MetaMetrics® Privacy Policy

Scope of this Policy

This Privacy Policy applies to Personal Information collected through our “Services,” which include:

• Our “Sites,” including www.metametrics.com, hub.lexile.com, https://partnerhelp.metametricsinc.com/, and any other websites where we post or reference this Privacy Policy (including any subdomains); and
• Our “Solutions,” which includes our software-as-a-service applications, our tools and applications which we use to provide services and output, the Lexile® and Quantile® Hub (“The Hub”), as well as our other online portals and APIs that interface with or are used to access our software or software-as-a-service applications, and our tools and applications which we use to provide services and outputs, in each case, only to the extent we are a controller/business with respect to Personal Information processed via the Solutions.

Please note: We provide our Solutions and process information (e.g., test responses, data provided by authorized users, and other Personal Information) on behalf of third parties that have entered into an agreement with us, such as schools, school districts, and publishers (our “Customers”) or their customers (“Clients”). In such cases, we process Personal Information on behalf of the Customer and Client, and do not act as a data controller. 

This Policy does not apply to Personal Information processed by Customers, Clients, or any third-party service providers not affiliated with MetaMetrics.                          

In the event we add future Services that affect the terms of this Privacy Policy, we may revise this policy as necessary. References to “you” or “your” pertain to all our site visitors, registered users, or users of the Hub, or other individuals whose Personal Information we process under this Privacy Policy.

What is Our General Approach to Processing Your Personal Information?

We use reasonable efforts to protect information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked with you or your household (your “Personal Information”).

We know that when users provide Personal Information to an organization, it is an act of trust. That trust is something we take seriously. This Privacy Policy explains the steps we take to protect Personal Information shared with us through the Services or when you otherwise interact with us, including how we collect it, who has access to it, and what is done with it.

How We Process Data

What Categories of Personal Information Do We Collect?

The categories of Personal Information we collect and use include the following (these are examples and may be subject to change):

Identity Data – Information such as your name, address, email address, telephone number, age and/or age range, or other account-related information, and information you provide in connection with your application to be an employee or to otherwise collaborate with us.

Contact Data – Identity Data that relates to information about how we can communicate with you, such as email, phone numbers, physical addresses, and information you provide to us when you contact us by email or otherwise communicate with us.

General Location Data – Non-precise information about your location as determined based on your IP address.

Device/Network Data – Browsing history, search history, and information regarding your interactions with our Services (e.g. IP Address, MAC Address, SSIDs or other device identifiers or persistent identifiers), online user ID, device characteristics (such as browser/OS version), web server logs, application logs, browsing data, first party cookies, third party cookies, web beacons, clear gifs, and pixel tags.

Commercial Data – Information about the services for which you have registered and transactions you enter into with us, and similar information.

Inference Data – Data used to create a profile about you, which may include your preferences, reading or writing levels, abilities, aptitudes, and other data or analytics provided about you or your account. In some cases (e.g., in connection with marketing activities), we receive this data from third-party partners or data aggregators.

Audio/Visual Data – Data collected if you submit audio or video recordings to our Services, as well as any other audio or video files you may submit to us, in addition to voice mails, call recordings, and the like.

User Content – Unstructured/free-form data that may include any category of Personal Information, e.g., data that you give us in free text fields such as text snippets, comments, answers you provide when you participate in sweepstakes, contests, votes, and surveys, including any other Personal Information which you may provide through or in connection with our Services.

Sensitive Personal Information – Personal Information deemed “sensitive” under California or other laws, such as social security, driver’s license, state identification card, or passport number; account log-in and password, financial account, debit card, or credit card number; precise location data; racial or ethnic origin, religious or philosophical beliefs, etc. We collect the following categories of Sensitive Personal Information:

• Financial Data – Information such as bank account details, payment card information, including similar data defined in Cal Civ Code § 1798.80(e), which is collected only to the extent you have subscribed to one of our paid services.

Information Automatically Collected on Our Sites   

Some information, typically Device/Network Data, is collected automatically when you visit our Sites. This information may not on its own reveal your name or contact information, but it may include device and usage information, such as your IP address, browser, device characteristics, operating system, language preferences, referring URLs, device name, country, General Location Data, and information about how and when you use the Sites and other technical information.

