note about Zenva for Schools
We understand that schools have a duty of care to their students and take the management of Personal Information seriously. That’s why when we developed Zenva for Schools we adopted privacy by design principles. For example, the platform minimised the use of Personal Information and allows for students to be given a pseudonym or use their student ID number rather than their full name. We also built in the capability to delete student and teacher data if and when the school requests it. These are just a couple of the many ways we minimise risks to student’s Personal Information and help institutions manage their responsibilities with respect to privacy.
Notwithstanding anything to the contrary contained in this Policy, the following applies to data handled in Zenva Schools:
(a) All student data and backups are stored in Australia unless otherwise agreed in writing with you. We have the ability to set up local instances in other countries upon request.
(b) Internally within Zenva, access to student data is restricted only to essential team members who need to monitor and support the platform.
(c) Access to Zenva for Schools is protected with access control, strong password policies and 2-factor authentication.
(d) Zenva Schools and its underlying database is protected by a firewall and is encrypted both at rest and in transit. The backups are also encrypted.
(e) Regardless of how you identify your students, student data is anonymized before sending to third-party reporting platforms.
(f) Zenva for Schools is hosted and managed by DigitalOcean. DigitalOcean is a SOC 2 Type II compliant cloud hosting platform. Data is protected against cyber-attacks by their Global Edge Security network intelligence platform and Cloudflare.
(g) Unlike Zenva Academy and our other products, Zenva for Schools does not allow students to connect social media accounts.
(h) We never sell your student data nor do we market directly to your students unless a student has independently engaged with our other products.
We also limit the amount of Personal Information which we collect. Typically, it includes:
(a) Student data: Zenva for Schools can operate without any student Personal Information by using pseudonyms. However, the teacher may enter student names and email addresses, but that is in their control, so the level of security you deem necessary can be managed by you. If you are comfortable with entering the students name and email address then that will help streamline your teaching workflow, but we do not enforce it.
(b) Teacher data: Zenva for Schools collects the teachers name and email address.
We also collect information which you voluntarily provide to us, such as where a teacher emails us. That email is likely to contain Personal Information. The remainder of this Policy details how we handle Personal Information sent to us from outside of the Zenva Schools platform.
If you still have privacy concerns related to Zenva for Schools, please contact us. We take your privacy concerns very seriously and we can always include provisions in a special condition to a contract between us where it is reasonable and practical to do so.
3. Collection and use of Personal Information
At all times we aim to only collect the minimum information we need for the services we are providing. For example, if you sign up to a free trial, we will collect and use your email address. As you would expect, the more involved you are with us, the more information about you we will collect.
We collect and process the following categories of information:
(a) Communication data: which includes any communication that you send to us. This might be when you fill out a survey or questionnaire, join our mailing list or when you contact us through the contact form on our website, through email, text, social media messaging, social media posting or any other communication that you send us. If you sign in using social media, we receive (by your consent) additional information such as your profile picture and social profile ID. We process this data for the purposes of communicating with you, for record keeping and for the establishment, pursuance or defence of legal claims.
(b) Customer Data: which includes data you give to us when you purchase goods and/or services from us including any of our courses. This will include basic information about you and also the information we require for billing purposes such as your name, title, billing address, delivery address email address, phone number, contact details, purchase details and your card details (last digits only). We use third party services for processing payments such as PayPal and Stripe and we do not receive or store your full card payment information.
(c) User Data: which includes data about how you use our website and any online services together with any data that you post for publication on our website or through other online services. We process this data to operate our website and ensure relevant content is provided to you, to ensure the security of our website, to maintain back-ups of our website and/or databases and to enable publication and administration of our website, other online services and business.
(e) Marketing Data: which includes data about your preferences in receiving marketing from us and our third parties and your communication preferences. We process this data to enable you to partake in our promotions, to deliver relevant website content and advertisements to you and measure or understand the effectiveness of this advertising. We use our own and third party cookies to track where sales on our website come from so we can attribute sources of sales.
We use your Personal Information for the primary purpose of providing our goods and services to you. We may also use your Personal Information for secondary purposes closely related to the primary purpose, in circumstances where you would reasonably expect such use or disclosure.
Examples of when we may use your Personal Information include, to:
(f) deal with requests, enquiries or complaints and other customer care related activities;
(g) enable you to use our program, process orders, registrations and enquiries;
(h) provide you with information about events, products and services that may interest you;
(i) provide you with personalised service or special opportunities;
(j) allow you to participate in interactive features of our online services;
(k) run competitions, prize draws, and promotions (if any);
(l) improve our products or services and in planning new products or services;
(m) conduct market research surveys; and
(n) monitor compliance with our Terms and Conditions.
