PRIVACY POLICY

Terms of Use, Privacy Policy, EULA, and Data Protection Addendum Last Updated Sep 23, 2023

We are committed to safeguarding the privacy of our website visitors. This policy sets out how we will treat your personal information.

Our website uses cookies. By using our website and agreeing to this policy, you consent to our use of cookies in accordance with the terms of this policy.

(1) PERSONAL INFORMATION WE COLLECT

We may collect, store and use the following kinds of personal information:

(a) User account data:

Information collected to create and administer your VentureBlocks account. This includes your name, email, organization, and password which you use to log into your account. This also includes information about your use of VentureBlocks, including simulations played, including score, level, status, and all other attributes of our simulations. This also includes information relating to any transactions carried out between you and us on or in relation to this website, including information relating to any purchases you make of our goods or services such as order numbers, costs, bills, and invoices (we do not store credit card numbers; these are directly processed by Stripe).

We use SendGrid to manage the sending of emails from VentureBlocks. We share your name, email, and the contents of emails sent by VentureBlocks with this provider, because it is necessary to manage the proper sending of emails in addition to opt-out lists.

(b) Usage and security data:

Information collected to maintain security for our users, perform audits of our system and security procedure, identify suspicious behavior, and implement additional security measures as needed. This information includes login credentials: your email, username, and password, in addition to your IP address. This may be linked to your VentureBlocks account. Finally, we may also collect information about your computer and browser, including browser type and version, operating system, and other technical details as needed to diagnose and identify bugs, as well as to provide technical support to users.

We also collect information about crashes and bugs in our simulation software, which is automated and built into our simulation software (including code information, your simulation information, and a visual representation of the simulation you were playing at the time of a crash or bug; we do not capture screenshots of your whole screen, but rather a rendering of the simulation screen that you see in your browser window, and nothing else from the browser window, at the time of a bug)

We also collection information about email send times, content, opens, and clicks. This information is used to track whether emails are being delivered, and to inform professors if their students never received emails to sign up, or if emails did not go through.

(c) Analytics data:

Information collected to understand trends and website usage patterns. This includes information about your visits to and use of this website including your geographical location, browser type and version, operating system, referral source, length of visit, page views, website navigation and details. We use a self-hosted Matomo to analyze the use of this website, and anonymize any personal information such as IP address when gathering usage data.

(d) Sales and marketing data:

Information collected to contact potential users for the purposes of sales and marketing. Instructors and partners who provide their email on ventureblocks.com may receive occasional emails from us regarding how to use our system and the benefits of becoming a customer.

(e) Log data:

We automatically collect information about your computer hardware and software when you use our services or view our content. This information can include your IP address, browser name and type, operating system, domain names, Internet Service Provider (ISP), the files, images, videos, and content viewed on our website as well as when they were viewed, and referring website addresses. We collect this information for security purposes, and to be able to debug a serious malfunction of the website. We do not associate log data with the personal information of our users, such as name, email, or address, unless there has been a security breach or incident in which case we may do so to the extent allowed by law.

(f) Payment data:

We collect your payment information in the event that you choose to purchase our software. We need this information to process a payment from you. Such information includes your credit card details (name, number, expiration, code, address, etc) or your bank information in the event that you send us a wire transfer. This information is not stored by us, but rather by Axos Bank, our bank. We may, however, store invoices, which include personal information such as your name and contact information, along with purchase defailt such as total cost and the number of purchased licenses. Invoices are stored securely on our server or on a business computer, both located in the United States.

(g) any other information that you choose to send to us

(2) COOKIES

A cookie consists of information sent by a web server to a web browser, and stored by the browser. The information is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser.

We use "session" cookies on the website. We will use the session cookies to: keep track of you whilst you navigate the website. While we do not use persistent cookies, our Data Processors below may. They do this for the purpose of recognizing you when you visit; and other uses.

We have set up self-hosted Matomo to only collect anonymous information about you, with the intention of not collecting any personally-identifiable information about users.

Most browsers allow you to reject all cookies, whilst some browsers allow you to reject just third party cookies. Blocking all cookies will, however, have a negative impact upon the usability of many websites, including this one.

