- the information we collect about you;
- how that information may be used;
- with whom the information may be shared;
- how you may update the information you provide us;
- how you may contact us; and
- your choices about the information.
What Information Do We Collect?
We collect Personal Information from you through your engagement with our Services in a variety of ways, including but not limited to in connection with your visits to our locations, purchases, requests for services, the creation of a personal user account, any material you may post to our Websites or social media pages, and your submission of information to us, including, on any of our Websites. From time to time, we may provide you the opportunity to participate in contests or other voluntary activities, including through the Websites or other Services. We may request Personal Information from you, along with other information, in order for you to participate in these activities. Participation in these activities is completely voluntary; you may elect not to disclose your Personal Information by not participating in the activity.
Personal Information collected by us may include your:
- Email address;
- Phone number;
- Mailing or Home address;
- User-created username and password;
- You or your child’s image uploaded as a profile picture;
- Information regarding the child who you are enrolling in our Services, including their name, date of birth, school and grade level, and documents related to their academic needs;
- Credit card details (but Sylvan only stores truncated credit card data); and
- Interests related to your child’s Services.
For tutors, we collect:
- E-mail address;
- Phone number;
- Mailing or Home address;
- Social Security number;
- User-created username and password;
- Your image uploaded as a profile picture;
- Resume data, including degrees and institutions, experience, and certificates;
- Educational Degrees and Year with Issuing Institution; and
- Link to your LinkedIn profile.
We also collect and store general usage metrics of the Services, email communication history with Sylvan, anything you submit to or post on the Websites, and other information associated with you or your organization, as well as other information that may or may not specifically identify you. The information collected through the Services may be stored at servers, computers, or other media located in the United States.
We may obtain information about you from third-party sources, such as Google, Apple or your employer or insurance provider, when applicable. This information may be utilized, analyzed, and/or compared with information that Sylvan has collected from you or that you have submitted to the Services. If Sylvan obtains information from third-party sources, you agree that your sole legal remedy for any harm associated with that information is against the third-party that provided the information to us, and that you will not assert any cause of action, claim or demand against us other than requesting we delete any erroneous information.
For the avoidance of doubt, Sylvan shall be entitled to collect anonymous and/or aggregated data across its various products and services provided that no individual natural person can be identified from such data (“Aggregate Data”). The Aggregate Data will be used for various purposes, including without limitation to analyze behaviour, trends, and website interaction, and to improve, and enhance our services and for other development, creation of new features, diagnostic and corrective purposes in connection with our services. Sylvan shall own all right, title and interest in and to the Aggregate Data and this is not considered personal data.
Information Collection Technology
For each visitor to our Websites, we may use various technologies, including “cookies” to automatically gather certain information pursuant to your use of the Websites, from your electronic device about your activities using the Websites. We may collect and store non-personally identifying information through cookies and third parties to profile user activity and preferences. Technical and specification information about your device and settings may be collected when you use the Website. This information includes internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, the content of previously accepted “cookies” from us, and clickstream data. We collect and store this information on an individual basis and in combined form. We also collect both user-specific and aggregate information on what pages visitors access or visit.
A cookie is data stored on your device that tracks non-personal information about you. When using the Websites, we may assign your device one or more cookies that enable us to improve the quality of the Websites and to personalize your experience. Cookies allow us to automatically collect information about your activity on the Websites, such as the content you access while using the Websites, the links you click, and other activity you conduct while using the Websites. You may choose to modify your device setting to disable cookies or limit their use. If you choose to disable or limit cookies, or otherwise limit your device permissions to the Websites, you may experience diminished performance from the Websites and/or may be prevented from using some or all features of the Websites. Our cookies generally fall into one of four categories: Essential, Functional, Analytics and Target.
Our Services may contain web beacons (also known as “clear gifs”) or similar technologies that gather non-personally identifiable information about your use of our Services. Such technology may also be contained in e-mail messages or newsletters from us that allow us to determine whether messages have been accessed. The purpose of our use of this technology is so that we may analyze the effectiveness of our marketing efforts and the quality of our Services.
