Privacy Policy
Privacy Policy – My Education Group (and all its global entities)
Last Updated: March 9, 2021
My Education Group (“Meg”) is provider of educational services and operates the following websites and related smartphone mobile applications:
- meglanguages.com
- lms.meglanguages.com
- mychinesehub.org
- mychineseteacher.org
- mychinesetutor.org
- myvirtualexcursion.org
- mysisterschool.org
- myeducationgroup.org
Meg is committed to protecting your privacy. We have therefore prepared this Privacy Policy to describe our practices regarding the personal information that may be collected from users of our websites which post this Privacy Policy, including other related educational services (“Services”). By submitting personal information through our websites (“Site”) and smartphone applications (“Apps”), or Services, you expressly consent to the processing of your personal information in accordance with this Privacy Policy. The use of personal information collected through our service shall be limited to the purposes described in this Privacy Policy.
As used in this Privacy Policy,” Personal Information” means any information that can be used to individually identify a person, and may include, but is not limited to, name, email address, postal or other physical address, credit or debit card number, title, and other personally identifiable information.
Important notice for school users: If you are a user (or a parent of a user) who was given access to the Services by the organization you are affiliated with, this Privacy Policy does not govern your organization’s collection, use, or disclosure of personal information through the Site, Apps, or Service. We are not responsible for your organization’s collection, use, or disclosure of your personal information. Please contact your organization to better understand your organization’s privacy practices. Meg will retain personal information we process on behalf of organizations for as long as needed to provide services and as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. Meg uses only de-identified and aggregated data for its own purposes.
Important notice regarding children under 16: This Privacy Policy generally applies to the users of our Services. If however, a user identifies themselves as under the age of 16 (a “Child” or “Children”), we will collect, use and share the Child’s information as described in the subsection below entitled “A Special Note About Children”.
Data you provide to us
We collect information from you, such as first and last name, nickname, e-mail and mailing addresses, professional title, company name, your interests and password when you create an account to log in to our network or when you fill out one of our contact forms. For school students, we also may collect information on you, such as your name and gender which would be provided to us by your school. We also may retain information on your behalf, such as files and messages that you store using your account, as well as any assessment results you achieved through delivery of our service. If you provide us feedback or contact us via e-mail, we will collect your name and e-mail address, as well as any other content included in the e-mail. When you participate in one of our surveys, we may collect additional profile information. We also collect other types of personal information and demographic information that you provide to us voluntarily.
Data collected via technology
To make our Site, Apps, and Services more useful to you, our servers (which may be hosted by a third party service provider) collect information from you, including browser type, operating system, Internet Protocol (“IP”) address (a number that is automatically assigned to your computer when you use the Internet, which may vary from session to session), domain name, unique device identifiers, information about how you use our Site and Apps, and/or a date/time stamp for your visit. We also use cookies and web beacons (as described below) and navigational data like Uniform Resource Locators (“URL”) to gather information regarding the date and time of your visit and the solutions and information for which you searched and which you viewed. Like most Internet services, we automatically gather this data and store it in log files each time you visit our Site, use our Apps, or access your account on our network. We may link this automatically-collected data to personally identifiable information.
“Cookies” are small pieces of information that a website sends to your computer’s hard drive while you are viewing a website. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on our Site.
Meg does not use web beacons, tracking pixels, or any other tracking technologies for advertising purposes on our educational platform. We explicitly prohibit the deployment of advertising-related tracking methods including but not limited to web beacons, clear GIFs, tracking pixels, fingerprinting technologies, or cross-site tracking mechanisms that could be used to build advertising profiles or deliver targeted advertisements. Any tracking technologies we do employ are used exclusively for essential educational functionality, including session management to maintain your login status, learning analytics to track your educational progress within courses, security monitoring to protect against unauthorized access, and technical performance monitoring to ensure optimal platform operation. These functional tracking methods do not collect data for advertising purposes, are not shared with advertising networks, and cannot be used to track you across other websites or build marketing profiles. We maintain a comprehensive inventory of all tracking technologies used on our platform, their specific purposes, and the data they collect, which is available upon request. We regularly audit our platform to ensure no unauthorized advertising tracking technologies have been introduced by third parties or through software updates. If we ever need to implement new tracking technologies, we will clearly communicate their purpose, ensure they serve only educational functions, and provide notice through our privacy policy updates with clear explanations of how these technologies differ from advertising tracking methods.
