Last updated : March 1, 2024
BY USING OR ACCESSING THE PROPERTIES, YOU AGREE TO THIS PRIVACY POLICY. IF YOU DO NOT AGREE WITH OUR POLICIES OR PRACTICES, YOU SHOULD NOT USE OR ACCESS THE PROPERTIES OR PROVIDE US WITH ANY PERSONAL INFORMATION.
Please note that our privacy practices are subject to the applicable laws of the regions in which we operate. Accordingly, some additional region-specific terms will only apply to individuals in those locations, or as required by applicable laws.
With respect to the personal information that our clients and their vendors collect from you outside of our Properties and provide to us via use of the Services (“Service Data”), where permitted by law, we process such information only as a “service provider” or “data processor” (as those terms are defined under applicable data protection laws) on behalf of our clients, who act as the “business” or “data controller” (as those terms are defined under applicable data protection laws). Our clients are the parties that control the use of the Service Data and determine the purposes for which we process such information. While this Privacy Policy describes how we process Service Data on behalf of our clients, our clients are responsible for their own practices in collecting, using, and disclosing information they collect from you. To learn more about such clients’ use of your information and your rights that you may have over such information, please consult the party that provided us with your information and, if applicable, their privacy policy.
Pagecall, Inc. (“PAGECALL” or “We”) understands that privacy is important to our users. This Privacy Policy describes PAGECALL’s practices regarding the collection, use, storage sharing, and protection (collectively, “process” or “processing”) of your personal information for the website located at https://www.pagecall.com/ (the “Website”), or for users (“Users”) of our online classroom services (the “Services”) (collectively, the “Properties”). This Privacy Policy also tells you about the rights and choices you may have with respect to your information, how you can assert those rights, and how you can contact us to get answers to your questions.
We use the term “personal information” – also called “personal data” or “personally identifiable information” in the laws of some jurisdictions – to refer to information that reasonably identifies, relates to, describes, or can be associated with you. Data that has been deidentified or that otherwise cannot reasonably be related back to a specific person is not considered personal information. The precise definition of personal information may vary depending on your place of residence, but we take the same general approach to protecting your privacy, subject to any additional measures that may be required by applicable laws.
PAGECALL processes personal information for the following purposes.
1.
User Registration and Management
Personal information is processed to confirm User’s intent to register as a member; to identify Users and to verify a User’s identity; to manage membership eligibility; to prevent wrongful use of the Services; to issue various notices and notifications; to resolve issues; and to keep records for settling disputes.
2.
Technical Support and Handling Complaints
Personal information is processed to verify the complainant's identity; to confirm the complaint; to contact and notify relevant parties for fact-finding; and to inform the complainant on the progress of resolving the complaint.
3.
Providing Goods or Services
Personal information is processed to provide the Services; to send contracts and bills; to provide content; to provide customized services; to send coupons and vouchers; and to process payment and settle accounts.
4.
Marketing and Promotional Purposes
Personal information is processed to market our goods and services or goods and services of those of our affiliates, business partners, and other third parties, and to conduct surveys and promotions.
5.
Analytics and Personalization
Personal information is processed to conduct research and analytics to improve our services and personalize your experience.
6.
Security and Fraud Prevention
Personal information is processed to maintain the safety, security, and integrity of our Properties, databases and other technology assets, and business, and to protect against malicious, deceptive, fraudulent, or illegal activity.
7.
Compliance With Legal Obligations
Personal information is processed to comply with legal or regulatory obligations, establish or exercise our rights, defend against legal claims, respond to law enforcement or judicial requests, and act in connection with a bankruptcy proceeding or change in control of the company.
8.
For any additional purposes that you consent to.
With respect to Service Data, we use that information to provide the Services to our clients. We reserve the right to supplement your personal information with information we gather from other sources which may include online and offline sources. We may collect information that is not personal information (“non-personal information”), including anonymous or aggregate data, or information lawfully made available from federal, state, or local government records. Because non-personal information does not personally identify you, we may collect, use, and disclose such information for any purpose permitted by law. In some instances, we may combine non-personal Information with personal information. If we combine any non-personal information with personal information, the combined information will be treated by us as personal information to the extent that it is capable of personally identifying you.
