Privacy policy

Date of Last Update: May 15, 2020

By visiting, viewing, accessing, browsing, surfing, registering your children in our learning programs or using (collectively the “Use”) our website www.brightloritos.com including its sub-domains, website pages, hyperlinks or mobile optimized version, if any (“Website”) and/or using any of our services offered through the Website, you (hereinafter referred to as “you”, “your” or “User”) consent to the information collection, disclosure and use practices as described in this Privacy Policy. The Website is operated by Bright Loritos LLC, a limited liability company incorporated under the laws of Michigan, United States, having its registered address at 2605 Crooks Rd Troy, MI 48084, Michigan, United States (hereinafter referred to as “we,” “us” or “our”). This Privacy Policy also sets out how we may collect, use and disclose information in relation to Users of the Website.

1. Information We Collect

1.1 Your privacy is important to us and we have taken steps to ensure that we or our affiliated third-parties do not collect more information from you than what is necessary for us in relation to your Use of the Website.

1.2 For visiting, viewing, accessing, browsing, surfing, registering your children in our learning programs or using the Website, you may be asked to submit the following types of personal data:

1.2.1 Personal Data: This may include personal information relating to an identified or identifiable natural person, such as name, gender, phone number, e-mail address, debit/credit card information or any payment gateway details (only for payment processing) and such other information, data and materials as we may deem necessary for provision of our services offered through the Website. We may utilize third party companies who use customer data to connect with processing services for us. When you contact us through any of the communication modes as mentioned below, your e-mail address may be added to our mailing list from which you can unsubscribe at any time using the unsubscribe link in each e-mail or by contacting us at info@brightloritos.com.

1.2.2 Communication Data: This may include data relating to any communication that you send to us whether that be through the consultation/contact form on the Website, through e-mail or any other mode of communication that you use to contact us. We process this data for the purposes of communicating with you, for record keeping and for the establishment, pursuance or defence of potential legal claims. Our lawful ground for this processing is our legitimate interests which in this case are to reply to communications sent to us, to keep records and to establish, pursue or defend potential legal claims.

1.2.3 Technical Data: This may include data about your use of the Website and online services such as your IP address, your login data, details about your browser, length of visit to pages on the Website, page views and navigation paths, details about the number of times you use the Website, time zone settings and other technology on the devices you use to access the Website. The source of this data is from our analytics tracking system. We process this data to analyse your use of the Website and other online services, to administer and protect our business and the Website, to deliver relevant website content and advertisements to you and to understand the effectiveness of our advertising. Our lawful ground for this processing is our legitimate interests which in this case are to enable us to properly administer the Website and our business and to grow our business and to decide our marketing strategy.

1.2.4 Marketing Data: This may include data about your preferences in receiving marketing material from us and our third parties and your communication preferences. Our lawful ground for this processing is our legitimate interests which in this case are to study how customers use our services, to develop them, to grow our business and to decide our marketing strategy.

1.3 We may use Personal Data, Communication Data, Technical Data and Marketing Data (collectively the “Data”) as follows:

1.3.1 If, upon visiting the Website, your use is limited to browsing the Website, we will not collect any Personal Data from you unless you voluntarily provide it to us.

1.3.2 If you place an order at the Website, we may ask you to provide with the Personal Data. Payment processing information is collected by Stripe and shipping information is collected by ship-station and Big Cartel on our behalf.

1.3.3 If you post at the Website’s discussion forum (if any), we may ask you to provide your name and e-mail address.

1.3.4 If you want to enter any sweepstakes, contests or promotions sponsored by us or by one of our business partners, we will need your Personal Data as per the rules of the specific contest.

1.3.5 If you choose to participate in a customer survey conducted by us or by one of our business partners, we may ask for your Personal Data as may be required by a particular survey.

1.3.6 If you report a problem or submit a customer review, we will ask you to provide your Personal Data. Should you contact us for any reason other than to report a problem and/or submit a review, we may also keep a record and/or copy of your correspondence with us.