“Flash Cookies” are used to store your preferences such as volume control or to display content based upon what you view on our websites to personalize your visit. Third party partners who provide certain features on our websites, such as videos, may place Flash cookies on your device. They may use Flash cookies to track your web browsing activity and to display personalized advertising. Flash cookies are different from other cookies because of the amount of, type of, and way in which data is stored. Cookie management tools provided by your browser usually will not remove Flash cookies. To learn more about Flash cookies, who has placed Flash cookies on your device, and how to manage privacy and storage settings for Flash cookies click here.
We do not control the privacy practices of the third parties who place or track Flash cookies and this privacy policy does not cover their practices. You should visit the privacy policies of companies who place Flash cookies to understand their practices and privacy policy.
Analytics. We use analytics services to help analyze how users use the Site and Apps. These services use cookies and scripts to collect and store information such as how users interact with our Apps, errors users encounter when using our apps, device identifiers, how often users visit the Site, what pages they visit, and what other sites they used prior to coming to the Site. We use the information we get from Google Analytics only to improve our Site, our Apps, and our Services. Please see the following links for more information about Google Analytics: here, here, and here.
Forums
Our Site and Apps offer community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. We are not liable or responsible for any postings on a community forum and we may, but have no obligation to, monitor, edit or remove such content at our absolute discretion for any reason including if it does not comply with out terms of use.
Referrals
If you choose to use our referral service to tell a friend or personal contact about our Services, you represent that you have their consent to provide us your friend’s or personal contact’s name and email address.
Choice
You have the right to opt out of certain third-party data sharing, and we provide simple, immediate mechanisms to exercise these rights. For non-essential third-party sharing, including analytics providers and optional educational content integrations, you can opt out directly through your account settings under “Privacy Preferences” where you can toggle specific sharing permissions on or off with immediate effect. However, some data sharing cannot be opted out of as it is essential for core app functionality, including sharing with cloud hosting providers for data storage, payment processors for subscription management, and security monitoring services for platform protection. For any data sharing that cannot be disabled through your account settings, we clearly explain why the sharing is necessary and provide alternative options where possible, such as account deletion if you wish to completely stop all data processing. You can also contact our privacy team directly to discuss specific opt-out requests or to receive assistance with managing your data sharing preferences, and we will respond within 5 business days with either immediate action or a clear explanation of any limitations.
Data Subject Rights
You have certain rights with respect to your personal information as set forth below. Please note that in some circumstances, we may not be able to fully comply with your requests, or we may ask you to provide us with additional information in connection with your request, which may be personal information, for example, if we need to verify your identity or the nature of your request. In such situations, however, we will still respond to let you know of our decision.
To make any of the following requests, contact us using the contact details referred to in the “Contact Us” section of this policy.
Access: You can request more information about the personal information we hold about you. You can also request a copy of the personal information. We may require identification from you before agreeing to such a request.
Rectification: If you believe that any personal information we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data. You can also correct some of this information directly by logging into your service account. Please contact us as soon as possible upon noticing any such inaccuracy or incompleteness.
Objection: You can contact us to let us know that you object to the collection or use of your personal information for certain purposes.
Erasure: You can request that we erase some or all of your personal information from our systems.
Restriction of Processing: You can ask us to restrict further processing of your personal information.
Portability: You have the right to ask for a copy of your personal information in a machine-readable format. You can also request that we transmit the data to another entity where technically feasible.