1.
Personal Information Provided by You
We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.
Identifiers and contact information, such as your name, email, and phone number;
Commercial information, such as records of services purchase or considered, and payment and subscription history;
Professional information, such as your company name and job/position;
Sensory information, such as your photo or video and audio recordings of you;
Non-precise geolocation information, such as the country and city from which you are accessing the Services; and
Any other personal information that you voluntarily provide us.
2.
Payment Data
In order for you to use our Services you must sign in with our third-party payment processors Stripe and Payple and provide payment information, including your credit card number and the security code associated with your credit card number, to them. All payment data is stored by those processors. We do not collect your payment data or access to such data stored by them. For your purchases we ask them to process your payment and they provide us with confirmation that your payment has been made. For more information about the privacy practices of Stripe and Payple with respect to your payment information, please see the links below:
https://stripe.com/privacy
https://www.payple.kr/
3.
Information Automatically Collected
When you visit our Properties, we or third parties we work with may automatically collect certain information using technologies such as cookies and other tracking technologies described below.
Cookies and Similar Technology
"Cookies" are pieces of information that may be placed on your computer by a website for the purpose of collecting data to facilitate and enhance your communication and interaction with that website. Such data may include, for example, the address of the websites you visited before and after you visited our Properties, the type of browser you are using, your Internet Protocol (IP) address, what pages in the Properties you visited and what links you clicked on, the region where your device is located, and geographic information based on your IP data. We may store some information on your device or device hard drive as a cookie or similar type of file (such as clear gifs, web beacons, tags, and similar technologies that work on mobile devices) to collect data related to usage of the Properties. We may also use cookies to customize your visit to the Properties and for other purposes to make your visit more convenient or to enable us to enhance the Properties.
Clickstream Data
As you use the Internet, a trail of electronic information is left at each website you visit. This information, which is sometimes referred to as "clickstream data," can be collected and stored by a website's server. Clickstream data can tell us the type of computer and browsing software you use and the address of the website from which you linked to the Properties. We may collect and use clickstream data as a form of aggregate information to anonymously determine how much time visitors spend on each page of our Website, how visitors navigate throughout the Properties, and how we may tailor our web pages to better meet the needs of visitors. This information will be used to improve our Properties.
Analytics
We may work with third-party vendors who use the technologies described in this section to conduct website analytics to help us track and understand how visitors use our Properties. One such provider is Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses cookies to help analyze how users use the Properties. The information generated by these cookies about your use (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the Properties, compiling reports on activity for its staff, and providing other services relating to web page activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. You may refuse the use of cookies by selecting the appropriate settings in your browser. By using the Website and accepting cookies, you consent to the processing of data about you by Google in the manner and for the purposes set out above. Please refer to the currently available opt-outs for Google Analytics by visiting https://tools.google.com/dlpage/gaoptout/.
Social Media Platforms and Networks
If you interact with us on social media, we may collect information that you or such platforms share with us. Please review the privacy policies and settings of the social media platforms and networks that you use for more information about their privacy practices.
Service Data
We may obtain Service Data from our clients and their vendors, which we process on behalf of our clients in accordance with our contracts with them.
From Other Sources
We may obtain information about you from other sources, such as data analytics providers, marketing or advertising vendors, lead generation services, fraud prevention vendors, vendors that provide other services on our behalf, or publicly available sources.
We will retain your personal information for as long as we reasonably need it to achieve the purposes for which we collected it by establishing retention periods based on reasonable criteria. Generally, unless otherwise required by law or under applicable contracts, we do not keep your information for longer than 90 days after the termination of your account. As described above, we delete certain information as soon as possible upon your request or upon withdrawal of your permission to process. In the event any relevant legal claims are brought, we may continue to process your personal information for such additional periods as are necessary in connection with those claims. If there is a need to retain user information in accordance with applicable laws and regulations (such as tax, accounting or other legal requirements), we will retain the information for the period specified by the laws.