4. Collecting information from third parties
Typically, your Personal Information will only be collected directly from you unless you authorise another person to provide the information. Such consent is provided when you connect your social media accounts with our platform or via the services of entities like Facebook and Google. For example:
(a) If you have requested us to do so and you have a valid Zenva Academy account with an avatar image, we may pull your avatar image from gravatar.com and link it to your profile on our website. If that Avatar resembles you then we may be pulling Personal Information.
(b) We may receive data from third parties such as analytics providers like Google and social networks such as Facebook.
(c) When delivering products and receiving payment, certain information which you would reasonably expect to be transferred between entities may be collected.
5. Collecting sensitive information
We do not intend to collect sensitive information about you and request you never disclose information about your health, racial or ethnic origin, political opinions, religious beliefs or sexual orientation on our website or any blog or social media account associated with our website or business.
6. Interacting via social media and links to other websites
You can connect with us via our social media pages on Facebook, Instagram, YouTube, LinkedIn and Twitter and when you do information which you share with us is collected.
The social networking service will also handle your Personal Information for its own purposes and have their own privacy policies. You should become familiar with the privacy policies of any service you use.
We use a range of tools provided by third parties including our website host, third party service providers and search engine browsers to collect or view access and traffic information for statistical, reporting and maintenance purposes. We also may also use tracking pixels, cookies and session tools to improve your experience when accessing our online services.
The data collected by cookies does not usually identify you but may be combined with other information, such as your account details, which does. If we identify you using information from cookies, we may use that information to track how you use our online services and send you information more specific to your needs, or to invite you to purchase our services.
The kind of information that can be collected includes:
(a) device specific information such as mobile network information;
(b) server logs including your IP address, the times you use our services and system activity; and
(c) local storage availability.
We use the information to improve your user experience and the quality of our services.
8. Disclosure of Personal Information
With your consent or at your request we may share your contact information with third party organisations who offer products or services that may be of interest to you (if you agree to receive such information).
We may also disclose your information to:
(a) our employees, a related company and our professional advisers (lawyers, accountants, financial advisers, etc.);
(c) payment service providers if there is a dispute over a payment. For example, if PayPal contacts us regarding a dispute over a payment, we will provide PayPal with user activity information such as IP address, course enrolment and activity linked to the IP address, billing details on our system etc to allow the payment dispute to be resolved; and
(d) third parties where we are required to in accordance with the law. We reserve the right to fully co-operate with any law enforcement authorities or court order requiring or requesting us to disclose the identity or other usage details of any user of our online services, or in accordance with a properly executed court order, or as otherwise required to do so by law.
We will not disclose your Personal Information other than in accordance with this Policy without your consent.
9. Security and offshore transfers
Our platform is hosted and managed by DigitalOcean and Microsoft Azure. We use their datacentres:
(a) in the United States (for the Zenva Academy product); and
(b) Australia (for the Zenva Schools product, unless we have agreed otherwise).
While we do not otherwise actively disclose your Personal Information to overseas entities, our engagement of service providers, such as those who operate cloud services (email service providers and the like), may have international data centres and disaster recovery sites. Consequently, these providers may have access to your information offshore. We rely solely on reputable organisations for such cloud services.
We take reasonable steps to protect all Personal Information within our direct control from misuse, interference, loss, unauthorised access, unlawful or accidental destruction, modification or disclosure. To prevent unauthorised access or disclosure we use respected hosting services, firewall and other electronic security and managerial procedures to safeguard and secure the information we collect from you.
We also have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach when required.
All hard copy records which we keep are stored in Australia.
10. Marketing communications
We may use Customer Data, User Data, Technical Data and Marketing Data to deliver relevant website content and advertisements to you and to measure or understand the effectiveness of the advertising we serve you.
We may also use your Personal Information to carry out some automated decision making about you. For instance, our email manager may monitor which mails you open and use this information to automatically manage future emails you receive.
You can change your communication preferences at any time using the consent boxes or ask us to stop sending you marketing messages by following the unsubscribe links on any marketing message. Alternatively, you may contact us using the details at the end of this Policy.
However, opting out of receiving marketing communications, does not apply to personal data provided for other transactions such as purchases.