Meg strictly prohibits third-party tracking and data collection for advertising purposes on our platform. We do not allow advertising networks, data brokers, or marketing companies to place tracking technologies such as cookies, pixels, or beacons on our educational platform to collect user information for advertising purposes. Our contracts with all third-party service providers explicitly prohibit them from using any data shared with them for advertising, marketing, or tracking purposes beyond the specific educational services they provide to us. We do not integrate with social media tracking pixels, advertising exchanges, or cross-site tracking networks that could collect your information for advertising purposes.
Right to File Complaint: You have the right to lodge a complaint about Meg’s practices with respect to your personal information with the supervisory authority of your country or EU Member State.
Data Retention
How long we retain your personal information depends on the type of data and the purpose for which we process the data.
Use of your data
Personal information you submit to us is used either to respond to requests that you make, or to aid us in serving you better. Meg uses your personal information in the following ways: to create and maintain your account; to identify you as a user in our system; to operate, maintain, and improve our Site, Apps, and Services; to personalize and improve your experience; to send you administrative e-mail; to respond to your comments or inquiries; to send you surveys, promotional communications about our services with your permission; to protect, investigate, and deter against fraudulent, unauthorized, or illegal activity; and to make telephone calls to you, from time to time, as a part of secondary fraud protection or to solicit your feedback with your permission.
We may collect and use certain personal data to support and improve AI-driven features within our Services, such as automated feedback, personalization, or analytics. When data is used for these purposes, we follow applicable data protection laws and aim to minimize risks by de-identifying or aggregating information where possible. We limit access to this data and require that any third parties involved handle it securely and in line with our privacy standards.
Disclosure of your personal information
Meg shares specific categories of personal information with third-party service providers only as necessary to deliver our educational services, and we clearly define what data is shared with each type of provider. With cloud hosting providers (such as Amazon Web Services), we share all user data necessary for platform operation including account information, educational content, and usage data, as this sharing is essential for app functionality and data storage. With analytics providers (such as Google Analytics), we share only anonymized usage data, page views, and general demographic information to improve our services, and this sharing is not crucial for core app functionality. With payment processors (such as Stripe), we share only billing information, subscription details, and necessary identity verification data for schools and institutions, which is essential for subscription management functionality. With educational content providers, we share only course enrollment data and progress metrics required for delivering specific educational materials, which is crucial for providing contracted educational content. With customer support tools (such as Zendesk), we share only contact information and support request details when you contact us for assistance, which is essential for providing requested support services. With security and monitoring services, we share only technical logs and security-related data necessary to protect our platform, which is crucial for maintaining system security. We do not share any personal information with advertising networks, marketing platforms, or data brokers, and all third-party sharing is governed by data processing agreements that limit use to specified purposes only.
Third Party Service Providers. We may share your personal information with third party service providers for the sole purpose of providing you with the Services that we offer you through our Site (“Internal Purposes”). For example, we may share data with service providers who host our websites or provide email services on our behalf.
AI Sub-Processors. In cases where artificial intelligence (AI) is used as part of the Service (such as language learning support tools), we may rely on third-party AI providers as sub-processors. As of the date of this policy, our AI sub-processors include:
| ENTITY NAME | OPENAI PRODUCT OR SERVICE | LOCATION OF PROCESSING | PURPOSE OF PROCESSING |
| Cloudflare, Ltd. | API ChatGPT Enterprise ChatGPT Edu ChatGPT Team |
Processing is performed at the data center (opens in a new window)that is closest to the End User | Content delivery network provider |
| Microsoft Corporation | API ChatGPT Enterprise ChatGPT Edu ChatGPT Team |
Australia Canada France Germany India Japan Norway Poland Singapore South Africa South Korea Sweden Switzerland United Arab Emirates United Kingdom United States |
Cloud infrastructure |
| Snowflake, Inc. | API* ChatGPT Enterprise ChatGPT Edu ChatGPT Team |
