Data Privacy Policy

1. Who are we?

We are The San Diego Studio of Arts & Letters, a small education and arts performance outfit based in San Diego, California. Currently, our offerings are online only.  You can reach us by email at admin@sdstudioonline.com and by physical mail at 4231 Balboa Avenue #1247, San Diego, CA 92117 (mail only; not an office location). 

2. What data do we collect and what do we do with it?

With your consent, we collect data at various points.  If you sign up for an email list, we collect and keep the data necessary for us to send you emails that go to recipients of that list.  When you enroll in a course or subscribe to a perks group or other subscription tier, we collect and keep data necessary to process your enrollment/subscription and to facilitate provision of the good or service you’re paying for.  

We may send you emails about our site and related course(s), registration, course content, your course progress or other updates. We may also use your email to inform you about changes to the course, survey you about your usage, or collect your opinion.  Finally, we may keep the information you’ve provided for our internal “marketing”; for example, if you buy a course from us and we develop a course that we think you might be interested in, we may use the data you gave us to inform you about the new course.

The data we collect will include your name and and contact information.  We may also ask for your age; even if we do not ask for your age, you may provide some information about your age by enrolling in a course with recommended age bounds.  For more specific information about what data we collect, check out the course enrollment form or other information-gathering form for the product that interests you.  

Most importantly, we do not sell your data to others.  We may use the data we collect to help us deliver the goods and services you’ve asked for, and we may also use it to ask if you are interested in other goods or services we offer.  We may keep your data on internal databases and spreadsheets.  Our site is currently hosted by a service provider (Thinkific Labs, Inc.), and this service provider will keep your data on its assets consistent with its own data policies -- this keeps the site functional for you!  Also, like most businesses, we use third-party payment processors who will also have access to the data they need to complete purchase processing.  You can find more information about these other parties below.

If you have questions about the data we collect, please reach out to us at admin@sdstudioonline.com.

3. How do you get my consent to collect and use my data?

When you give us your personal data to make a purchase, subscribe to a membership tier, or enroll in and participate in a course, you explicitly consent to our collecting it and using it for that reason.

If we ask for your personal information for a secondary reason, like marketing, we will ask you directly for your explicit consent and provide you with an opportunity to say no.

4. How do I withdraw my consent?

If you would like us to quit using data you provided, please let us know!  You can contact us by email at admin@sdstudioonline.com  or by physical mail at 4231 Balboa Avenue #1247, San Diego, CA 92117 (mail only; not an office location).  This is not a requirement, but if you put “Data Privacy: Withdraw Consent” as the email subject line, this will help us to find and process your request faster. 

You can unsubscribe from email mailing lists that way, too.

5. How long do you keep my data?

We generally keep your data for as long as we need to deliver the goods or services you’ve asked for.  Here are a couple scenarios showing how that might work practically: 

 (a) You provide us with some data when you enroll in a course.  During enrollment, we ask if we can keep your data to inform you of other courses in the future.  You say no.  We keep your data to help us deliver that course to you.  At the end of the course, we ask if we can keep your data to inform you of other courses in the future.  You say no.  When you are done with the course, we are done with your data.

(b)  You provide us with some data when you enroll in a course.  During enrollment, we ask if we can keep your data to inform you of other courses in the future.  You say yes.  We keep your data to help us deliver that course to you.  When you are done with the course, we keep your data so that we can send you information about other courses in the future.  Since this is an ongoing service, we will keep your data until we no longer have courses we think you might like or until you tell us you no longer want this service (e.g., email unsubscribe or other notification).

6. Do you disclose my data to anyone else?

As a general rule, we only use your data internally to provide you the goods and services you’ve asked for, and possibly also for internal marketing purposes.  If for some reason some law requires us to disclose your data, then we must.  

We may also disclose your data if allowed due to a Terms of Service violation. San Diego Studio of Arts and Letters Terms of Service

7. What rights do I have with respect to my data?

Right of Access.  You have the right to know what data we have for you.  If you ask for a copy, once we know you are really you, we will give you a copy of the data we have for you and let you know how we are using it, how long we have had/will have it, who we have disclosed it to, and, if (somehow) we obtained your data from a third party we will let you know that, too.  We reserve the right to refuse frivolous requests.  If there is some reason why we can’t give you this information, we will let you know the reason.  If your request is likely to take a long time or a lot of money, we will let you know that, too.