The technologies we use for this automatic data collection may include:

• Cookies. “Cookies” are small text files that are placed on your device by a web server when you access the Sites. We may use both session cookies and persistent cookies to tell us how and when you interact with the Sites. Unlike persistent Cookies, session cookies are deleted when you navigate away from the Sites and close your browser. Although most browsers automatically accept cookies, you can change your browser options to stop automatically accepting cookies or to prompt you before accepting cookies. Please note, however, that if you don’t accept cookies, you may not be able to access all portions or features of the Sites. Some “essential” cookies are required for our Sites to function properly, and other “non-essential” cookies are helpful to enable certain features, but you are still able to use our Site without them (although certain features or functionality may be disabled). You may modify your preferences with regard to our use of non-essential cookies through your browser settings menu or the website’s cookie management tool, if applicable. Please note that some Service Providers that we engage may also place their own cookies on your device. Note that this Privacy Policy covers only our use of cookies and does not include the use of cookies by any Third Party or Service Provider you visit directly. 
• Web Beacons/Pixels. Pages of the Sites and our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us to collect information about usage of our Site, and other information relating to users’ devices.

We and authorized third parties may use cookies and similar technologies for the following purposes:

• for “essential” purposes necessary for our Site to operate (such as maintaining user sessions, CDNs, and the like);
• for “functional” purposes, such as to enable certain features of our Site (for example, to allow a Customer to maintain a shopping cart or similar functionality);
• for “analytics” purposes and to improve our Site, such as to analyze the traffic to and on our Site (for example, we can count how many people have looked at a specific page, or see how visitors move around our Site when they use it, to distinguish unique visits/visitors to our Services, and what website they visited prior to visiting our Site, and use this information to understand user behaviors and improve the design and functionality of our Services).

Please see our Cookie Policy at https://hub.lexile.com/cookies-policy/ for more information regarding the specific cookies in use on our Sites.

Information You Provide on Our Sites

We collect Personal Information from and about you when you voluntarily provide it to us, in addition to Personal Information and other data we collect automatically when you visit our Sites. Depending on the Services you access or the other ways in which you interact with us, we may collect different types of information, as outlined below.

Solutions           

We process Device/Network Data, Contact Data, Identity Data, General Location Data, and Inference Data when you visit our Sites or use our Solutions. We also collect User Content and Commercial Data (e.g., product usage metrics) when you use certain features of the Solutions, e.g., to evaluate text or User Content using our Solutions, or otherwise using limited-use features. You may also be able to create an account, enroll in marketing communications, or use various features or functions of our Services, as further described below. We use this Personal Information as necessary to operate our Solutions, such as providing you with features you request, account for Service usage, and for our Business Purposes and our other legitimate interests, such as ensuring the security Services and analyzing the use of our Services, including navigation patterns, clicks, etc., to help understand and make improvements to our Services.

Accounts          

Some of our Solutions allow or require you to register to create an account, e.g., to use our Lexile or Quantile Hub. If you do this, we will collect Identity Data and Contact Data, including the username, email address, and password you provide. We may also collect General Location Data based on your IP Address, and Device/Network Data when you access certain Solutions, as well as information collected via cookies and similar technologies (see above). 

We may also request additional Personal Information associated with your account (such as your age/age range, a Customer or Client name, school, school district,  or other data indicated in the form when you create your account). If you participate in certain account features, such as training, resources, or other tools for parents or educators, we may collect information about the material you have viewed, course progress, or other information necessary to deliver these features.

We use this Personal Information to authenticate access, keep you logged in to our Solutions, manage your account and your use of our Services, as well as for our Business Purposes.

• To update your Hub account information, log in to your account at Hub.Lexile.com. The Hub Membership FAQs can guide you through the specific steps to make changes to your account profile.

To update your Portal account information, you can submit a support ticket to Partner Help.

