This site doesn't support Internet Explorer. Please use a modern browser like Chrome, Firefox or Edge.
Secret Lesson is a hosted web application ("Service") developed and maintained by Groove Networks, LLC., doing business as "Secret Lesson". We care about your personal data you entrust us with. Demonstrating Groove’s engagement in personal data protection we are bringing you the key facts about how we handle personal data processing in Groove. We are GDPR ready and compliant GDPR is the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
1. Data Protection Officer Groove Networks LLC, 2 Dearborn St. Newport, RI United States is a data controller and a processor of personal data provided in Service. Groove has its headquarters in the USA, which is why we have appointed a representative and internal data protection officer (“DPO”) for you to contact if you have any questions or concerns about Groove’s personal data policies or practices. You can reach out to our Data Protection Officer at [email protected]
2. What do we do: We provide a web application for help desk support. The main activity of Groove is gathering Your data from various channels (like email, twitter, facebook or widget you embed on your site - for a full list, see our Knowledge Base), grouping it, cross referencing and categorizing in order to make it accessible in the most user-friendly way, allowing you to deliver best possible support for your customers. In order to perform our Service we process: (as a data controller) internet protocol (IP) of everyone who visits our service or if sending us a message name, email address and your general location (“Visitor”) (as a data controller) personal data of our customers (users of Service acting as Account Owner, Administrators, Agents - jointly referred to as (“You”)); (as a processor on Your behalf ) personal data of Your customers.
5. What are the legal grounds for processing data We process Your data either on contractual ground (processing is necessary for the fulfilment of a contract or in order to take steps at Your request prior to entering into a contract) or the legal ground for processing your personal data is realization of the legitimate interests pursued by the controller (tracking movement on website for analytics, responding to messages sent by contact form). We process Your data for marketing purposes only when You have given us Your consent. We process Your customer data as processor pursuant to Data Processing Agreement.
6. What are the purposes of processing data: Your personal data Purpose Category Service performance including its development email, name, billing information, API token, cookies, internet protocol (IP), location, tracking movement Marketing email addresses, name; Service performance purposes means all data processing relevant to providing You with Service. This is information which we need for creating an account for You (name, e-mail address, billing information) but also to develop and maintain our Service (cookies, API token, internet protocol (IP). Groove analyzes trends, tracks Your movements so we can adjust Service to Your needs. Marketing purposes mean that we want to inform You about our new features and products and send You a newsletter regarding it via email. You can always withdraw Your consent – more at Right to withdraw consent. Your customer data We process Your customer data on Your behalf so you can use Groove. We provide You with features that enable You to profile Your customers (tracking read emails, tracking online movements in Knowledge Base, tracking customers’ satisfaction ratings).
8. Cookies A cookie is a small amount of data which often includes an anonymous unique identifier that is sent to Your browser from a web site’s computers and is stored on Your computer's hard drive. Cookies are required to use Groove in order to uniquely identify Your browser and user preferences while logged in. We use non-permanent cookies that last for up to two weeks, after which You will be required to log in to the Service again. You can control and/or delete cookies as You wish using Your browser preferences. You can delete all cookies that are already on Your computer and You can set most browsers to prevent them from being placed. If You do this, however, You may have to manually adjust some preferences every time You visit Groove and some services and functionalities may not work.
9. Who do we disclose Your data to We cooperate with several third parties, however we do not disclose any personal data to them without Your demand or consent. If You wish to use any of third-parties services You will be asked to agree to third parties’ terms and conditions (including privacy policies). The list of third parties can be found here.