(3) HOW YOUR PERSONAL INFORMATION IS USED

Personal information submitted to us via this website will be used for the purposes specified in this privacy policy or in relevant parts of the website.

We may use your personal information to:

(a) administer the website

(b) improve your browsing experience by personalising the website

(c) enable your use of the services available on the website

(d) send to you goods purchased via the website, and supply to you services purchased via the website

(e) send statements, invoices, and receipts to you, and collect payments from you

(f) send you general (non-marketing) commercial communications

(g) send you email notifications which you have specifically requested

(h) send to you our newsletter and other marketing communications relating to our business which we think may be of interest to you by post or, where you have specifically agreed to this, by email or similar technology (you can inform us at any time if you no longer require marketing communications)

(j) deal with inquiries and complaints made by or about you relating to the website

(k) debug our software in the event of a bug or any code changes

(l) to process payments from you

(m) other uses

Where you submit personal information for publication on our website, we will publish and otherwise use that information in accordance with the license you grant to us.

We will not without your express consent provide your personal information to any third parties for the purpose of direct marketing, with one exception: if you signed up for VentureBlocks through one of our third-party affiliates or resellers (individually referred to as "partner" and collectively referred to as "partners"), where they will be able to access your personal information for the purpose of billing and invoicing, or any other purpose described in their privacy policy (possibly including direct marketing).

In the event that you signed up for VentureBlocks through one of our partners, your personal information will be shared with that partner. You agree not to hold VentureBlocks Inc. responsible for the actions of partners and their usage of your personal information.

All our website financial transactions are handled through our payment services provider, Stripe. You can view the Stripe privacy policy at https://stripe.com/us/privacy. We will share information with Stripe only to the extent necessary for the purposes of processing payments you make via our website and dealing with complaints and queries relating to such payments.

Our simulation uses proprietary bug tracking software that notifies us of bugs and crashes. This notifies us of code issues, as well as details of your simulation, including but not limited to code being executed and a screen capture of your simulation window (only the simulation, nothing else in your browser or computer). We may use this to provide technical support to you, or notify you of a bug.

Your personal information is stored indefinitely, which is necessary to keep your account active and working. You may request a copy of or deletion of all your personal information by contacting us at support@ventureblocks.com or by contacting our EU or UK representative (see section 12). This is not limited to users in the E.U. per GDPR regulations, but is rather available to all users.

(4) DISCLOSURES AND SHARING OF YOUR PERSONAL INFORMATION

We may disclose information about you to any of our employees, officers, agents, suppliers or subcontractors insofar as reasonably necessary for the purposes as set out in this privacy policy.

In addition, we may disclose your personal information:

(a) to the extent that we are required to do so by law

(b) in connection with any legal proceedings or prospective legal proceedings

(c) in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk)

(d) to the purchaser (or prospective purchaser) of any business or asset which we are (or are contemplating) selling

(e) to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information

The website has the following Data Processors with whom personal information may be shared:

- Amazon Web Services, Inc. (product: Amazon Web Services), for hosting the infrastructure used by VentureBlocks. Your information is provided to servers owned by AWS because we are using their servers to host our websites and applications.

- OpenAI OpCo, LLC, (product: ChatGPT API) for providing AI-powered chat responses and conversation feedback features.

- Twilio Inc. (product: SendGrid), for managing the automated sending of electronic communications from the website. This includes notification emails, password resets, account and billing related emails, and other emails sent as a result of actions you take while using the website, or to notify you. We also use this Data Processor for marketing emails for instructor accounts and demo requests received on our website.

- Calendly LLC (product: Calendly), for scheduling and hosting sales and support phone and video calls with instructors. This is necessary to schedule calls in a user friendly way.

- Stripe, Inc. (product: Stripe), for processing payments using credit or debit cards. This is necessary to support on-demand license purchases.

- Zoom Video Communications, Inc. (product: Zoom), for conducting video calls. This is necessary because when scheduling a call with us, users can indicate they wish to have a Zoom call.

- Proton AG (product: Proton Mail), for sending and receiving electronic communications to/from customers and partners. Your name and email address is shared with this Data Processor for the purpose of communicating with you.