Subscriptions

When you purchase a subscription to one of our Solutions, we will collect additional Identity Data, Contact Data, Financial Data, and Commercial Data (e.g., subscription cost and membership levels) related to that subscription. Some accounts may require you to provide information relating to your role (educator or parent), General Location Data (such as country or US state), or company. We process this Personal Information as necessary to perform or initiate a subscription, process your order, payment, or refund, carry out fulfillment and delivery, document transactions, and for our Business Purposes.

• Payment card information will be processed by our payment processor, Stripe. Note that qualifying educators in Lexile and Quantile partner states can subscribe to some of our Solutions for free, and thus without the need to provide billing information. All registered users may voluntarily submit additional Personal Information, like their first and last name, into their Profile information and select mailing lists to which they wish to subscribe.     
• When you enter into a paid subscription for one of our Solutions, payment card data is exchanged using direct communication with Stripe. We do not control, see, or store any of the card data processed via Stripe. The Stripe service creates a token and returns it to our web service as a record of successful payment. This token is a virtual object that represents the actual, sensitive data, which is designed to better protect your data.
• See Stripe’s Privacy Policy for more details available at www.stripe.com/privacy.

Special Offers & Demonstration Versions

We may offer limited-time, seasonal, early or limited access, special purpose, or demonstration versions of our Solutions or tools. In such cases, we may collect additional Personal Information, which may include Identity Data, Contact Data, General Location Data, and Commercial Data, tied to the registrant’s email, role, country, and state, and potentially also including grade level, math or reading level, school district, and quantile measure, depending on the offering. Where applicable, we may permit users to provide student data in order to customize the registered user’s use of the offered service. We use this information to manage your access to and provide the offering and for our Business Purposes. We may also send you marketing communications related to these offerings, where allowed.

Inquiries & Support

You may be able to submit inquiries or requests to us, in which case we may collect Identity Data, Contact Data, User Content, Account Log-In Data, Commercial Data, and potentially Device/Network Data. These forms typically collect the following information: first and last name, phone number, email address, organization name, organization type, and areas of interest.      

Any user of our Services wishing to obtain support must provide an email address. Without this information, we cannot respond to your request. When submitting a support request to us in relation to your use of the Hub, you must also provide first and last name, US state if applicable, country, role, and your specified request. Some of our Solutions offer multiple levels of access, some of which may require users to register or purchase a subscription (see above), and others may be available without registration or subscription. 

We may also collect Identity Data, Contact Data, Account Log-In Data, Commercial Data, or Audio/Visual Data if you contact us for support via phone or video conference. 

We generally use this information as necessary to fulfill your request and provide our services, as well as for our other Business Purposes. In some cases, you may receive marketing communications relevant to your request (e.g., if you inquire about our Solutions). We may share this information with our third-party service providers, including storing the information in cloud-based contact management systems, and providing the information to third parties who assist us with our email marketing and other communications. 

Oral Reading Performance Measurement

You may be able to submit oral reading samples to some of our Solutions, in which case we may collect Identity Data, Contact Data, Account Log-In Data, User Content, Audio/Visual Data, and potentially Device/Network Data. These Solutions may enable users to record themselves reading a presented passage or to upload an audio file of themselves or others reading. When we collect oral reading samples, data collected may include the reader’s grade (if a student), session ID, date and time of the recording, and prior ability information used to calculate current oral reading ability. Information we send back as a result of the analysis may also be linked to data, or files retained in our system. We may use Personal Information processed in this context for our Business Purposes. 

Please note: we may use a third-party provider for automated speech recognition (ASR). Once processed, an informational Lexile oral reading ability measure is displayed. This measure is not to be used for educational placement of a child or for identification of speech disorders or other diagnoses of an adult.      

Text Content Measurement

You may be able to submit excerpts of text to some of our Solutions (e.g., through our Hub), which may involve collection of Identity Data, Contact Data, Account Log-In Data, User Content, and potentially Device/Network Data. We may process Inference Data as part of our analysis of this Text, for example, Lexile® scores. These Solutions may enable users to upload one or more text files, and in that case, we may collect the user’s name, user ID, company name, company ID, session ID, date and time of the upload, file name, job name, and job number, and other bibliographic or source/file data as may be relevant. Information we send back as a result of the analysis may also be linked to data or files retained in our system. Once processed, a Lexile complexity measure (or range) is displayed or sent. We may use Personal Information processed in this context for our Business Purposes.