We do not sell your personal information or use it for targeted advertising. We may disclose your data to third-party service providers who perform services for us or on our behalf and require such access to such information to perform such services for us. Our third-party service providers include the following:
Transfer Country
Transfer Method
Recipient (Data Management Officer)
Purpose
USA, Japan
Online transmission using security protocol (encryption)
Amazon Web Services, Inc. (Stephen Schmidt, CISO, 1-206-266-1000)
Amazon Cloud Service (Physical operational environment)
USA
Online transmission using security protocol (encryption)
Sentry, Inc. (Privacy, security@sentry.io)
Front-end system log and error monitoring
USA
Online transmission using security protocol (encryption)
Zapier, Inc. (548 Market St. #62411, San Francisco, CA 94104-5401; Attn: Legal)
Sending emails to clients
USA, Ireland
Online transmission using security protocol (encryption)
Stripe (privacy@stripe.com)
Payment processing
Malta
Online transmission using security protocol (encryption)
Hotjar Ltd. Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian's STJ 3141 Malta, Europe
Customer behavior data analysis for system enhancement
USA
Online transmission using security protocol (encryption)
Amplitude, Inc. (Privacy, privacy@amplitude.com)
Customer behavior data analysis for system enhancement
Spain
Online transmission using security protocol (encryption)
Typeform (C/Bac de Roda, 163 (Local), 08018 – Barcelona (Spain), dpo@typeform.com)
Customer behavior data analysis for system enhancement
USA
Online transmission using security protocol (encryption)
Zendesk, Inc. 989 Market Street San Francisco, CA 94103, United States
Customer Service
USA
Online transmission using security protocol (encryption)
Salesforce.com, inc. (The Landmark @ One Market Street, Suite 300 San Francisco, CA 94105)
Sending emails to clients
USA, Ireland
Online transmission using security protocol (encryption)
MongoDB, Inc. 1633 Broadway, 38th Floor, New York, NY 10019, USA privacy@mongodb.com
Data recovery and backups
USA
Online transmission using security protocol (encryption)
Google 1600 Amphitheatre Parkway in Mountain View, California
User Authentication
We have contracts in place with the above third-party service providers, which have provisions to safeguard your personal information. Please understand that we may share your personal information when we determine that it is necessary: (i) to comply with any legal obligations, (ii) to fulfill our contractual obligations towards you, (iii) to protect the rights, property or safety of PAGECALL, our Users or others, or (iv) for any other purpose permitted by laws or regulations.
We may provide links to other websites that we think may be of interest to you, such as providers of various products and services. We do not endorse any other websites, providers, or services by providing such links, and this Privacy Policy applies only to your use of our Properties. We are not responsible for the privacy policies of any websites and services we link to on our Properties, and you should read the privacy policies of each site you visit to determine what data that site may collect about you.
Depending on your place of residence, local data protection laws may offer you rights regarding the processing of your personal information.
Opting Out of Messages
We may send you marketing messages via email. If you receive a marketing message from us, you may unsubscribe from future messages in accordance with our standard unsubscribe process (such as by using the unsubscribe link included in an email), or by sending an unsubscribe request to us at support@pagecall.com. We will process your request within a reasonable time after receipt. Please note that if you opt out in this manner, certain aspects of our services may no longer be available to you.
Cookies and Tracking Technologies
If you would like to stop or restrict the placement of cookies or flush any cookies that may already be on your computer or device, please refer to and adjust your web browser preferences. Further information on cookies is available at www.allaboutcookies.org. By deleting our cookies or disabling future cookies, you may not be able to access certain areas or features of our Properties or some of its functionality may be affected.
Note that cookie-based opt-outs must be performed on each device and browser that you wish to have opted out. For example, if you have opted out on your device browser, that opt-out will not be effective on your mobile device. Additionally, if you opt out on one of your devices, that opt out may not be effective on all of your devices. However, please be advised that cookie-based opt-outs are not effective on some mobile services.
