PRIVACY POLICY

Zaner Bloser, Inc. ("Zaner-Bloser", "we", "us") respects your privacy and is committed to protecting it through our compliance with this policy.

This policy was last updated on June 29, 2020.

For your convenience, here is our contact information:

Our postal address is
PO Box 16764
Columbus, OH 43216-6764

Our address is
1800 Watermark Dr.,
Columbus, OH 43215

We can be reached via e-mail at customerexperience@zaner-bloser.com or you can reach us by telephone at 1-800-421-3018.

ZANER-BLOSER.COM AND SHOP.ZANER-BLOSER.COM

What We Collect and How to Opt-Out.

Domain Name and E-Mail Address. For each visitor to our website, our web server automatically recognizes the visitor's domain name and e-mail address (where possible). We collect the domain name and e-mail address (where possible) of visitors to our website, the e-mail addresses of those who post messages to our bulletin board, the e-mail addresses of those who communicate with us via e-mail, aggregate information on what pages our visitors access or visit, information volunteered by the visitor such as survey information and/or site registrations, and referring pages. If you do not want to receive e-mail from us in the future, please follow the opt-out process in the e-mail or contact us through one of the methods listed above.

Postal Information. If you supply us with your postal address online, you may receive periodic mailings from us with information on new products and services or upcoming events. If you do not wish to receive such mailings, please let us know by sending e-mail to us at the above address, calling us at the above telephone number, or writing to us at the above address.

Telephone Information. Persons who supply us with their telephone numbers online may receive telephone contact from us with information regarding orders they have placed online. They also may receive telephone contact from us with information regarding new products and services or upcoming events. If you do not wish to receive such telephone calls, please let us know by sending e-mail to us at the above address, calling us at the above telephone number, or writing to us at the above address.

Online Orders. Persons who place online orders with us provide information to us via an online order form that is used to fulfill the order, to contact the customer if necessary, and to market our programs. Credit card and other financial information collected by our third party payment processor are used to bill the customer for products and services.

Cookies. We use cookies to record session information, such as items that customers add to their shopping cart. Our customers can choose to have "Remember Me" information recorded in our database so that when they return, their information will be retrieved. We may also use cookies for the purpose of re-targeting ads to you. Based on the products or information you view on our website, you may see information about our products for a limited period of time on your future visits to the internet. If you do not want to see these ads, simply click on this Opt-Out Link. In addition, your computer can be configured to delete cookies or to disable them altogether, but note that you may not be able to use some of the services available on our website as a result. The information that we collect and share in this fashion is de-identified, does not contain personally identifiable information, and is intended for advertising to people over the age of 13.

How We Use and Disclose the Information We Collect.

In addition to the uses described above, the information we collect is used

• to improve the content of our website.
• to notify you about updates to our website.
• to carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
• to contact you for marketing purposes.
• in any other way we may describe when you provide the information.
• for any other purpose with your consent.

We may disclose information that we collect or you provide as described in this privacy policy

• to our subsidiaries and affiliates, including the members of the Highlights Family of Companies.
• to contractors, service providers, and other third parties we use to support our business, such as our third party payment card processor.
• to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Zaner-Bloser's assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which information held by us about our website visitors is among the assets transferred.

New Uses of Information.

From time to time, we may use visitor information for new, unanticipated uses not previously disclosed in our privacy policy. If our information practices change at some time in the future, we will post the policy changes to our website to notify you of these changes. If you are concerned about how your information is used, you should visit our website periodically and review our policies.

Access to Your Information.

Upon request, we provide visitors with access to their transaction information. You can make such a request by contacting us through one of the methods listed above.

Correction of Your Information.

If you notice any inaccuracies in your transaction information, you may contact us through one of the methods listed above and we will work with you to make any corrections deemed necessary. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.

Your California Privacy Rights.

California Civil Code Section § 1798.83 permits users of our website who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please email or write to us at the contact information provided above.

Third-Party Web Sites.

This site contains links to other websites. Zaner-Bloser is not responsible for the privacy practices or the content of such websites.

Data Security.

We have implemented measures designed to secure your information from accidental loss and from unauthorized access, use, alteration, and disclosure.

The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our website. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the website.

CALIFORNIA RESIDENT SUPPLEMENT:

If you are a California resident, the processing of certain personal data about you may be subject to the California Consumer Privacy Act (“CCPA”) and other applicable California state privacy laws. Beginning January 1, 2020, the CCPA gives you certain rights with respect to the processing of your personal data (known as “personal information”, as described in under the CCPA).

This supplement provides additional privacy disclosures and informs you of your additional rights as a California resident, and should be read in conjunction with our Privacy Policy as set forth above.

Personal Information Collected and Processed

Our Privacy Policy sets forth the categories of personal information that Zaner-Bloser collects and processes about you, a description of each category, and the sources from which we obtain each category.

Requests to Exercise Your Rights

RIGHT TO KNOW REQUEST - Under the CCPA, you have a right to request information about our collection, use, and disclosure of your personal information over the prior 12 months, and ask that we provide you with the following information:

1. Categories of and specific pieces of personal information we have collected about you.
2. Categories of sources from which we collect personal information.
3. Purposes for collecting, using, or selling personal information.
4. Categories of third parties with which we share personal information.
5. Categories of personal information disclosed about you for a business purpose.
6. If applicable, categories of personal information sold about you and the categories of third parties to which the personal information was sold, by category or categories of personal information for each third party to which the personal information was sold.

To make a verifiable request for information about the personal information we have collected about you, please contact us via e-mail at customerexperience@zaner-bloser.com or you can reach us by telephone at 1-800-421-3018.

