Teachers College Policy Library
Owner: General Counsel
Beats Empire data collection
A collection of technology products around Beats Empire developed through NSF funding (Award #1742011) and supervision from Teachers College faculty and others collect data when users log in through their google account. This includes two related products – Beats Empire the game, accessible at https://play.beatsempire.org, and the Beats Empire Teacher Dashboard accessible at https://dash.beatsempire.org. The Game is expected to be played by students, and the only identifiable data of students stored is telemetry logs from their gameplay associated with their chosen email ID, on Google's Firebase servers. Access to this data is appropriately restricted in compliance with FERPA regulations and Institutional Review Boards (IRBs) i.e. only accessible by PIs and IRB recorded staff and researchers en masse.
The Beats Empire Teacher Dashboard is intended to be used by teachers to monitor and respond to student gameplay data. Our dashboard server uses Google APIs to retrieve student email IDs and names. Using the secured access Firebase database, the dashboard then provides limited access to gameplay data to the logged in teacher, for only their students. If the teacher records a "classroom" or session that they want to follow playing the Beats Empire game, this session is also recorded in the Firebase database and can only be accessed by the webmasters and the teacher's login. The dashboard then processes students' gameplay data and presents a variety of usable information to the teacher.
Both the game and the dashboard record interaction data from their users, for research purposes. No identifiable data is shared publicly or published in any form without corresponding IRB approval and informed consent procedures. Cumulative data analyses and inferences are used in research and published in a variety of venues as viewable on https://info.beatsempire.org as well.
Teachers College, Columbia University Privacy Notice
This privacy notice (“Privacy Notice”) describes how the Teachers College, Columbia University (“we”, “our”, or “us”) collects, uses, shares, processes and retains all personal information that you provide to us, or that we collect, when you use or visit our website located at www.tc.edu or related mobile applications, affiliated or partner websites, use our products and services and complete related forms, participate in mailing lists for periodic newsletters, promotional material, product updates, or communicate with one of our offices (“Personal Data”). We are committed to protecting your privacy and personal data shared with us or collected by us.
This privacy notice applies to any Teachers College, Columbia University websites, application, service, or tool (collectively "Services") where this privacy notice is referenced, regardless of how you access or use them, including through mobile devices.
This privacy notice applies to all personal information we collect or process about you. Personal information is information, or a combination of pieces of information, that could reasonably allow you to be identified.
Personal information we collect
What is personal information?
Personal Information is information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
We do not consider personal information to include information that has been anonymized or aggregated so that it can no longer be used to identify a specific natural person, whether in combination with other information or otherwise.
We collect personal information from you when you use our Services.
We collect personal information about you from a variety of sources, including from you directly (e.g. when you contact us or sign up for an account or register for a course), information we generate about you in the course of our relationship with you (e.g. data collected from cookies and other similar technologies which is described in our cookie notice and information we collect about you from other sources, including commercially available sources, such as public databases (where permitted by law).
We may be required by law to collect certain personal information about you or as a consequence of any contractual relationship we have with you. Failure to provide this information may prevent or delay the fulfillment of these obligations.
Information we collect directly from you
The categories of information that we may collect directly from you include, but are not limited to, the following:
(a) personal details (e.g. name, date of birth);
(b) contact details (e.g. phone number, email address, postal address or mobile number);
(c) account details (e.g. username and password);
(d) transaction details;
(e) communications (e.g. when you contact us with a question, comment, opt-in for product updates, newsletters or request for a tour)
Information we collect about your use of services
The following are examples of the other categories of information which we may collect about you:
(a) Technical information collected from your computer or mobile device (e.g. your IP address, browser type, operating system);
(b) Information about your usage of our Websites (e.g. the pages you visit when using the Services, the search terms you enter on the Services, how often you use the Services, and the pages you access before and after accessing the Services);
(c) Information which we generate as a result of your use of the Services (e.g. our understanding of your interests as a result of your use of the Services and whether you are a regular or occasional user of the Services)
Information we collect from other sources
The following are examples of the categories of information we may collect from other from third parties sources, such as online advertising agencies, fraud prevention agencies, or publicly available information. Please note that this is not an exhaustive list of categories.
(a) personal details (e.g. name, date of birth);
(b) contact details (e.g. phone number, email address, postal address or mobile number);
(c) details about advertising preferences (e.g. products purchased, interaction with advertisements online).