PAGECALL destroys your personal information promptly upon the achievement of purposes or upon your request for deletion of personal information. If the personal information needs to be retained due to relevant laws and regulations despite the expiration of the retention period or the achievement of the processing purpose, we will transfer the personal information to a separate database or store it in a different storage location for retention. The procedures and methods of destruction are as follows:
1.
Destruction Procedure
Personal information will be destroyed in accordance with the strict control procedure approved by our privacy officer in accordance with applicable law.
2.
Destruction Method
Personal information recorded and stored in electronic file format will be irreversibly destroyed to prevent reproduction or recovery. Personal information recorded and stored on paper documents will be shredded or incinerated for destruction.
1.
PAGECALL has appointed a privacy officer who is responsible for overseeing the processing of personal information and handling complaints and remedial measures.
2.
You may inquire about personal information protection, claims and complaints, damage relief, and related matters that occur during the use of the service or business of PAGECALL will promptly respond to and handle the inquiries.
We reserve the right, at our discretion, to change, modify, add, or remove portions from this Privacy Policy at any time, provided that any such modifications will only be applied prospectively. We encourage you to periodically review the Website for the latest information on our privacy practices. If you are a User who has an account with us, we may notify you of such changes via email. Your continued use of the Properties following the posting of any changes to this Privacy Policy means you accept such changes.
Our Properties are intended for users ages 18 and over and, with the exception of Student Data (as discussed below), we do not knowingly collect personal information from children under the age of 13. With the exception of Student Data, when we become aware that personal information (or other information that is protected under applicable law) from a child under 13 has been collected, we will use all reasonable efforts to delete such information from our databases. If you believe we might have any personal information from or about a child under 13, please contact us by using the information the section below titled Contacting Us.
Some of our clients (for example, schools or educational institutions) may instruct us to collect personal information (“Student Data”) from or about children under the age of 13, or provide us with such information directly. Student Data may include an individual’s name or nickname, publicly available location information (such as country or city), device and network information, and class logs (such as when a student joins or leaves a class). We also store notes taken during class, and various in-class activity metrics (number of presentations, number of questions, etc.), if requested by our clients. Audio and video recordings are collected to provide our online classroom and whiteboard functions, and may be stored for the limited purposes of: resolving errors; addressing and verifying complaints; and providing clients with our class replay function. Please see the section titled “What Personal Information Do We Collect?” above for more information about the data that we collect from our users generally.
Student Data constitutes Service Data. We collect, maintain, use, and share Student Data only for authorized educational purposes, and process it strictly at the instruction of our clients—never for our own business and commercial purposes. We do not sell Student Data or use it for targeted advertising. Our clients are required to obtain verifiable parental consent before they send us Student Data or instruct us to collect it. If you are the parent or guardian of a child whose information we have collected as Student Data on behalf of a client, please contact that party directly for more information about their privacy practices in relation to your child’s data.
If you submit personal information to us, that information may be processed in a jurisdiction where privacy laws may be less stringent than those in your country of residence. By submitting your personal information to us, you agree to the transfer, storage, and processing of such information in foreign jurisdictions including, but not limited to, the United States. Please note that personal information transferred to the United States is subject to access by law enforcement.
Personal information is maintained on our servers or those of our vendors, and is accessible by authorized employees, independent contractors, representatives, and agents as necessary for the purposes described in this Privacy Policy. We use reasonable and appropriate physical, technical, and organizational safeguards designed to promote the security of our systems and protect the confidentiality, integrity, availability, and resilience of personal information. However, no method of safeguarding information is completely secure, and we cannot guarantee that our safeguards will be effective or sufficient. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us of the problem by contacting us at support@pagecall.com.
PAGECALL is an Amazon Web Service(AWS) Partner, utilizing their premium servers as our external cloud storage subcontractor. Consequently, we do not store customer data on our premises, ensuring top-level security and data management through AWS.