11. Data retention
If we hold Personal Information about you, and we do not need that information for any purpose, we will take reasonable steps to destroy or de-identify that information, in accordance with the Australian Privacy Principles (APP) and the European Union General Data Protection Regulation (GDPR), unless we are prevented from doing so by law.
Under Australian law, financial records, such as those relating to financial transactions, must be retained for 7 years after the transactions associated with those records are completed.
If you no longer want us to use your Personal Information, you can request that we erase it and, where you have an account with us, close your account. Where possible we will do so in accordance with the APPs and GDPR.
You may delete your account with us by accessing https://helpza.zenva.com and requesting your account and non-transaction data be deleted. Please note that this will not delete all Personal Information from our system as we retain your information in other areas. For example, we will still retain your purchase history and transaction data.
However, where you request the erasure of your Personal Information we will retain information from deleted accounts as necessary for our legitimate business interests, to comply with the law, prevent fraud, collect fees, resolve disputes, troubleshoot problems, assist with investigations or requests by government, a court of law, or law enforcement authorities, enforce the terms of service and take other actions permitted by law. Any information we retain will be handled in accordance with this Policy.
In some circumstances we may anonymise your personal data for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
12. Anonymity and use of pseudonyms
If you contact us with a general enquiry, we may interact with you anonymously or through the use of pseudonyms. However, you are required to provide true and accurate details when requesting the supply of goods or provision of services. You agree you will provide accurate information if we require it.
13. Accessing and correcting your Personal Information
We endeavour to only hold Personal Information that is accurate, complete and up-to-date. You have the right to make a request to access Personal Information which we hold about you and to request corrections of any errors in that data. To make an access or correction request, contact us using the contact details provided at the end of this Policy.
If you have an account with us, you can access some of the Personal Information that we collect about you. By logging into your account, you can update or correct certain information.
In order to protect your Personal Information, when you contact us, we may require identification from you before releasing the requested information or making the correction.
You will not have to pay a fee to access your Personal Information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive and we may refuse to comply with your request in these circumstances.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you.
If you request to have your information erased (also known as the right to be forgotten), we will, if appropriate, delete your Personal Information from our active business operating system. Your Personal Information will however continue to be stored within our backup(s) as we are unable to delete specific items from our backup. It will be deleted at the next scheduled backup deletion. We will keep a log of your request to be forgotten so that, should our backup be used to restore our operating system while your Personal Information is still stored, your Personal Information will again be removed from our active system upon restoration.
14. Additional rights for EU residents and citizens
For the purposes of the GDPR, we are a ‘data controller’ of Personal Information. If you’re a citizen or resident of the European Economic Area, the following rights apply to you.
You are entitled to ask us to port your Personal Information (i.e. to transfer in a structured, commonly used and machine-readable format, to you), to erase it, or restrict its processing. You also have rights to object to some processing that is based on our legitimate interests, such as profiling that we perform for the purposes of direct marketing, and, where we have asked for your consent to process your data, to withdraw this consent.
These rights are limited in some situations – for example, where we can demonstrate that we have a legal requirement to process your Personal Information. In some instances, this means that we may retain some data even if you withdraw your consent.
Where we require your Personal Information to comply with legal or contractual obligations, then provision of such data is mandatory and if you do not provide it then we will not be able to manage our contractual relationship with you, or to meet obligations placed on us. In those cases, you must provide us with your Personal Information, otherwise the provision of requested Personal Information is optional.
If you have unresolved concerns, you also have the right to complain to data protection authorities. The relevant data protection authority will be the data protection authority in the country:
(a) of your habitual residence;
(b) of your place of work; or
(c) in which you consider the alleged infringement has occurred.
15. Communications and privacy concerns
Your privacy is important to us. If you have any complaints, concerns or questions about our handling of your Personal Information, we ask that you first contact our privacy officer whose contact details are listed below. We will investigate your complaint and reply to you in writing if you provide us with contact details and request us to do so.
Post: 138 Juliette Street, Greenslopes, QLD, 4120, Australia
If, after we have conducted our investigations, you are still not satisfied, then we ask you to consult with the Office of the Australian Information Commissioner:
Email: [email protected]
Telephone: 1300 363 992 (from overseas +61 2 9284 9749)
Post: GPO Box 5218
Sydney NSW 2001
We will need to change this Policy from time to time in order to make sure it stays up to date with the latest legal requirements and any changes to our privacy management practices.
When we do change the Policy, we’ll make sure to notify you about such changes, where required. A copy of the latest version of this Policy will always be available on this page.
This Policy was last updated on 15 February 2023.