1. Name and Address of the Data Controller

2.1 Data Controller for the purposes of the General Data Protection Regulation (“GDPR”), other data protection laws applicable in Member States of the European Union (“EU”) and other provisions related to data protection is:

Data Controller: Bright Loritos LLC
Data Protection Officer: Ernesto Chavez
Address: 2605 Crooks Rd Troy, MI 48084, Michigan, United States
Phone: 248-649-6790
Email: info@brightloritos.com
Website: www.brightloritos.com

1. Consent and its Withdrawal

3.1 When you visit, view, access, browse, surf, register your children in our learning programs or use the Website, you provide us with your consent to use your Data as per this Privacy Policy. In order for you to Use the Website, it is necessary for us to collect all relevant and necessary Data from you. In addition, by filling the forms available on the Website, you give us your express consent and permission to use your Data.
3.2 We will process the Data only after taking written instructions/consent from you mostly in electronic form in the form of clickable button or a checkbox.

3.3 If you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at any time, by contacting us at info@brightloritos.com.

1. Promotional Emails

4.1 You agree that we may from time to time send e-mail messages to you through our affiliated company Iclasspro, which offer products and services, promotions, subscriptions or registration-based services or other material. If you wish to discontinue receiving such email, you may opt-out by following the given procedure. Your preferences will then be updated.

1. How We Use and Process the Data

5.1 The Data collected by us from you may be used to better understand your needs in relation to your Use of the Website, to correspond with you and reply to any of your questions relating to any of our programs.

5.2 We will not rent or sell your Data to others. We may store the Data in locations outside our direct control (for instance, on servers or databases co-located with hosting providers).

5.3 If you provide any Data to us, you are deemed to have authorized us to collect, retain and use that data for the following purposes:

i. verifying your identity;

ii. sending you a welcome e-mail;

iii. providing you with customer service and responding to your queries, feedback or disputes;

iv. conducting marketing analysis, sending surveys or newsletters, contacting you about our programs, activities, special events or offers from us and for other marketing, information, product development and promotional purposes;

v. making such disclosures as may be required for any of the above purposes or as required by law, regulations and guidelines or in respect of any investigations, claims or potential claims brought on or against us;

vi. sending you notices (for example, in the form of e-mails, mailings and the like) regarding products or services you are receiving and for billing and collection purposes;

vii. provide and maintain the Website;

viii. notifying you about changes to the Website;

ix. sending you information we think you may find useful or that you have requested from us;

x. enhancing and improve the Website such as through personalized features and content;

xi. analysing the use of the Website and the people visiting to improve our content and Website;

xii. investigating, preventing or taking action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our policies or as otherwise required by law;

5.4 We shall ensure that:

i. The Data collected and processed for and on our behalf by any party is collected and processed in accordance with applicable data privacy laws;

ii. You are always made fully aware of the reasons for the collection of Data and are given details of the purpose(s) for which the Data will be used;

iii. The Data is only collected to the extent that is necessary to fulfil the purpose(s) for which it is required;

iv. No Data is held for any longer than necessary in light of the purpose(s) for which it is required.

v. Whenever cookies or similar technologies are used online by us, they shall be used strictly in accordance with applicable laws;

vi. You will be informed if any Data submitted by you online cannot be fully deleted at your request under normal circumstances and how to request deletion of any other copies of that Data, where it is within your right to do so;

vii. Appropriate technical and organizational measures are taken to protect the Data;

viii. Data is transferred securely, whether it is transmitted electronically or in hard copy;

ix. You can fully exercise your rights with ease and without hindrance.

1. Disclosure of Data

6.1 We shall not be able to keep your Data private in response to legal process, i.e. a court order or a subpoena or a law enforcement agency’s request. If, in our view, it is deemed appropriate to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our terms of use or as otherwise required by law, we may be compelled to disclose the Data. Moreover, in case of takeover, merger or acquisition, we reserve a right to transfer your Data to new platform.