We reserve the right to publish anonymous aggregate information about our users, which does not contain any personally identifiable information. For example, information such as "5,000 students used VentureBlocks this month" or "90% of students reach level 8 when playing". We may also publish aggregate information (not individual information) for other users playing the same simulation as you. For example, information such as "your classmates most frequently ask leading questions".

Except as provided in this privacy policy, we will not provide your information to third parties.

For student accounts, the instructor who added you to their simulation is able to see your name, email or username, whether you have an active license, whether you have played the simulation, an estimate of time spent playing, your current and high scores, your level, reflection question answers, notes taken, and other details of your simulation and gameplay. If your student account has a username instead of an email, and your password is managed by your instructor, they are able to see your password (this does not apply to users who use email to sign in). For student accounts, we will not disclose your information to other users of the website except for (a) the instructor who created your simulation ("your instructor"), and (b) any instructors or users for whom your instructor explicitly requested we grant access to your simulation analytics data (for example, if there are program administrators or co-instructors who your instructor wants to have access to your information). We may provide your instructor with additional simulation information upon your instructor's request. We may also provide information about your license to a partner account if that partner account is associated with your purchase of a license. This information will not include your name and contact information but rather information specific to your license, such as whether it was purchased, when it was purchased, whether it was activated, when it was activated, and other information. Partner accounts may include retail stores, online stores, publishers, and other VentureBlocks users who may resell VentureBlocks licenses.

For instructor accounts, when you add a student to your simulation, we send them your name by email, along with your course name, course section, and course number so that they are able to identify the purpose of the email. If an instructor or partner account transfers licenses to another instructor or partner account, the first and last name of the user who initiated the transfer is shared with the recipient, and the email of the recipient (which was entered by the sender) is sent to the sender in an email confirmation. If you use the feature that allows you to share a sign up link (URL) for students, anyone with access to the URL will be able to view your name, along with your course name, course section, and course number so that they are aware of the course they are registering for; in this case we do not guarantee the privacy of this URL and this personal information because it is up to you to keep it private. We may also provide information about licenses purchased by you to a partner account if that partner account is associated with your purchase of a license. This information will not include your name and contact information but rather information specific to your licenses, such as when they were purchased, whether they were assigned to students, whether they were activated, when they were activated, and other information. This information may also include a count of license information by instructor, for example to report to a partner how many instructors and students are using licenses sold by that partner. In this case your personal information is not shared and the existence of your account is used in a tally. Partner accounts may include retail stores, online stores, publishers, and other VentureBlocks users who may resell VentureBlocks licenses. We will not disclose your information to other users of the website, including other instructors, and also students (except for the aforementioned situations).

(5) SECURITY OF YOUR PERSONAL INFORMATION

We will take reasonable technical and organizational precautions to prevent the loss, misuse or alteration of your personal information.

We will store all the personal information you provide on our secure (password- and firewall- protected) servers. All electronic transactions you make to or receive from us will be encrypted using SSL technology, with the possible exception of email as some email services do not use SSL and we do not have control over this.

Of course, data transmission over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.

You are responsible for keeping your password and user details confidential. We will not ask you for your password (except when you log in to the website or app).

(6) LEGAL BASIS FOR COLLECTING AND PROCESSING YOUR PERSONAL INFORMATION (EEA VISITORS/USERS ONLY) UNDER GDPR

If you are a visitor or user located in the European Economic Area (EEA), or if you a citizen of a country in the EEA, VentureBlocks Inc. is both your Data Controller and Data Processor, though we have other Data Processors. Please see the bottom of this page for contact information for our Data Protection Officer.

Our legal basis for collecting, processing, and otherwise using the personal information described on this page depends on the specific personal information in question and the context in which we collect it. However, we will normally collect personal information from you only where we have consent to do so, where we require the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect personal information from you.

(7) REVIEWING, UPDATING, AND REMOVING YOUR PERSONAL INFORMATION UNDER GDPR

You have the following GDPR data protection rights:

(a) You may request us to provide you with any personal information we hold about you.

(b) You may request us to update any personal information we hold about you.