This indicates that our infrastructure is fully hosted on AWS, utilizing their globally distributed, state-of-the-art data centers. AWS currently operates 105 Availability Zones within 33 geographic regions worldwide, with plans to expand by adding 18 more Availability Zones and six new AWS Regions in Malaysia, Mexico, New Zealand, the Kingdom of Saudi Arabia, Thailand, and the AWS European Sovereign Cloud.
AWS fulfills the server needs of numerous esteemed organizations and governmental bodies. Our selection of this service provider is due to their rigorous security protocols, which are endorsed through various certifications and third-party validations.
AWS has a strong commitment to security and compliance, as evidenced by its attainment of various certifications and audits. They adhere to standards such as ISO 27001 for information security management systems, they are recognized as a Level 1 service provider under the PCI DSS for secure financial data handling, and they comply with stringent audit protocols like SAS70 Type II. Additionally, AWS has received authorization at the FISMA-Moderate level from the U.S. General Services Administration, showcasing its capability to handle sensitive government data securely. For the most current and detailed compliance information, please refer directly to the AWS compliance webpage.(https://aws.amazon.com/compliance/)
PAGECALL processes user data in their local region, with storage on servers in South Korea, meaning customer data may be stored outside the user's residence country. PAGECALL adheres to data protection laws, including Korea's Personal Information Protection Act(PIPA), recognized by the General Data Protection Regulation(GDPR) for its adequacy, indicating Personal Information Protection Act(PIPA) offers protections and rights similar to EU law. This compliance supports international data handling standards, ensuring that all personal data is processed with clear consent, implementing stringent security measures, and providing mechanisms for data access and erasure requests by users.
Data in Pagecall is encrypted at rest and in transit. We utilize MongoDB Atlas, which applies AES256 at-rest encryption to ensure the security and privacy of the data stored within our system. Also, We use HTTPS for all API requests to ensure the security and confidentiality of data as it moves between our systems and our users. PAGECALL supports TLS 1.2 exclusively, throughout our service. Other security features are in place, such as encryption of files and transmitted data and locking a file in case of essential data.
Authentication
PAGECALL utilizes Google Firebase with Google OAuth for authentication, ensuring no plaintext or encrypted passwords are stored on PAGECALL’s servers. Instead, Firebase handles ID verification and password management. Compliant with the ISO 27001 standard, Firebase guarantees that data is securely managed and protected, leveraging a globally recognized security management framework. This approach underscores PAGECALL’s commitment to data security and privacy.
PAGECALL implements Multi-Factor Authentication(MFA) to verify user credentials and reduce security risks. MFA is a security system that requires more than one form of verification from independent categories of credentials to verify the user's identity for a login or other transaction. MFA combines two or more independent credentials: what the user knows (password), what the user has (security token), and what the user is (biometric verification). This creates a layered defense and makes it more difficult for an unauthorized person to access a target such as a physical location, computing device, network, or database.
Restrictions on Access to Personal Data
PAGECALL also provides training on personal data protection for all employees at least once a year. PAGECALL takes necessary measures to control access to personal data by granting, changing, and canceling access rights to the database system that processes personal data and using an intrusion prevention system to prevent unauthorized access from outside. All personal data in hard copy are stored in a separately designated space with strictly controlled access.
PAGECALL prioritizes the principle of Least-privilege access by utilizing AWS Identity and Access Management (IAM). This allows us to designate who can access which services and resources in AWS, manage permissions centrally, and analyze access rights to fine-tune privileges across AWS. For the most current and detailed compliance information, please refer directly to the AWS IAM webpage.(https://aws.amazon.com/iam/)
Storage of Access Records and Prevention of Forgery
PAGECALL keeps and manages the records of access to the personal data processing system for at least two years and has security features to prevent forgery and theft.
PAGECALL commits to a 99.99% uptime for customers under our Service Level Agreement (SLA). Leveraging MongoDB Atlas, we ensure disaster recovery and backups with its sophisticated, automated features for data handling across worldwide data centers. This system's high availability and robust security configurations provide a solid foundation, safeguarding customer data with backups every six hours, thus supporting our uptime guarantee.