Marketing Communications

We may use Identity Data, Contact Data, Inference Data, and Device/Network Data for marketing communications, including to send you emails regarding other MetaMetrics products and services we believe would be of interest to you, and when you open or interact with those emails. You may receive marketing communications if you consent and, in some jurisdictions, as a result of account registration or a purchase. See your rights and choices below to opt out of marketing communications.

Information from Partner Organizations

We may collect data from schools, school districts, and other Customers or Clients that subscribe to our services. For example, we receive your Identity Data and Contact Data from our Customers or Clients in connection with account creation, and verifying your eligibility to create an account, or to contact you about our Services or the Solutions to which our Customer or Client subscribes. If you create an account or subscribe directly, we will collect the information described above relating to Account Creation and Subscription. 

Information Collected from Other Sources

We may collect limited data from schools with which we have a relationship, public databases, marketing partners, and other outside sources. This may include Identity Data, Contact Data, General Location Data, Device/Network Data, and Inference Data. All Personal Information that you provide on or to a third party or that is collected by a third party is provided directly to the controller, owner, or operator of the third party and is subject to the owner’s or operator’s privacy policy. We do not monitor or control any data you provide to third parties. Thus, we are not responsible for the content, privacy, or security practices of a third party. We recommend that you carefully review the privacy policies of any third party you access. You assume the risk of providing information to third parties.

Business Purposes of Processing

We and our Service Providers process Personal Information for several common business purposes, depending on the context of collection, your rights and choices, and our legitimate interests. We generally process Personal Information for the following “Business Purposes,” however, further details on how we use specific categories of Personal Information in various aspects of our business are provided above.

Providing our Services

We process any Personal Information as is necessary to provide the Services, and as otherwise necessary to fulfill our obligations to you, e.g., to provide you with the information and Services you request, to manage our organization, to collect amounts owing to us, to maintain business records for reasonable periods, and to satisfy regulatory requirements.

Internal Processes & Service Improvement

We may use any Personal Information we process through our Services as necessary in connection with our improvement of the design of our Services, understanding how our Services are used or function, for customer service purposes, in connection with the creation and analysis of logs and metadata relating to service use, and for ensuring the security and stability of the Services. Additionally, we may use Personal Information to understand what parts of our Services are most relevant to our users, how users interact with various aspects of our Services, how our Services perform, etc., or we may analyze the use of the Services to determine if there are specific activities that might indicate an information security risk to the Services or our users. This processing is subject to certain user rights and choices as described further below.

Artificial Intelligence Features

We may use Analytics Data (defined below) that does not identify individuals for the purpose of operating and training Artificial Intelligence systems. If we train Artificial Intelligence systems using Analytics Data, we will use data that does not contain Personal Information and will take measures to ensure such data is not processed in a way that may link such information to a specific person. If you interact with features of our Services that are enabled by artificial intelligence and input Personal Information, that Personal Information may be processed through AI systems. We do not permit training of Artificial Intelligence systems using Personal Information.

Compliance, Safety, & Public Interest

Note that we may, without your consent or further notice to you, and to the extent required or permitted by law, process any Personal Information subject to this Policy for purposes determined to be in the public interest or otherwise required by law. For example, we may process information as necessary to fulfil our legal obligations, to protect the vital interests of any individuals, or otherwise in the public interest or as required by a public authority. Please see the data sharing section for more information about how we disclose Personal Information in extraordinary circumstances.

Aggregate or Deidentified Data

When an individual visits our Services, we process Personal Information in order to create certain de-identified data or aggregate data (“Analytics Data”). We use Analytics Data to better understand how our Services are used, to make sure our content and services are served correctly, and to improve the performance of our Services, and for our other Business Purposes. The resulting Analytics Data will not contain information from which an individual may be readily identified.