How we use your personal information and basis on which we use it
We may use your personal information for the following purposes:
Identification and authentication: We use your identification information to verify your identity when you access and use our Services and to ensure the security of your personal information. This is so we can comply with our contractual obligations to you.
Operating the Services: We process your personal information to provide the Services you have requested. This is so we can comply with our contractual obligations to you.
Improving our Services: We analyze information about how you use our Services to provide an improved experience for our customers of all our Services, and site analytics. It is in our legitimate business interests to use the information provided to us for this purpose, so we can understand any issues with our Services and improve them.
Communicating with you: We may use your personal information when we communicate with you, for example, if we are providing information about changes to these terms and conditions or if you contact us with questions. It is in our legitimate interests that we are able to provide you with appropriate responses and provide you with notices about our Services.
Marketing: We may use your personal information to build a profile about you and place you into particular marketing segments in order to understand your preferences better and to appropriately personalize the marketing messages we send to you. It is in our legitimate interest to provide more relevant and interesting advertising messages. Where necessary, we will obtain your consent before sending such marketing messages.
Complying with our obligations: We may process your personal information to, for example, carry out fraud prevention checks or comply with other legal or regulatory requirements, where this is explicitly required by law.
Customizing your experience: When you use the Services, we may use your personal information to improve your experience of the Services, such as by providing interactive or personalized elements on the Services and providing you with content based on your interests.
We may also anonymize your personal information in such a way that you may not reasonably be re-identified by us or any other organization, and may use this anonymized information for any other purpose.
How and when we share your information
We may share your personal information with third parties under the following circumstances which include but are not limited to:
- Service providers and business partners: we may share your personal information with our service providers and business partners that perform marketing services and other business operations for us for the purposes set forth above. For example, we may partner with companies to process secure payments, fulfill orders, optimize services, serve online behavioral advertising, send newsletters and marketing messages, support email and messaging services, and analyze information. These service providers and business partners may include advertising agencies and fraud prevention agencies which will use your personal information only in the ways described in this policy.
- Where required by law: we may share your personal information with law enforcement agencies, courts, other government authorities or other third parties where we believe necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party.
Your rights over your personal information
You have certain rights regarding the personal information we hold about you, subject to local law. These may include the rights to access, correct, delete, restrict or object to our use of, or to receive a portable copy in a usable electronic format of your personal information. You also may have a right to lodge a complaint with your local data protection or privacy regulator.
We encourage you to contact us at the contact information set forth below to update or correct your information if it changes or if the personal information we hold about you is inaccurate. Where you have provided your consent to any use of your personal information, you can withdraw this consent at any time.
Please note that we may require additional information from you in order to honor your requests.
If you would like to discuss or exercise any rights you may have under law, please contact us at the contact information set forth below.
Automated decisions about you
We also make automated decisions about you based on your personal information to deliver personalized offers, discounts or recommendations.
Subject to local legal requirements and limitations, you can contact us to object to our use of automated decision-making.
Information Security and Storage
We implement physical, technical, and organizational security measures designed to safeguard the personal information we process through the Services. These measures are aimed at providing on-going integrity and confidentiality for your personal information. We evaluate and update these measures on a regular basis. However, no information system can be 100% secure, so we cannot guarantee the absolute security of your information.
We retain your personal information for as long as we have a relationship with you. When deciding how long to keep your personal information after our relationship with you has ended, we take into account our legal obligations. We may also retain records to investigate or defend against potential legal claims.
International Data Transfer
Your personal information may be transferred to, stored, and processed in a country that is not regarded as providing the same level of protection for personal information as the laws of your home country, and may be available to the government of those countries under a lawful order made in those countries.
We have put in place appropriate safeguards (such as contractual commitments) in accordance with applicable legal requirements to provide adequate protections for your personal information. For more information on the appropriate safeguards in place and to obtain a copy of such safeguards, please contact us at the contact information set forth below.
In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries will be entitled to access your Personal Data.
For purposes of the European General Data Protection Regulation, Teachers College is the controller responsible for the personal information we collect and process.
If you have questions or concerns regarding the way in which your personal information has been used, please contact email@example.com
In addition to that, you may visit us at firstname.lastname@example.org to inform us of any status updates or consent withdrawal or request for deletion or return of data.
We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, you may have the right to make a complaint to the data protection authority of your country of residence.
Changes to Privacy Notice
Teachers College may amend this privacy notice at any time by posting the amended version on this site including the effective date of the amended version. We will announce any material changes to this privacy notice via email.
A summary of the new European Union (EU) data protection law can be found at GDPR at TC.