United States | Data warehousing |
| TaskUs, LLC | API ChatGPT Enterprise ChatGPT Edu ChatGPT Team |
Philippines | All Services: Customer Support API & ChatGPT Team: Moderation of contentChatGPT Enterprise, Edu & ChatGPT Team: Moderation of GPTs |
| Intercom, Inc. | API ChatGPT Enterprise ChatGPT Edu ChatGPT Team |
United States | Customer support |
| Salesforce | API ChatGPT Enterprise ChatGPT Edu ChatGPT Team |
Australia Brazil Canada France Germany India Indonesia Ireland Italy Japan Singapore South Africa South Korea Sweden Switzerland The Netherlands United Arab Emirates United Kingdom United States |
Customer support |
| Accenture International Limited | API ChatGPT Enterprise ChatGPT Edu ChatGPT Team |
Canada Philippines |
Customer support |
| Fivetran, Inc. | Assistants API | United States | ETL provider |
| Confluent | API* ChatGPT Enterprise ChatGPT Edu ChatGPT Team |
United States | Infrastructure management |
| Cinder Technologies, Inc. | API* ChatGPT Enterprise ChatGPT Edu ChatGPT Team |
United States | API & ChatGPT Team: Platform for content moderation ChatGPT Enterprise, Edu & ChatGPT Team: Platform for moderation of GPTs |
| WorkOS, Inc.** | ChatGPT Enterprise ChatGPT Edu ChatGPT Team |
United States | Cross-domain identity management |
| Okta, Inc. | API ChatGPT Enterprise ChatGPT Edu ChatGPT Team |
United States | User authentication services (via Auth0) |
* Except where Zero Data Retention (ZDR) is used
** At election of customer
Other Disclosures. Meg may disclose information about you if it believes such disclosure is necessary to (a) comply with laws or to respond to lawful requests and legal process; or (b) protect or defend the rights, safety, or property of Meg, users of the Services, or any person including to enforce our agreements, policies, and terms of use, or (c) in an emergency to protect the personal safety of any person (collectively, “a”, “b” and “c”, “Enforcement Purposes”).
We may also share information about you in connection with or during negotiation of any merger, financing, acquisition, bankruptcy, dissolution, transaction or proceeding involving sale, transfer, divestiture or disclosure of all or a portion of our business or assets to another company. In these circumstances, we will only share information with a company that has agreed to data privacy standards no less stringent than our own. In the event that information is shared in this manner, notice will be posted on our Site.
We may also share de-identified and aggregated data with others for their own uses.
Social networking platforms
We may allow you to connect and share information with certain social networking platforms (“Social Networking Platforms”) (e.g., a Facebook application). By choosing to use these Social Networking Platforms, you allow Meg to share information with the Social Networking Platform. For example, you might use an application to publish Meg related notices on your Facebook wall. If you do not want us to continue to provide your information to the Social Networking Platform, you may change your privacy settings in the Social Networking Platform.
You can also access certain features of our Site using Social Networking Platforms. These services will authenticate your identity and provide you the option to share certain personal information with us such as your name, email address, and other personal information to pre-populate an application.
We do not control the privacy practices of the Social Networking Platforms and sign-in services you choose to use and this privacy policy does not cover their practices, you should visit the privacy policies of any Social Networking Platform or sign-in service you choose to use to understand their practices.
Security of your personal information
Meg implements comprehensive security measures to protect your personal information from unauthorized access, use, or disclosure. Our technical safeguards include industry-standard encryption using AES-256 for data at rest and TLS 1.3 for data in transit, multi-factor authentication for administrative access, and regular security updates and patches to all systems. We maintain automated monitoring and intrusion detection systems, house our data in secure data centers with physical access controls and environmental protections, and perform regular automated backups with encrypted storage.
From an administrative perspective, we require mandatory security training for all employees handling personal data and conduct background checks for personnel with access to personal information. We enforce strict access controls that limit data access to authorized personnel only on a need-to-know basis, regularly review and update our security policies and procedures, and maintain comprehensive incident response procedures for potential data breaches.
Our procedural safeguards include regular third-party security audits and vulnerability assessments, with penetration testing conducted annually by certified security professionals. We maintain clear data retention policies to minimize unnecessary data storage, implement secure disposal procedures for data that is no longer needed, and conduct thorough security assessments of all third-party service providers before engagement.