6.2 We may disclose the Data in the good faith belief that such action is necessary to:

i. comply with a legal obligation;
ii. protect and defend our rights or property;
iii. prevent or investigate possible wrongdoing;
iv. protect the personal safety of users of the Website or the public;
v. protect against legal liability.

6.3 When necessary, we may also disclose and transfer your Data to our professional advisors, law enforcement agencies, insurers, government and regulatory and other organizations.

1. Data Storage

7.1 Your Data may be stored and processed at the servers in United Kingdom, Canada, United States, Europe or any other country in which we or our subsidiaries, affiliates or service providers maintain facilities.

7.2 We may transfer your Data to affiliated entities or to other third parties across borders and from your country or jurisdiction to other countries or jurisdictions around the world. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

7.3 We will take all steps reasonably necessary to ensure that your Data is treated securely and in accordance with this Privacy Policy and no transfer of your Data will take place to an organization or a country unless there are adequate controls in place including the security of your Data.

7.4 We will only retain your Data preferably for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any record retention or reporting requirements under applicable laws. When deciding what the correct time is to keep the Data, we look at its amount, nature and sensitivity, potential risk of harm from unauthorised use or disclosure, the processing purposes, if these can be achieved by other means and legal requirements.

1. How We Protect Your Information

8.1 We store all the Data submitted by you through the Website at a secure database.

8.2 We are concerned with protecting your privacy and Data, but we cannot ensure or warrant the security of any Data you transmit or guarantee that your Data may not be accessed, disclosed, altered or destroyed by breach of any of our industry standard physical, technical or managerial safeguards.

8.3 No method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Data, we cannot guarantee its absolute security. If you have any questions about security of the Website, you can contact us at info@brightloritos.com.

8.4 Any Data supplied by you will be retained by us and will be accessible by our employees, any service providers engaged by us and third parties.

1. Compliance with the GDPR

9.1 For users based in the EU, the Website shall make all reasonable efforts to ensure that it complies with the General Data Protection Regulation 2016/679 of the EU regarding the collection, use, and retention of Data from the Users based in Member States of the EU. The Website shall make all reasonable efforts to adhere to the requirements of notice, choice, onward transfer, security, data integrity, access and enforcement.

9.2 The Rights of Users: You may exercise certain rights regarding your Data processed by us. In particular, users based in the EU may do the following:

9.3 Right of confirmation: You shall have the right granted by the EU legislator to obtain from us the confirmation as to whether or not personal data concerning you are being processed.

9.4 Right of Access: You shall have the right granted by the EU legislator to obtain from us free information about your personal data stored at any time and a copy of this information. Furthermore, the EU directives and regulations grant you access to the following information:

9.4.1 the purposes of the processing;

9.4.2 the categories of personal data concerned;

9.4.3 the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;

9.4.4 where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

9.4.5 the existence of the right to request from us rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;

9.4.6 the existence of the right to lodge a complaint with a supervisory authority;

9.4.7 where the personal data are not collected from you, any available information as to its source;

9.4.8 the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved as well as the significance and envisaged consequences of such processing for you.

9.5 Furthermore, you shall have a right to obtain information as to whether personal data are transferred to a third country or to an international organisation. Where this is the case, you shall have the right to be informed of the appropriate safeguards relating to the transfer.

9.6 Right to rectification: You shall have the right granted by the EU legislator to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

9.7 Right to erasure (Right to be forgotten): You shall have the right granted by the EU legislator to obtain from us the erasure of personal data concerning you without undue delay and we shall have the obligation to erase personal data without undue delay where one of the following grounds applies as long as the processing is not necessary:

9.7.1 The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.

9.7.2 You withdraw consent to which the processing is based according to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR and where there is no other legal ground for the processing.

9.7.3 You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing or you object to the processing pursuant to Article 21(2) of the GDPR.

9.7.4 The personal data have been unlawfully processed.

9.7.5 The personal data must be erased for compliance with a legal obligation in EU or a Member State law to which we are subject.

