At ClassDojo, we take our commitment to your privacy and data protection seriously, that's why every ClassDojo product is designed with privacy and security first. We believe you should have meaningful control over your data and know exactly how it is used.
As a US-based company, user data is stored in the United States. As such, certain jurisdictions require that specific legal requirements are met in order to transfer this personal data from your location to the United States. If you are based in the EEA, in order to meet these legal requirements, we obtain explicit consent from individual users (e.g. data subjects) under the Article 49(a) derogation provided for in the General Data Protection Regulation (“GDPR”).
If your school resides within the European Economic Area, Switzerland, or the United Kingdom, and has a contractual relationship with ClassDojo, please ask your School Leader to contact us at firstname.lastname@example.org in order to obtain the European Commission's’ Standard Contractual Clauses (“SCCs”) to further assist with meeting the GDPR legal requirements regarding personal data transfer to the United States.
If you started using ClassDojo from the EEA or Switzerland prior to July 16, 2020, the transfer of your data to the US was covered under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks (Privacy Shield). ClassDojo also previously obtained your consent in addition to relying on the Privacy Shield as we felt it was important to also have consent of all our users in the EEA and Switzerland. On July 16, 2020, the Court of Justice of the European Union (CJEU) issued a ruling invalidating the EU-U.S. Privacy Shield program. Given this decision, for individual users with whom ClassDojo can not enter into SCC’s, ClassDojo must obtain your updated explicit consent that provides greater transparency for data subjects in order for you to continue to access and use the ClassDojo service.
If you do not wish to provide consent, or you would like to withdraw your consent at a later time, you will need to either delete your account or request that we delete it for you by emailing us at email@example.com.
Please read below for more context and information:
General Data Protection Regulations (GDPR)
ClassDojo has complied with GDPR since it went into effect on May 25, 2018. You can learn more about ClassDojo's compliance with GDPR here. To make GDPR related data deletion or data download requests, please submit a request to our Support Team using this form or by emailing us at firstname.lastname@example.org.
EU-U.S. and Swiss-U.S. Privacy Shield Frameworks (Privacy Shield)
The U.S. Department of Commerce, with the European Commission and the Swiss government, created the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks (Privacy Shield) to provide companies with a valid mechanism to transfer personal data from the European Union to the United States in a manner that provides an adequate level of protection for the purpose of European data protection law. ClassDojo has certified its compliance with the EU-U.S. and Swiss-U.S. Privacy Shield frameworks with the U.S. Department of Commerce and is listed on the Department of Commerce’s website.
On July 16, 2020, the Court of Justice of the European Union (CJEU) issued a ruling invalidating the EU-U.S. Privacy Shield program. Given this decision, ClassDojo must obtain your updated consent in order for you to continue to access and use the ClassDojo service. If you do not wish to provide consent, you will need to either delete your account or request that we delete it for you by emailing us at email@example.com from the email address your account is linked to.
How does the invalidation of the Privacy Shield framework affect data transfers from ClassDojo users in the EEA to the USA?
Standard Contractual Clauses:
ClassDojo has Standard Contractual Clauses incorporated into our International Student Data Processing Agreement. However, on November 12, 2020, the EC issued a draft version of a new set of Standard Contractual Clauses (New SCCs). The New SCCs have been updated to reflect the high standard for data protection set forth in the GDPR and to take into account the requirements resulting from the Schrems II ruling, invalidating the Privacy Shield. While the EC has released these New SCCs, the New SCCs are still subject to a comment period until December 10, 2020, and are not expected to be finalized until early 2021 at the earliest. If you would like to review or enter into ClassDojo's International DPA please reach out to firstname.lastname@example.org for more information.