We continuously monitor and update our security measures to address emerging threats and maintain compliance with applicable data protection standards. This ongoing commitment ensures that our protection measures evolve with the changing security landscape and regulatory requirements.
Despite these comprehensive measures, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security. Any content you post while using the Services carries inherent risks, and we recommend that you avoid sharing sensitive personal information in public areas of our platform. If you become aware of any security vulnerability or have questions about our security practices, please contact us immediately at the contact information provided below.
Anonymisation
In situations where we are required to combine personal information about identified or identifiable individuals as provided to us about one customer with personal information about that individual as provided to us by another customer or from publicly available sources, wherever reasonably practicable we will use using reliable and verifiable anonymisation and de-identification techniques which ensure that the risk of any individual being reasonably identifiable in relation to the combined personal information is remote.
A special note about children
Note to Parents. We are required under the Children’s Online Privacy Protection Act (“COPPA”) and General Data Protection Regulation (“GDPR”), with limited exceptions, to obtain verifiable parental consent in order to collect, use or disclose personal information from Children. COPPA allows the Child’s school, school districts and other educational institutions (collectively, “Schools”) to obtain consent for the online collection of personal information from Children who are students of the School.
Meg enforces mandatory strong password creation standards for all user accounts to protect your personal information and maintain system security. All passwords must meet the following requirements: a minimum of eight characters in length, inclusion of at least one uppercase letter, one lowercase letter, and one numeric digit. Our system automatically validates password strength during account creation and password updates, rejecting passwords that do not meet these criteria. We provide real-time feedback during password creation to help users understand and meet our security requirements.
As required under COPPA, we allow Parents to make certain choices regarding the personal information submitted by their Children as described in this subsection. Parents should make any permitted requests with the School and have the School, as the Parent’s agent, pass on those requests to us. We may rely on the instructions that we receive from the School that we reasonably believe are given by a Child’s Parent to the School. For example, if a representative of the Child’s School contacts us and provides the Account information we request, we may assume that the person calling is acting on behalf of the Child’s Parent.
Information we collect, share and use: In general, we collect the same information from Children that collect from other users of the Services, and use and share such information for the same purposes. In addition, our Service also allows Schools to access and interact with their students and their Parents. If your Child’s School creates an Account for your Child, the School may share your Child’s personal information, such as your Child’s grades, test scores, attendance levels, and other information, with us. We may add all of this information to the information we have already collected from your Child via the Service, and we may use it as described in this Privacy Policy. We also may share your Child’s personal information: (a) with the Child’s Parent’s Consent, or with your Child’s School or those directed by your Child’s School. We are not responsible for any errors in information your Child’s School provides to us.
Parent’s Choices Regarding Information: In general, we offer Parents the same choices that we generally offer to other users with respect to the collection, use, retention and disclosure of their Child’s information. In addition, a Parent has the right to review the Child’s personal information, which the Parent may obtain by contacting the Child’s School. After review the Child’s personal information, the Parent may ask us to update or delete the Child’s personal information by requesting such changes through the Child’s School. A Parent may prohibit us from sharing a Child’s personal information with a third party by requesting such prohibition through the Child’s School. Notwithstanding any such requests, we may continue to share a Child’s personal information for Internal Purposes and Enforcement Purposes.
If a Parent chooses to prohibit any future collection, use or disclosure of the Child’s personal information, the Parent may do so by terminating the Child’s Account through the School, and requesting the deletion of the Child’s personal information through the School. Upon receiving such request from the Child’s School, we will delete the Child’s Account information from our live databases and all information and data stored for such Account. Meg will not have any liability whatsoever for any termination of the Account or related deletion of the Child’s personal information. When we delete personal information, it will be deleted from our active databases but may remain in our archives.
Sharing your Personal information
We do not sell or rent your personal information to third parties for marketing purposes unless you have granted us permission to do so.
We share personal information within Meg and its affiliated companies, and with third party service providers for purposes of data processing or storage.