9.7.6 The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.

9.7.7 Where we have made personal data public and are obliged pursuant to Article 17(1) to erase the personal data, we, while taking account of available technology and the cost of implementation, shall take reasonable steps including technical measures to inform other controllers processing the personal data that you have requested erasure by such controllers of any links to, or copy or replication of, those personal data, as far as processing is not required. We will arrange the necessary measures in individual cases.

9.8 Right of restriction of processing: You shall have the right granted by the EU legislator to obtain from us restriction of processing where one of the following applies:

9.8.1 The accuracy of the personal data is contested by the data subject for a period enabling us to verify the accuracy of the personal data.

9.8.2 The processing is unlawful and the data subject opposes the erasure of the personal data and requests instead the restriction of their use instead.

9.8.3 We no longer need the personal data for the purposes of the processing but we are required by the data subject for the establishment, exercise or defence of legal claims.

9.8.4 You have objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether our legitimate grounds override those of yours.

If one of the aforementioned conditions is met and you wish to request the restriction of the processing of personal data stored by us, you may at any time contact us.

9.9 Right to data portability: You shall have the right granted by the EU legislator to receive the personal data concerning you, which was provided to us, in a structured, commonly used and machine-readable format. You shall have the right to transmit those data to another data controller without hindrance from us to which the personal data have been provided as long as the processing is based on consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR or on a contract pursuant to point (b) of Article 6(1) of the GDPR and the processing is carried out by automated means as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

9.10 Right to object: You shall have the right granted by the EU legislator to object on grounds relating to your particular situation at any time to processing of personal data concerning you, which is based on point (e) or (f) of Article 6(1) of the GDPR. This also applies to profiling based on these provisions.

9.10.1 We shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

9.10.2 If we process personal data for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing. This applies to profiling to the extent that it is related to such direct marketing. If you object to us to the processing for direct marketing purposes, we will no longer process the personal data for these purposes.

9.10.3 In addition, you have the right, on grounds relating to your particular situation, to object to processing of personal data concerning you by us for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

9.11 Automated individual decision-making, including profiling: You shall have the right granted by the EU legislator not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you, or similarly significantly affects you, as long as the decision (1) is not necessary for entering into, or the performance of, a contract between you and us, or (2) is not authorised by EU or a Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or (3) is not based on your explicit consent.

If the decision (1) is necessary for entering into, or the performance of, a contract between you and us, or (2) it is based on your explicit consent, we shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on our part, to express your point of view and contest the decision.

9.12 Right to withdraw data protection consent: You shall have the right granted by the EU legislator to withdraw your consent to processing of your personal data at any time. You may initiate request with us at info@brightloritos.com to exercise any of the above mentioned rights. We shall review your request and, in our own discretion, honour your request, if deemed necessary by us, within reasonable time.

1. Compliance with CalOPPA

10.1 We are also committed to complying with the California Online Privacy Protection Act (“CalOPPA”) which requires commercial websites and online services to post a privacy policy. The law requires any person or company in the United States (and conceivably the world) that operates websites collecting ‘personally identifiable information’ from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals or companies with whom it is being shared. As required under CalOPPA, we agree to the following:

• Users can visit our site anonymously.
• Our Privacy Policy link includes the word ‘Privacy’ and can easily be found on the page specified above.

10.2 We endeavour to fulfil requirements of the CalOPPA under this Privacy Policy in line with our policy for user data collection, storage, and disclosure as outlined for GDPR compliance.

1. Compliance of California Privacy Act 2018

11.1 This Privacy Policy is also applicable on California residents and explains how we collect, use, and share your Personal Information and how you may exercise your rights under the California Consumer Privacy Act of 2018 (“CCPA”).

11.2 Your rights under the CCPA:

11.2.1 Under the CCPA, you have the right to access the Personal Information we’ve collected about you during the past 12 months and information about our data practices. You also have the right to request that we delete the Personal Information that we have collected from you.