Personalization

We process certain Personal Information in connection with our legitimate business interest in personalizing our Services. For example, aspects of the Services may be customized to you based on your interactions with our Services and other content. This processing may involve the creation and use of Inference Data relating to your preferences.

How Long Do We Keep Personal Information?

In general, we keep Personal Information as long as it is reasonably necessary in connection with the purpose for which it was provided, or for so long as is required by law. What is necessary may vary depending on the context and purpose of processing. For data collected from registered users (“Members”), we will keep Personal Information for as long as a Member maintains registration and or subscription in good standing. Once those registrations or subscriptions lapse or terminate, unless a written agreement between us and a Member provides otherwise, we may keep Personal Information for as long as needed only to meet regulatory requirements or business requirements. Any kept Personal Information will remain subject to the restrictions on sharing and use outlined in this Policy for as long as it resides with us.

We generally consider the following factors when we determine how long to retain data (without limitation):

• Retention periods established under applicable law;
• Industry best practices;
• Whether the purpose of processing is reasonably likely to justify further processing;
• Risks to individual privacy in continued processing;
• Applicable data protection impact assessments;
• IT systems design considerations/limitations; and
• The costs associated with continued processing, retention, and deletion.

We will review retention periods periodically and may de-identify or anonymize data held for longer periods.

Disclosure of Personal Information

What & How Do We Disclose to Service Providers?

In order to operate our business, it may sometimes be necessary to disclose Personal Information with contractors and other service providers. Personal Information disclosed to Service Providers may include Contact Data, Identity Data, Commercial Data, Device/Network Data, General Location Data, Audio/Visual Data, Inference Data, and User Content. In limited situations, depending on the services provided by a Service Provider, we may provide them with Financial Data. For example, we may share Personal Information with the companies that host our Services, provide analytics and other functionality on our Services, host or provide our database of current and potential customers, help us send emails and other communications, or provide other services to us. In addition, we may share Personal Information with individual contractor scientists and software developers as may be required in connection with the services they provide on our behalf.

As noted above, we use third-party service providers to analyze audio recordings. When the recording is submitted to the third party for processing, we share only Audio/Video Recording Data, and no other personal identifiers are shared. Results from the third party are combined with our own processes to calculate the reader’s proficiency results. In doing so, we then connect the proficiency results with the Personal Information you provided.

We use Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics is a web analysis tool we use to help us analyze the interaction of visitors with our Services. Thus, we can improve your experience on our Services. Google Analytics uses cookies. The information generated by the cookie regarding your use of the Services is usually transferred to a server belonging to Google. The information saved by the cookies includes, for instance, the time of your visit on the Services, the frequency with which the visitor has called up the Services, and from where the visitor has accessed the Services. To determine the latter value, Google initially records the IP address of the user. However, we have activated the IP anonymization on the Services. On behalf of the Services, Google will use the aforementioned information to analyze your usage of the Services, to compile reports on the Services’ activities, and to provide further services associated with the usage of the Services and the Internet. You can prevent Google Analytics from saving cookies by a corresponding setting in your browser software. However, by doing so you may disable some functions of the Services. In addition, you can prevent the recording of the data generated by the cookie and relating to your usage of the Services (including your IP address) to Google and the processing of these data by Google, by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl 

Further information about Google’s handling of user data can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy https://www.google.com/policies/privacy. 

Please check this Privacy Policy regularly for updates on other Service Providers that may be used in connection with our Services or contact us via email at dataprivacy@metametrics.com for the most recent list of our Service Providers with whom we may share your information.

What & How Do We Disclose to Other Third Parties?