10. Where and to whom do we transfer Your data In order to maintain and develop the Service Groove engages other entities. You gave us general written authorization in the Data Processing Agreement. We are also obliged to engage only sub-processors who demonstrate adequate safeguards in onward transfer. Groove may not rely on a breach by a sub-processor of its obligations in order to avoid its own liabilities. In the context of an onward transfer, Groove has responsibility for the processing of personal information it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. Groove shall remain liable if its agent processes such personal information in a manner inconsistent with the Principles under the Privacy Shield, unless Groove proves that it is not responsible for the event giving rise to the damage. The list of sub-processors be found here. Groove notifies You if we intend to change the list so You have the opportunity to object to such changes. Groove’s use of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
11. Your rights Access: You have a right to be informed about Your personal data processing, including the source of Your data collection, purpose of its processing and how long it will be stored . If You have any question regarding Your personal data please contact our DPO at [email protected] Rectification: You have a right to access and change Your personal data provided during registration or creating an account. You can do this in the Profile section of Your Account Settings. More info about Your rights as a Service user here. Erasure (“right to be forgotten”): In line with GDPR enforcement of the right to be forgotten, Groove introduces internal procedures which will streamline this process. In other words You (as an Account owner and/or Admin) can decide whether You wish to permanently delete a whole account, a user account or just specific personal data. If You decide so the process will be irreversible. Deletion can be performed by either using a “delete” function next to an appropriate piece of data in the Service (for example, Delete Ticket) or by contacting us on [email protected] when a built-in option is not available. Groove reserves the right to refuse permanent deletion for a legitimate reason, in particular but not limited to if current business affairs are not yet finished. Restriction on processing: You have a right to demand ceasing processing your data or restricting its processing with respect to exceptions set forth in art. 18 GDPR. If You have any question regarding Your restriction rights please contact our DPO at [email protected] Portability: If You need to export/import data to the Service in a way which is not available, please contact us at [email protected] so we can help You with Your custom needs. However, we also have exposed an API which allows You to easily access Your data in a portable way as well import data from other systems. You can read more about the API here: https://developer.groovehq.com/ Right to withdraw consent: You always can withdraw Your consent for processing Your data for marketing. To do so just contact us at [email protected] Lodge a complaint: You have a right to lodge a complaint with the appropriate data protection authority if You have concerns about how Groove processes Your personal data. For more information please contact our DPO at [email protected]
14. Data storage Groove stores Your and Your customers’ personal data on the servers of the cloud-based database management services Groove engages, located in the United States. Groove is hosted at AWS which announced compliance with GDPR. For more information on their servers and security, please see AWS security whitepaper https://docs.aws.amazon.com/whitepapers/latest/introduction-aws-security/welcome.html. Full list of hosting providers can be found here. Groove notifies You if we intend to change the list so You have the opportunity to object to such changes. For more information regarding data storage contact our DPO at [email protected]
15. Retention: We keep all Your data that You have provided to us for the duration of Your business relationship with us and we remove data: 1) at Your explicit request (either via clicking the delete button next to a particular piece of data or via an email request to [email protected]) 2) after You cancel Your account, at which point we remove Your data. This process takes up to 30 days to ensure all Your data is expunged from the system. Most personal data is deleted once You demand it or our business relation is ceased, however we keep Your name and email address longer until all possible business affairs are finished. For more information please contact our DPO at [email protected]
16. Security of data We are committed to ensuring the best security for You, which means choosing the best hosting providers and data storage solutions, including those having ISO 27001 and PCI Level 1 certifications. We ensure encryption of communication not only between You and our servers but also internally between parts of our Service. Groove restricts access to Your personal data to those employees who need to know that information to provide benefits or services to You. We maintain an internal Security Policy which ensures that all sensitive information is always transferred using secure, encrypted channels. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of Your information. We commit to taking appropriate disciplinary measures to enforce our employees' privacy responsibilities.
17. Legal obligations regarding data. Groove discloses personal data we process if necessary for the requirement to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. Groove under Data Protection Agreement and Standard Contractual Clauses is obliged to promptly inform You of its inability to comply with SCCs clauses which enables each Party to suspend the transfer and terminate the contract.
19. Contact & Questions In case of any queries please contact Secret Lesson at [email protected] If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. Groove appreciates the effort of software security researchers who work to make the Internet more secure.
Our security vulnerability bounty system exists to reward the work of security researchers who find issues with our software and web services. You can find more about our program here.