11.2.2 To request manual access or deletion of your Personal Information, please contact us at info@brightloritos.com.

11.2.3 Please note, for all manual requests, you will need to verify your identity by providing us with the all the information as we may require from you for this purpose.

11.2.4 You have the right to be free from any discrimination for exercising your rights to access or delete your Personal Information. We will not discriminate against you for exercising any of these rights.

11.3 If you have additional questions about this or how to exercise your rights under the CCPA, please contact us at info@brightloritos.com.

1. Use by Children and COPPA Compliance
   12.1 We strive to educate parents and kids about how to appropriately safeguard their privacy when using the Website Services. We are committed to complying with the Children’s Online Privacy Protection Act of 1998 (“COPPA”) which requires us to inform parents and legal guardians about our information collection and use practices. COPPA also requires that we obtain parental consent before we allow children under the age of 13 to access and/or use the Website Services. We urge kids to check with their parents before entering information through the Website and/or Website Services, and we recommend that parents discuss with their kids restrictions regarding the online release of Personal Data to anyone they do not know. We strive to help parents ensure that their kids have a safe experience using our Website Services. Parents or legal guardians can review any Personal Data collected about their child under 13 years of age, have this information deleted, request that there be no further collection or use of their child’s Personal Data, and/or allow for our collection and use of their child’s Personal Data while withholding consent for us to disclose it to third parties. We take steps to verify the identity of anyone requesting information about a child and to ensure that the person is in fact the child’s parent or legal guardian.
2. Cookies

13.1 We use technologies such as cookies to make better users experience, customise content, to provide social media features and to analyse traffic to the Website. Where applicable the Website uses a cookie control system allowing the user on their first visit to the Website to allow or disallow the use of cookies on their computer / device.

13.2 Cookies are small files saved to the user’s computers’ or mobile devices’ hard drive or memory that track, save and store information about the user’s interactions and usage of the Website. This allows the Website, through its server to provide the users with a tailored experience within the Website.

13.3 Users are advised that if they wish to deny the use and saving of cookies from the Website on to their computers hard drive they should take necessary steps within their web browsers security settings to block all cookies from the Website and its external serving vendors.

13.4 We may gather certain information automatically and store it in log files. This information includes Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and click stream data. We may use this information, which does not identify individual users, to analyse trends, to administer the Website, to track users’ movements around the Website and to gather demographic information about our user base as a whole.

13.5 We may track the referring URL (the web page you left before coming to the Website) and the pages, links, and graphics of the Website you visited. We do so because it allows us to evaluate the reputation and responsiveness of specific web pages and any promotional programs we may be running.

13.6 Managing Cookies: Many web browsers allow you to manage your preferences. You can set your browser to refuse cookies or delete certain cookies. You may be able to manage other technologies in the same way that you manage cookies using your browser’s preferences.

13.7 Please note that if you choose to block cookies, doing so may impair your Use of the Website or prevent certain elements of it from functioning.

1. Third-Party Service Providers

14.1 We may employ third party companies and individuals to operate or manage the Website (“Third Party Service Providers”), to provide the services listed on the Website on our behalf or to assist us in analysing how the Website is used.

14.2 These third parties have access to your Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

1. Changes to this Privacy Statement

15.1 We may modify these this Privacy Policy from time to time and any such change shall be reflected on the Website with the updated version of the Privacy Policy and you agree to be bound to any changes to the updated version of Privacy Policy when you use the Website.

15.2 You acknowledge and agree that it is your responsibility to review the Website and this Privacy Policy periodically and to be aware of any modifications. Updates to this Privacy Policy will be posted on this page.

15.3 Occasionally there may be information on the Website that contains typographical errors, inaccuracies or omissions that may relate to service descriptions, pricing, availability, and various other information, and we reserve the right to correct any errors, inaccuracies or omissions and to change or update the information at any time, without prior notice.

1. Contact US

16.1 If you have questions about our Privacy Policy, please contact us via email: info@brightloritos.com.