RIGHT TO DELETE REQUEST - You also have a right to request that we delete personal information, subject to certain exceptions. You may exercise your right to delete by using contacting us via email at customerexperience@zaner-bloser.com or you can reach us by telephone at 1-800-421-3018.

REQUESTS, GENERALLY - Please note, if you do not have a Zaner-Bloser account we will not have enough information about you to verify your Right to Know and Right to Delete requests, as we do not keep sufficient information necessary to reidentify and link you to a prior visit to zaner-bloser.com where data may have been collected. As such, we will be unable to verify and honor your requests. You may make a verifiable consumer request related to your personal information twice per 12-month period. We will not discriminate against you for exercising any of your rights under the CCPA.

REQUESTS MADE THROUGH AGENTS - You may designate, in writing or through a power of attorney, an authorized agent to make requests on your behalf to exercise your rights. Before accepting such a request from an agent, we will require the agent to provide proof you have authorized it to act on your behalf, and we may need you to verify your identity directly with us.

MYZBPORTAL.COM and SUPERKIDS PORTAL

Please be advised that there are important differences in how Zaner-Bloser handles data in connection with the MYZBPORTAL and the SUPERKIDS Portal, specifically in connection with any data that may include Student PII (Personally Identifiable Information).

School data and PII:

MyZBPortal.com and the Superkids Portal (“Portal”) collect the following student PII :

• Student first name (provided by district/school/institution)
• Student last name (provided by district/school/institution)
• Student ID (provided by district/school/institution)
• IP address
• Student score data (from completing online activities)

We only collect IP addresses for traffic and security monitoring purposes and delete these logs regularly (typically every other month). Schools can also request to delete these IP logs by submitting a request in writing to ZB Customer Experience.

• We do not sell student information.
• We do not target students with advertisements.
• We only request and use student personal information for legitimate business reasons.

Cookies.

Superkids Portal (Teachers, Admins, Parents) and Superkids Online Fun app and desktop shortcut (Students)
The entire site maintains cookies from the moment you visit the login page. The sole purpose of the use of cookies on the Superkids Portal is to track the user’s session and visit. Zaner-Bloser, Inc.’s use of cookies is specifically limited to the legitimate business use for operation of the portal and cookies are never used for any targeted advertisements toward students.

ZB Portal (Teachers, Admins, Students)
The entire site maintains cookies from the moment you visit the login page. The sole purpose of the use of cookies on the MYZBPortal is to track the user’s session and visit. Zaner-Bloser, Inc.’s use of cookies is specifically limited to the legitimate business use for operation of the portal and cookies are never used for any targeted advertisements toward students.

Data encryption:

Stored data (i.e. data at rest) is stored securely on an encrypted drive. Data on backup storage is encrypted using AES 256-bit encryption. Data ‘in-transit’ is encrypted using well-known technologies such as "Secure Sockets Layer (SSL)" or “Transport Layer Security (TLS)”. In-transit encryption is end-to-end from the client web browser through our cloud network. These protocols ensure privacy between communicating applications and their users on the Internet. When a server and client communicate, these technologies ensure that no third party may eavesdrop or tamper with any message.

Data retention:

At any time, an account administrator may request to purge school data (such as student and/or teacher information). This action will be performed by a ZB representative. School information will remain on backup storage for disaster recovery purposes for another 15 days, but thereafter will be removed completely from all storage devices. Schools can request to delete school data submitting a request in writing to ZB Customer Experience.

Data access:

Only authorized individuals are provided access to our systems. Passwords are never transmitted using insecure communication protocols. Access by Company’s support personnel is based on “least privileged” and “need to know” basis. While some Company support personnel generate usage reports and have access to data for analytics, none of the resultant data contains Personally Identifiable Information (PII).

System hosting:

Our systems (servers and data) are currently hosted on dedicated machines in secured facilities at a third-party hosting provider located in the United States.

Perimeter security:

Firewalls and perimeter detection systems have been designed and deployed to help detect and prevent unauthorized access into our systems.

Vulnerabilities and patching:

We routinely scan our systems for vulnerabilities. The vulnerabilities are reviewed and addressed/patched as appropriate.

Consent from Schools regarding Students’ Personal Information:

The Children’s Online Privacy Protection Act (“COPPA”) permits a school, acting in the role of “parent” to provide required consents regarding personal information of students who are under the age of 13. Where a school is the subscriber to our portal, we rely on this form of COPPA consent. We provide the school with this privacy policy, to ensure that the school, in providing its COPPA consent, has full information and assurance that our policies comply with COPPA.

The Family Educational Rights and Privacy Act (“FERPA”) permits a school to provide educational records (including those that contain students’ personal information) to certain service providers without requiring the school to obtain specific parental consent. FERPA permits this where the service provider acts as a type of “school official” by performing services, for example, that would otherwise be performed by the school’s own employees. We fulfill FERPA requirements for qualifying as a school official by, among other steps, giving the school direct control with respect to the use and maintenance of the education records at issue (including associated personal information), and refraining from re-disclosing or using this personal information except for the purposes of providing this portal to the school. We comply with FERPA by relying on this form of consent.

Your Rights:

As a user of the portal, you have the rights to access, export, be informed about, rectify, object to the further processing of, restrict the processing of, withdraw consent to the processing of and erase your personal information. If you are a student at an educational institution using the Portal, you should direct any requests to exercise your data rights to the appropriate representative at your educational institution. If you are an educator or an administrator, you may reach out to us directly via e-mail at customerexperience@zaner-bloser.com or you can reach us by telephone at 1-800-421-3018.