In the event of a disruption affecting normal service, PAGECALL promptly undertakes repairs and recovery. Information regarding the error description, its cause, remediation actions, the extent of impact, and measures to prevent recurrence is communicated through the customer's primary email contact in 72 hours.
In our security policy, we affirm our commitment to incorporating Secure Software Development Life Cycle (SSDLC) practices. This approach ensures that security considerations are integrated into every phase of software development, from initial planning through to deployment, thereby significantly minimizing vulnerabilities and enhancing the security posture of our products. Our adherence to SSDLC practices underscores our dedication to producing secure software and protecting our customers' data against emerging threats.
Vulnerability Management
PAGECALL undertakes an annual self-evaluation to ensure the secure handling of personal data. To safeguard against data breaches and technical vulnerabilities such as hacking or viruses, a security program is maintained, regularly updated, and reviewed. Additionally, technical and physical barriers are enforced against unauthorized access. Committed to the highest standards of data protection, PAGECALL aligns with the OWASP Top 10(https://owasp.org/www-project-top-ten/), an internationally recognized guide to the most critical web application security risks, reinforcing our dedication to securing customer data throughout the development lifecycle.
PAGECALL integrates Amazon Inspector for automated vulnerability assessments to enhance the security and compliance of our applications deployed on AWS. This integration allows for efficient identification and management of security issues within our AWS resources. By leveraging Inspector’s ability to automatically discover resources and identify security vulnerabilities, we provide a solid foundation for maintaining high security standards. This strategy ensures that vulnerabilities are addressed promptly, with detailed findings and actionable recommendations, helping to safeguard against security threats.
Static Application Security Test(SAST)
PAGECALL utilizes the open-source tool ESLint for Static Security Testing before and after developers' code is integrated into the product. This involves applying internal rules and common software standards to test for violations of coding practices and security vulnerabilities.
Dependency Management
PAGECALL employ a comprehensive approach that ensures all software and systems are up-to-date and secure. Our policy includes regular automated scans to identify outdated dependencies and software vulnerabilities. Upon detection, a prioritized action plan is implemented for updates and patches, following a risk assessment protocol.
Penetration Testing
PAGECALL undergoes yearly security checks through OWASP ZAP. We prepare a separate copy of our platform and detailed architecture overview for these assessments, ensuring customer data remains confidential. Findings from these tests guide our preventive and corrective measures. Customers can request a report of these security evaluations.
As a Data Subject, the User can exercise the following:
1.
Data Subject can exercise the right to view, correct, delete, and stop the processing of personal data used by PAGECALL at any time.
2.
Data subjects have the right to submit requests in writing or via email under General Data Protection Regulation(GDPR) Articles 15 to 22. These articles cover rights to access, rectification, erasure (the "right to be forgotten"), restriction of processing, data portability, and the right to object, including against automated decision-making. Pagecall commits to responding to these requests promptly, ensuring a streamlined process for exercising data protection rights.
3.
Data subjects have the option to exercise their rights via a representative, such as a legal representative or a designated individual. For this, under the General Data Protection Regulation(GDPR), rights can be exercised through an authorized representative, though the specific procedures and requirements might vary according to the laws of the member state and the data controller's policies. This framework ensures individuals can effectively manage their personal data rights through representatives if needed.
4.
The General Data Protection Regulation (GDPR) contains provisions that allow for restrictions on data subjects' rights under specific circumstances, such as national security or public safety concerns. Article 23 of GDPR details when and how these rights may be limited. This ensures that, while data subjects generally have broad rights to access, rectify, or erase their data, these rights can be moderated to balance against significant public or personal interests.
5.
The rights of Data Subject to correct and delete personal data cannot be exercised if the personal data is subject to collection per other laws.
6.
PAGECALL reserves the right to confirm whether the person who requested access, correction, deletion, or suspension of processing per the data subject's rights is the person themselves or a legitimate agent.
If you have any questions about our privacy or security practices, you can contact us at support@pagecall.com.