(c) You may object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information.

(d) If the personal information we have collected about you was collected with your consent, you may withdraw your consent at any time. Doing so will not affect the lawfully of any data collection or processing prior to when consent was withdrawn, and it will not affect the processing of your personal information on other legal grounds than consent.

(e) You may request we delete your personal information from our system. We agree to destroy the email/student information at the request of any user who is either:

a student, or

an instructor at an accredited school or university, provided that user purchased licenses for its student users (if students purchased their own licenses, this does not apply).

Deleting personal information will immediately invalidate all licenses for students whose information is destroyed and they will no longer have access to any part of the website services. No refund will be provided for destroyed data. Destroying data will not destroy it from our data backups; we retain secure daily backups of all user data, which cannot be altered, and therefore student data cannot be destroyed from backups until the backups themselves are destroyed. For this reasons the deletion of personal information from our systems and backups will take us 30 days.

You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. If you need further assistance regarding your rights, please contact us using the contact information provided below and we will consider your request in accordance with applicable law. In some cases our ability to uphold these rights for you may depend upon our obligations to process personal information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request.

(8) FOR EU, SWISS, and UK INDIVIDUALS: DATA PRIVACY FRAMEWORK NOTICE FOR PERSONAL DATA TRANSFERS TO THE UNITED STATES.

VentureBlocks Inc. complies with the EU-U.S. Data Privacy Framework program (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework program (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. VentureBlocks Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. VentureBlocks Inc. has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework program Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Your personal information and all data collected from you is stored on servers hosted by Amazon Web Services. These servers are located in the EU and not in the United States. Access to all data is restricted and limited to members of VentureBlocks Inc.

The Federal Trade Commission has jurisdiction over VentureBlocks Inc. compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.

Pursuant to the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, EU, UK, and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also may correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, or the Swiss-U.S. DPF, should direct their query to support@ventureblocks.com. If requested to remove data, we will respond within a reasonable timeframe.

We will provide an individual opt-out or opt-in choice before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to support@ventureblocks.com.

In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In the context of an onward transfer, VentureBlocks Inc. has responsibility for the processing of personal information it receives under the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, and subsequently transfers to a third party acting as an agent on its behalf. The EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF organization shall remain liable under the Principles if its agent processes such personal information in a manner inconsistent with the Principles, unless the organization proves that it is not responsible for the event giving rise to the damage.

In compliance with the EU-US Data Privacy Framework Principles, VentureBlocks Inc. commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the DPF Principles. European Union, Swiss and United Kingdom individuals with DPF inquiries or complaints should first contact VentureBlocks Inc. at:

By mail:

VentureBlocks Inc.

Attn: Privacy Officer

40 Alyssa Ct

Southington, CT 06489

USA

By email:

support@ventureblocks.com

VentureBlocks Inc. has further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information and to file a complaint. This service is provided free of charge to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2

(9) THIRD PARTY WEBSITES

The website contains links to other websites. We are not responsible for the privacy policies or practices of third party websites.

(10) POLICY AMENDMENTS

We may update this privacy policy from time-to-time by posting a new version on our website. You should check this page occasionally to ensure you are happy with any changes.

We may also notify you of changes to our privacy policy by email.

(11) CONTACT INFORMATION

If you have any questions about this privacy policy or our treatment of your personal information, please contact us using the information below.

By mail:

VentureBlocks Inc.

Attn: Anton Yakushin

40 Alyssa Ct

Southington, CT 06489

USA

By email:

legal@ventureblocks.com

(12) GDPR CONTACTS

Data Protection Officer (DPO):

By mail:

VentureBlocks Inc.

Attn: Anton Yakushin

40 Alyssa Ct

Southington, CT 06489

USA

By email:

dpo@ventureblocks.com

Representative for data subjects in the EU and UK:

We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact for the following regions:

  • United Kingdom (UK)
  • European Union (EU)
  • Switzerland

Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative, Prighter or make use of your data subject rights, please visit the following website: https://prighter.com/q/18109389109

(13) DATA PROTECTION ADDENDUM

This Privacy Policy is supplemented by the Data Protection Addendum.