Privacy

FUSE Privacy Policy

(last updated February 25, 2020)

COPPA Policy

GPDR Policy

SUOMI

1. How to contact us

If you have questions, concerns or complaints you can contact us by e-mail at privacy@fusestudio.net, or by postal mail to the address below.

FUSE
Northwestern University
Annenberg Hall
2120 Campus Drive
Evanston, Illinois, 60208

2. Information we collect about you

2.1 User IDs, registration, and contact

We collect information about you when you register to use our website. This could include your name, email address, gender, ethnicity, birthday, studio location. We also collect other information that does not identify you, like your progress on the challenges.

2.2 Automatic data collection tools

When you communicate with us or access our website, our servers automatically collect and record certain information. For example, when you work on challenges, we keep track of the pages you visit and the amount of time you spend on different sections of the website.

2.3 Information and content that you disclose

Some sections of our website allow you to post questions, comments, videos, photographs, images, design files, and other content for others to see. Please note that in our website forums, your user name will be posted along with any message you post. The information and content you post will only be viewable by administrators of the FUSE website and members of your specific FUSE studio location.

We urge you to be careful and thoughtful when deciding to disclose personal information (like your name or location), or any other information, on our website.

To remove personal information or content you share, please email privacy@fusestudio.net with a request to remove the content.

2.4 Storage, retention and deletion of personal information

We store personal information and data files associated with you within secure data centers in the United States. If you request deletion of your account, we will take reasonable measures to destroy or permanently de-identify personal information in a secure manner. We may keep data you have uploaded (level completion documentation), your challenge history, and demographic data (your gender, age, and ethnicity), but your name, contact information, and location will no longer be attached to this data. Posts or comments you have made will become “anonymous” and will no longer display your username or profile image.

3. How FUSE uses personal information

We use information about you in a number of ways, including:

  • Operating, improving, and maintaining the FUSE website and to develop new products and services
  • Sending you administrative messages such as password reset or FUSE program administration emails.
  • Measuring and better understanding how our website and challenges are used, so we can improve them.
  • Personalizing and displaying relevant content on the FUSE website.
  • Sending questionnaires and surveys to help us better understand how we can improve this program. Your completion of any questionnaire or survey is voluntary.
  • Research: we remove all identifying information, such as real names and locations, from the research data collected through our website. If you have questions or would like more information about our research, please email research@fusestudio.net regarding Northwestern IRB study # STU00057776.

We may share or publish aggregated information and other information that does not specifically identify you, such as statistics about the number of visitors to our websites or about challenge activity occurring on www.fusestudio.net. All identifying information, such as real names and locations, is removed before these data are used in analysis.

We will never sell, distribute or otherwise share FUSE user data.

4. Security and integrity of personal information

We use a combination of administrative, technical, and physical security controls to help protect your personal information from unauthorized access, use, or disclosure. However, despite our efforts, no security controls are 100% effective, and we cannot completely ensure or warrant the security of your personal information. More detail is below in our Data Security section.

5. Removing content that you have posted

To remove content you have shared on our websites, you will need to send a request to privacy@fusestudio.net with your username and request. To delete your account, log into www.fusestudio.net using the account you want deleted, and in your account editor press the ‘request for removal’ button.

6. Statement of GDPR Compliance

FUSE is committed to the safety and privacy of all our students and facilitators, as the above privacy policy attests. For our European students, and for any student who so desires, FUSE does not require any personally identifiable information over the course of operating the website. In the event of a data breach there will be no risk of personal data (as enumerated in article 9 of the GDPR) being made public for said students. For more information, review our GDPR compliance statement (nested link to content below).

7. Changes to this privacy statement

We may update this privacy statement from time to time. Check the “last updated” section at the top of this privacy statement to see the last time the privacy statement was changed.

If we decide to make changes to our privacy statement, we will tell you and other users by placing a notice on www.fusestudio.net. You should periodically check fusestudio.net and this Privacy Policy for updates. Your continued use of our website constitutes your agreement to this privacy statement.

For changes to this privacy statement that may be materially less restrictive on our use or disclosure of personal information you have provided to us, we will obtain your consent (and potentially parental consent) before implementing the change. Please contact us if you have questions.

COPPA Compliance

We require all users under 13 to have parent permission before they create an account on fusestudio.net. Parent permission is collected by the partner school or district implementing FUSE. Our permission form is linked here, along with more information about the FUSE program.

The FUSE website (fusestudio.net) collects personal information during account creation. We collect a first and last name, gender, ethnicity, and birthdate. If you do not want us to collect any personal information about your child, s/he will be able to use the FUSE website through an anonymous guest account. This account will not track your child’s progress in completing challenges.

For non-anonymous students, the FUSE website keeps track of each member’s individual progress on FUSE challenges. The FUSE website is password protected and is only accessible to registered members who have been authorized by a FUSE facilitator (teacher or librarian). User progress data is collected and used in accordance with our Privacy Policy. (link) If you have questions about your child’s personal data, or wish to have data deleted from the FUSE website, please contact privacy@fusestudio.net.

GDPR Compliance

Lawful Basis & Transparency

We collect information about you so you can create a personal account on the FUSE website. We collect a name, birthdate, gender and ethnicity when you sign up for an account with FUSE. Personally identifying information will only be displayed, in part or in whole, to users who have securely logged onto the FUSE website with a password, and meet the following criteria: FUSE program administrators or members of your FUSE organization including your FUSE Facilitator and other FUSE users in your school. Your personal information is used to display and track your educational activity on the FUSE website. We do not share any user data, personal or otherwise, with third parties for commercial purposes. All sub-processors employed by FUSE are certified and active members of Privacy Shield.

Personal data is anonymized if and when it is removed from the site for use in academic research and program design research. All FUSE data is encrypted by any third party partners. We can completely delete user activity data on request.

You may participate in FUSE without providing any personal information by using an anonymous account.

Data Security

Data protection is central to our program design. We encrypt, pseudonymize, or anonymize personal data wherever possible. We have internal guidelines for deleting personal information from our database on user request. In the unlikely case of a data breach, we will notify your institution in a timely fashion, no more than 72 hours after becoming aware of the breach.

Personal data may be stored in data centers outside the EU. All FUSE sub-processors are certified and active members of Privacy Shield. FUSE is currently working on Privacy Shield certification for itself and targets certification by spring 2020. This will address any concerns from GDPR Chapter 5, Articles 44 through 50 regarding “Transfers of personal data to third countries or international organisations.”

Accountability and Governance

Our GDPR Compliance Officer is our Senior Software Developer and the contact email is privacy@fusestudio.net. FUSE is in the process of signing data processing agreements with third-party providers who might process your personal data as part of the FUSE web application.

Privacy Rights

Users may update or correct inaccurate or incomplete information by editing their user profile on the FUSE website. To delete your account, log into fusestudio.net using the account you want deleted, and in your account editor press the ‘request account removal’ button. You do not need to provide a reason. Upon your request FUSE will send you a copy of all the data you have shared with us.

A FUSE user may request an anonymous account at any time. A FUSE user may request that we delete their data at any time. If you have any questions, concerns, or actions you would like taken regarding your personal data, please reach out to FUSE at privacy@fusestudio.net.


 

Data Security Implementation

All data transmitted to or from the FUSE website is encrypted in-transit via the HTTPS standard. The website’s database is only accessible from the application server or authenticated SSH connections. All database backups are stored on protected systems and are encrypted at rest. All user passwords are cryptographically hashed with unique salts. FUSE has data handling procedures in place to make sure that data is anonymized when appropriate before it is shared internally for business or research analysis. Further questions about our data security implementation may be sent to privacy@fusestudio.net.