We also share personal information with business partners, service vendors and/or authorized third-party agents or contractors in order to provide requested Services or transactions, including processing orders, processing credit card transactions, hosting websites, hosting event and seminar registration and providing customer support. We provide these third parties with personal information to complete/utilize the requested Product or transaction.
In some cases, we may choose to buy or sell assets. In these types of transactions, user information is typically one of the transferred business assets. Moreover, if we, or substantially all of our assets, were acquired, or if we go out of business or enter bankruptcy, user information would be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer of us or our assets may continue to use your Personal information as set forth in this policy. As required by law, we may respond to subpoenas, court orders, or similar legal process by disclosing your Personal information and other related information, if necessary. We also may use personal information and other related information to establish or exercise our legal rights or defend against legal claims.
We collect and possibly share personal information and any other additional information available to us in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of Meg’s terms of service, or as otherwise required by law.
While navigating Meg’s website or Services, you may be directed to content or functionality that is hosted by a third-party. When information is collected on behalf of Meg exclusively, Meg’s Privacy Policy will be referenced and will govern how your information is used. For other, non-Meg sites or services, the site/service owner’s privacy policy will be referenced. You should review such third party’s privacy and security policies prior to use.
Linked websites and third party services
Meg requires all third-party service providers with whom we share your personal data to adhere to the same privacy and security standards outlined in our agreements with you. We enter into comprehensive data processing agreements with each third-party vendor that contractually bind them to our privacy terms, security requirements, and data protection obligations. These agreements specifically require third parties to implement appropriate technical and organizational measures to protect your data, limit data use to the specified purposes only, maintain confidentiality, comply with applicable data protection laws, and notify us immediately of any data breaches or security incidents. We conduct regular audits and assessments of our third-party providers to ensure ongoing compliance with these contractual obligations and our privacy standards.
Using Zoom or similar video conferencing technologies
In delivering our Service, we may use the video conferencing software Zoom.
For Zoom attendees – Please be advised that for any meetings or Webinars you attend, recordings can be enabled by a meeting or webinar host. A meeting would only ever be recorded with the express permission of the classroom teacher. You may access the Zoom Privacy Policy here.
Transfer and Storage of Personal information
Our Services are hosted in Australia. We may transfer your personal information to the United States of America, to any Meg affiliate worldwide, or to third parties acting on our behalf for the purposes of processing or storage. By using any of our Services or providing any personal information for any of the purposes stated above, you consent to the transfer and storage of your Personal information, whether provided by you or obtained through a third party, to Australia as set forth herein, including the hosting of such personal information on Australian servers.
Data Breach
We will notify users within 72 hours of any breach of this policy which results in an adverse affect on user privacy.
Contacting Us
Any inquiries or complaints regarding this Privacy Policy should first contact Meg at:
- [email protected]
- Level 1, 272 Coventry Street, South Melbourne, Vic, Australia, 3205
- +61 (0) 3 9018 5347
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact at the above contact details.
Changes to this Privacy Policy
Meg is committed to transparency regarding changes to our third-party service providers and will notify you whenever we add new third parties or make significant changes to existing third-party relationships that affect your personal data. When we engage a new third-party service provider that will have access to your personal information, we will provide advance notice through email to your registered account and prominent notice on our platform at least 30 days before the change takes effect. This notification will include the name of the new third party, the specific categories of data that will be shared, the purpose of the data sharing, and how this change may affect your privacy rights.
Similarly, when we terminate a relationship with a third-party provider, we will notify you of the change and explain how your data will be handled during the transition. For any new third-party arrangements, we will clearly state the data sharing terms, security requirements, and compliance obligations that the new provider must meet, which will be equivalent to or stronger than our existing privacy standards.
If you object to a new third-party arrangement, you will have the option to opt out where technically feasible or, if the third-party service is essential for core functionality, you may choose to terminate your account before the change takes effect. We maintain an updated list of all current third-party service providers in our Privacy Policy, which is accessible through your account dashboard and includes the specific data sharing terms for each provider.