Right to Rectification.  If you think any of the personal data we have for you is inaccurate or incomplete and you would like to give us accurate or more complete data, you can.

Right to Be Forgotten.  You can ask us to delete your personal data.  Unless there’s some legal basis under which we can’t (don’t know what that would be at the moment), we will!

Right to Restrict Processing.  You can ask us to quit using your data.  If you ask us to quit using it, we can still keep it.  We just can’t continue to process it.  This right might make sense if you think we have the wrong data and we’re still discussing that, processing your personal data would be illegal for some reason, or we can’t erase the personal data (maybe it’s evidence) but we can quit using it.

Right to Data Portability.  You can ask us to send your data to another processor.  We are not sure how this right makes sense in the context of the goods and services we provide, but it is one of the rights provided under the GDPR, so we wanted you to know about it in case the GDPR applies to our relationship.

Right to Object.  You can object to our use of your data if we are processing it for a legitimate interest, for direct marketing, for scientific or historic research, or for some sort of automated decision-making or algorithmic profiling.

8. What course creation/site hosting platform do you use and how can I find out their data policies?

Our course and site is hosted by Thinkific Labs Inc. (“Thinkific”). They provide us with the online course creation platform that allows us to sell our product/services to you.

Your data is stored on Thinkific’s data storage, databases, and in the general Thinkific application. They store your data on a secure server behind a firewall.  They also provide the interface for payment processing by third-party payment processors.

Payment:

Like most businesses, we use a third party payment processor such as Stripe or Paypal. Payments are encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction.

All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.

PCI-DSS requirements help ensure the secure handling of credit card information by our site and related courses and its service providers.

For more insight, you may also want to read Thinkific’s Terms of Service here https://www.thinkific.com/resources/privacy-policy/ or Privacy Statement here https://www.thinkific.com/resources/terms-of-service/ .

9. Third-party service providers:  what data do they collect and how do they use it?

In general, the third-party providers we use will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.

However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.

For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.

Certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us. If you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.

As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.

Once you leave our course website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our website’s Terms of Service.

10.  Links

Most if not all of our courses include links to other information.  When you click on links on our course site, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.

11.  Security

To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.

If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with AES-256 encryption.  Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.

12.  Cookies and other web tracking tools

We (via Thinkific) collect cookies or similar tracking technologies. Cookies are packets of information that our website’s server transfers to your computer. This information can be used to track your session on our website. Cookies may also be used to customize our website content for you as an individual. If you are using one of the common Internet web browsers, you can set up your browser to either let you know when you receive a cookie or to deny cookie access to your computer.

  • We use cookies to recognize your device and provide you with a personalized experience.

  • We also use cookies to attribute visits to our websites to third-party sources and to serve targeted ads from Google, Facebook, Instagram and other third-party vendors.

  • Our third-party advertisers use cookies to track your prior visits to our websites and elsewhere on the Internet in order to serve you targeted ads. For more information about targeted or behavioral advertising, please visit https://www.networkadvertising.org/understanding-online-advertising.

  • Opting out: You can opt out of targeted ads served via specific third-party vendors by visiting the Digital Advertising Alliance’s Opt-Out page.

  • We may also use automated tracking methods on our websites, in communications with you, and in our products and services, to measure performance and engagement.

  • Please note that because there is no consistent industry understanding of how to respond to “Do Not Track” signals, we do not alter our data collection and usage practices when we detect such a signal from your browser.

Web Analysis Tools

We may use web analysis tools that are built into The San Diego Studio of Arts & Letters website to measure and collect anonymous session information.

13. Age of Consent

By using this site, you represent that you are  either (1) at or past the age of majority in your state or province of residence or (2) are using this site with the express and explicit prior permission of your parent(s) or guardian, who is at least the age of majority in your state or province of residence and who consents to the terms in this privacy policy and our terms of service. We verify and retain a record of parent/guardian consent when parents purchase our goods or services for their minor's use.

14. Changes to this Privacy Policy

We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.


Last revised November 15, 2020.