The following section only applies if you use one of our mobile software applications (the “Software”). The Software requires certain permissions on your mobile device in order to work as intended. You can either allow or deny the Software access to the permissions. In some cases, it is necessary for you to grant the Software permissions to take full advantage of features or functionality of the Software. If you disallow some or all permissions, the Software may not function properly. Some of the permissions needed may include access to your device’s: camera; calendar; location; phone; sensor; SMS; and storage. Additional permissions may be requested as new features are added in the future.
How Do We Use This Information?
We may use and share your information for any legally permissible purpose. We may match, use, and share any of the information we collect from you to any personally identifiable information we obtain through third parties. The ways we may use or share information that we collect about you include:
- providing you with use of the Websites and Services;
- providing you with products or services, whether from Sylvan, or any related organizations, entities, or affiliates;
- providing you with customized content and services;
- providing technical or customer support;
- performing research and analysis to gauge the use of the Websites and Services;
- communicating with you by e-mail, postal mail, telephone, text message, and/or mobile devices about products or services that may be of interest to you from Sylvan, any affiliates, sponsors, or other third-parties;
- to administer the working relationship with you/your employer;
- where we have another legitimate interest in doing so;
- in connection with any possible sale merger or restructuring of all or any part of our business or assets; and
- performing functions as otherwise described to you at the time of collection.
In order to perform certain services on your behalf, we may publish certain information that you provide. You agree that any testimonial feedback, stories, posts, interactions, or other comments provided by you to Sylvan through any form of communication including but not limited to through the Websites, becomes the sole and exclusive property of Sylvan and that such information may be used for any legally permissible purpose, including, but not limited to marketing and advertising our Services.
- To our affiliates as permitted by law;
- To third parties who provide information technology services such as website hosting, computer systems maintenance, or data security and privacy services;
In addition, we may share aggregate and sell, non-individual information, incapable of identifying a particular person, with third parties for any lawful purposes.
COPPA Disclaimer Regarding Children Under 13
In accordance with COPPA (Children’s Online Privacy Protection Act), our Websites do not collect any information from anyone under 13 years of age. Instead, all services to persons under the age of 13 must be initiated by a parent or legal guardian. Our Websites are all directed to people who are at least 13 years old or older. Sylvan reserves the right to require parental consent or to otherwise suspend the accounts and other access to the Services for individuals who Sylvan determines are aged 13 years old or younger. If you are the parent or legal guardian of someone under the age of 13 who may have provided Sylvan with information without your knowledge or consent, please contact us as provided below to have this information removed.
For California Residents
We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (“personal information“). Personal information does not include:
- Publicly available information from government records.
- Deidentified or aggregated consumer information.
In particular, we collected the following categories of personal information from consumers within the last twelve (12) months:
|A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.
|B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
|A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
Some personal information included in this category may overlap with other categories.
|C. Protected classification characteristics under California or federal law.
|Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
|D. Commercial information.
|Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
|E. Biometric information.
|Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.
(but only to extent you upload a picture of your face as a profile picture)
|F. Internet or other similar network activity.
|Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.
|NO (except through online cookies and other online tracking technology that you have permitted to operate, or did not opt out of, through visiting our website.)
|G. Geolocation data.
|Physical location or movements.
|H. Sensory data.
|Audio, electronic, visual, thermal, olfactory, or similar information.
|I. Professional or employment-related information.
|Current or past job history or performance evaluations.
|J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).
|Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
|K. Inferences drawn from other personal information.
|Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
We do not sell or share Personal Information with any third parties.
Your Rights and Choices (For California Residents Only)
The CCPA provides California residents with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
Right to Know and Data Portability
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months (the “right to know”). Once we receive your request and confirm your identity (see Exercising Your Rights to Know or Delete), we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties with whom we share that personal information.
- If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
- sales, identifying the personal information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
- The specific pieces of personal information we collected about you (also called a data portability request).
We do not provide a right to know or data portability disclosure for B2B personal information.
Right to Delete
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions (the “right to delete”). Once we receive your request and confirm your identity (see Exercising Your Rights to Know or Delete), we will review your request to see if an exception allowing us to retain the information applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
We will delete or deidentify personal information not subject to one of these exceptions from our records and will direct our service providers to take similar action.
We do not provide these deletion rights for B2B personal information.
