EU – US Privacy Shield and Swiss – US Privacy Shield
ManageBac LLC (“ManageBac”) respects individual privacy and values the confidence of its customers, employees, consumers, business partners and others.
ManageBac strives to collect, use and disclose personal information in a manner consistent with the laws of the countries in which it does business, and prides itself on upholding the highest ethical standards in its business practices. This EU-US Privacy Shield and Swiss – US Privacy Shield Policy (the “Policy”) sets forth the privacy principles that ManageBac follows with respect to personal information transferred from the European Union (EU), the United Kingdom (UK) and / or Switzerland to the United States.
The United States Department of Commerce and the European Commission and the Swiss Administration, respectively, have agreed on a set of data protection principles and frequently asked questions (the “Privacy Shield Framework”) to enable U.S. Companies to satisfy the requirement under European Union and Swiss law that adequate protection be given to personal information transferred from the EU and Switzerland to the United States. Consistent with its commitment to protect personal privacy, ManageBac adheres to the Privacy Shield Principles.
This Privacy Shield Policy (the “Policy”) applies to all personal information received by ManageBac in the United States from the European Economic Area and the United Kingdom, and Switzerland, respectively, in any format including electronic, paper or verbal.
For purposes of this Policy, the following definitions shall apply:
“ManageBac” is owned and operated by ManageBac LLC, a Delaware limited liability company in the USA.
“Personal information” means any information or set of information that identifies or is used by or on behalf of ManageBac to identify an individual. Personal information does not include information that is encoded or anonymized, or publicly available information that has not been combined with non-public personal information.
“Sensitive” means personal information that reveals race, ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, or trade union membership, or that concerns an individual’s health. In addition, ManageBac will treat as sensitive personal information any information received from a third party where that third party treats and identifies the information as sensitive.
Notice and Choice
ManageBac enters into Service Agreements with its Clients in the European Union and the United Kingdom, and Switzerland which may include the processing and/or storage of information relating to their Clients’ customers (students, parents and staff). In these agreements, the Client agrees and recognizes that it is the ‘data controller’ for the purposes of data protection legislation. This means that our EU, UK and Swiss Clients are responsible for complying with the data protection legislation in the relevant Member State, UK and Switzerland national law before it sends its customer data to ManageBac for processing and/or storage. This includes informing individuals about the choices and means they offer individuals for limiting the use and disclosure of their personal data. In order to exercise their rights under this principle, the individual must reach out to their School (our Client), as data controller. Any data processed or stored by ManageBac is only disclosed to third parties at the request and direction of its European, UK and Swiss Client as the data controller, in accordance with the choices made by the individuals to whom such personal information relates, or when required by law. Any information that our EU, UK and Swiss Clients identify as sensitive will be treated as such.
ManageBac has a Compliance Manager who is responsible for the internal supervision of ManageBac privacy policies. ManageBac also has technicians to handle data security. ManageBac continuously educates its employees about compliance with the Data Protection Act 2018, the Privacy Shield Principles and has self-assessment procedures in place to ensure its compliance. ManageBac participates in the EU – US Privacy Shield Framework and Swiss – US Privacy Shield Framework as set forth by the United States Department of Commerce.
Information Gathering and Usage:
ManageBac will take reasonable precautions to protect personal information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction.
We use the information provided and that we collect to improve the content and quality of the Service, error correction, improving our marketing, and for administrative purposes.
Your use of the Service results in collection of audit log records, which are collected through third party solutions. These facilitate providing the Service, through web hosting companies or by using analytics providers. This allows us to monitor system and application performance, to track usage activity and to enable our support team to provide you with a professional standard of service when you have any issue.
In the course of providing the Service, we use the information provided to:
a. Process account registration and enrolment;
b. Organise curriculum, activity and assessment information;
c. Compile academic histories and formal academic records;
d. Aggregate, collect and input details of your academics into our system for central management;
e. Compile your profile and the foregoing for your School.
f. Present information entered to other logged in users provided Parental Consent is provided when applicable;
g. Monitor system performance and collect aggregate analytics;
h. You or your School may make such information available to the International Baccalaureate, which in turn may make information available to qualified Higher Education Institutions.
Access Personal Data
If your personal information changes, you are able to login to keep it up to date by changing your profile. If you no longer wish to receive the Service or if you find that information on the Website is not accurate and you cannot update it, please inform your School in the first instance. You may email us at firstname.lastname@example.org if you continue to have concerns. If you do not receive a response to your email to us within 7 days please call us or write to
Postal Mail: 548 Market St. #40438, San Francisco, CA 94104
ManageBac shall bear liability in cases of onward transfer.
ManageBac will conduct compliance audits of its relevant privacy practices to verify adherence to this Policy. Any employee that ManageBac determines is in violation of this policy will be subject to disciplinary action up to and including termination of employment. Under certain limited conditions, individuals may invoke binding arbitration as a last resort before the Privacy Shield Panel. ManageBac is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
Contact information for the European Data Protection Authorities (DPAs) in your member state is available here: https://edpb.europa.eu/about-edpb/board/members_en.
Contact information for the Swiss Federal Data Protection and Information Commissioner is available here: https://www.edoeb.admin.ch/?lang=en
Client Data Storage:
ManageBac complies with the EU – US Privacy Shield Framework and the Swiss – EU Privacy Shield Framework as set forth by the Department of Commerce regarding the collection, use, and retention of data from the European Union, United Kingdom, and Switzerland.
Postal Mail: 548 Market St. #40438, San Francisco, CA 94104
Changes To This Privacy Shield Policy
This Policy may be amended from time to time, consistent with the requirements of the Privacy Shield Principles. A notice will be posted on ManageBac’s web page: https://www.managebac.com/terms/privacy-shield/
Effective Date: June 27, 2017
Updated at May 1, 2019
To learn more about the EU – US Privacy Shield Framework and Swiss – US Privacy Shield Framework, and to view the certification of ManageBac LLC, ManageBac Inc. and Rubicon West LLC, please visit: https://www.privacyshield.gov/