Exercising Your Rights to Know or Delete
To exercise your rights to know or delete described above, please submit a request by either:
- Call us at 800-240-5090; or
- Email us at [email protected] with “PRIVACY – CCPA” in the subject line.
Only you, or someone legally authorized to act on your behalf, may make a request to know or delete related to your personal information.
You may also make a request to know or delete on behalf of your child by the above-described method but noting in the subject line “ PRIVACY – CHILD DELETION REQUEST.”
You may only submit a request to know twice within a 12-month period. Your request to know or delete must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which may include:
- Submitting a request through your online profile after proper authentication of your username and password.
- For Child Deletion Requests: By submitting a written request with a personal statement regarding the identity of the child and your relationship. We will verify identity and relationship through shared address, demonstrated access and control of contact information provided by the child (such as verified email or phone number), or if the child was also listed in your online profile.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
You do not need to create an account with us to submit a request to know or delete. However, we do consider requests made through your password protected account sufficiently verified when the request relates to personal information associated with that specific account.
We will only use personal information provided in the request to verify the requestor’s identity or authority to make it.
For instructions on exercising your sale opt-out or opt-in rights, see Personal Information Sales Opt-Out and Opt-In Rights.
Response Timing and Format
We will confirm receipt of your request within ten (10) business days. If you do not receive confirmation within the 10-day timeframe, please contact us as described above.
We endeavor to substantively respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to another 45 days), we will inform you of the reason and extension period in writing.
If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against your for exercising your CCPA rights.
Additional State Privacy Rights
Additional state consumer privacy laws may provide their residents with additional rights regarding our use of their personal information.
Colorado, Connecticut, Virginia, and Utah each provide their state residents with rights to:
- Confirm whether we process their personal information.
- Access and delete certain personal information.
- Data portability.
- Opt-out of personal data processing for targeted advertising and sales.
Colorado, Connecticut, and Virginia also provide their state residents with rights to:
- Correct inaccuracies in their personal information, taking into account the information’s nature processing purpose.
- Opt-out of profiling in furtherance of decisions that produce legal or similarly significant effects.
To exercise any of these rights please email your request to [email protected] with “Privacy” and your state of residence in the subject line. To appeal a decision regarding a consumer rights request please email [email protected] and indicate “Appeal” and your state of residence in the subject line.
Nevada provides its residents with a limited right to opt-out of certain personal information sales. Residents who wish to exercise this sale opt-out rights may submit a request to this designated address: [email protected]. However, please know we do not currently sell data triggering that statute’s opt-out requirements.
Implied Consent Under CASL
Opt Out Procedures
You may contact Sylvan to review, update and correct your Personal Information.
If you do not wish to receive promotional emails or other marketing communications from us, please let us know by using the opt-out response device that can be found at the bottom of every email we deliver or by contacting us as provided below. At places on our Websites where you give us your personal information, you may opt out of receiving those communications. Although you can opt not to receive promotional messages, we reserve the right to send you informational email messages about any user account you establish on our Websites, or notices regarding the Websites, as permitted.
To help us process your request, please include sufficient information for us to identify you in our records. We may need to verify your identity before providing you with Personal Information or updating it in our system.
We follow generally accepted industry standards to protect the personal information submitted to us, and to protect against loss, misuse, or alteration of your information. When you provide personally identifying information, we encrypt transmissions involving such information using secure protocols.
Please note, that while we use commercially reasonable methods to protect your personal information, we cannot guarantee its absolute security. Therefore, although we take reasonable steps to secure your information, we cannot and do not promise or warrant that your information will always remain secure.
External Links and Third-Party Privacy Practices
The Services may link to other websites, including but not limited to health care provider pages, or through advertisements. We disclaim any and all responsibility for the privacy practices of third parties that may have links to or from our Services. We encourage you to review the privacy policies and privacy statements of every website that you visit that collects personally identifiable information.
Contact Sylvan at [email protected] or by writing to us at:
Sylvan Learning Legal Department
Attention: General Counsel
502 Washington Avenue, Suite 400
Towson, MD 21204
On any email or postal letter that you send, please include “Privacy” in the subject line.
Changes to this Policy
Effective Date: February 21, 2024