• Fulfilling your requests. Some of our Services include the ability for you to share content or information with third parties you designate. If you give us an email address to use the “share” feature within a tool, we will transmit the contents of that email and your email address to the recipients.
• Affiliated entities and corporate transactions. We may share Personal Information with our current or future subsidiaries and affiliates in order to streamline the provision of services or for other business purposes. In addition, if we contemplate a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, it is possible that we would need to share Personal Information with another organization during the due diligence process, following the transaction, or otherwise in connection with a corporate event.
• Partners. We may disclose your Personal Information to partners, such as schools or school boards, in order to provide our Services.
• Legal disclosures. We may also share Personal Information to comply with a court order, law, or legal process. This includes a government or regulatory request. Before we do that, we may provide the user with notice of the requirement. If the user chooses, a protective order or another remedy may be sought. If, after providing that notice, we still must share the demanded Personal Information, we will share no more than that portion of Personal Information which, on the advice of our legal counsel, the order, law or process specifically requires us to share. Note, some of these disclosures may be made to governments that do not ensure the same degree of protection of your Personal Information as your home jurisdiction. We may, in our sole discretion (but without any obligation), object to the disclosure of your Personal Information to such parties.
• Other parties. We may share Personal Information with third parties as we deem appropriate in order to enforce or apply our Terms of Use, Additional Terms, or other agreements, including for billing and collection purposes, to prevent fraud, and to obtain advice about legal and financial matters.

Children’s Information

We do not directly collect Personal Information from children through the parts of our Services subject to this Policy.

Please note: we may receive data provided by a parent regarding their child or on behalf of a Customer or Client (which may include the child’s Identity Information, Audio/Visual Data, or Sensitive Personal Information) containing information regarding a child or groups of children, however, any group information is aggregated and anonymized such that it no longer is considered Personal Information under applicable laws. If you believe that we have collected Personal Information directly from a child under the age of 13 (in the U.S.) or 16 (typically the applicable age in European countries) without following the proper procedures, please notify us via email to dataprivacy@metametrics.com.

What Data Security Measures Do We Take?

MetaMetrics has reasonable safeguards to help prevent unauthorized access to, disclosure of, or misuse of your Personal Information. However, we cannot guarantee that your Personal Information will never be shared or otherwise processed in a manner inconsistent with this Privacy Policy (for example, as a result of unauthorized acts by third parties that violate applicable law or our Terms of Use).

If you register for a membership with the Hub or similar Solutions we offer, you will be asked to select a password to help protect your Personal Information. These passwords help us verify your identity before granting access or making corrections to any of your Personal Information. You should never share your password with anyone. MetaMetrics will never ask you for your password in a phone call or email. You are responsible for maintaining the secrecy of your passwords and any account information.

When subscribing for Premium membership through the Hub, you also provide your credit card information. It is transmitted using Secure Sockets Layer (SSL) technology to help prevent unauthorized access or misuse of that information. (PCI-compliance requires following the Transport Layer Security 1.2 rules.) SSL is the standard security technology for establishing an encrypted link between a web server and a browser. Make sure you see a full “lock” symbol and https in the status bar of your browser. Browsers like Firefox 63 and above, Google Chrome 70 and above, Safari 6.2 and above employ some version of the lock symbol to indicate security. If the lock symbol is not visible, do not enter any information.

The computers and servers in which MetaMetrics may store Personal Information are maintained only in secure environments.  We implement reasonable administrative, technical, and physical safeguards designed to protect Personal Information from unauthorized access, use, or disclosure

Please note that to the extent your Personal Information is shared with a service provider or other third party, we cannot guarantee, nor will we be responsible for, and disclaim liability for, the security measures of those third parties.

International Data

MetaMetrics is a U.S. company. If you are located outside of the United States and choose to provide information to us, we transfer at least some Personal Information to the United States for processing, and our service providers may process Personal Information in the United States and elsewhere. These countries may not have the same data protection laws as the country in which you initially provided the information. When we transfer your information to the United States, we will protect it as described in this Notice. Data we collect may be transferred to, stored, and processed in any country or territory where one or more of our affiliates or service providers are based or have facilities. While other countries or territories may not have the same standards of data protection as those in your home country, we will continue to protect Personal Information that we transfer in line with this Privacy Policy.

Personal Information Rights & Choices

How Can You Exercise Rights in Your Personal Information?

At any time, Members of the Hub or our other Solutions offering subscription options can change their Personal Information stored in the Profile page. Members can also choose to opt out of MetaMetrics’ mailing lists with immediate effect. 

• Hub Members can close their Hub account by following the steps outlined in the Hub. Members may select “delete all personal data” to trigger the deletion of Personal Information associated with a Hub account. 
• Portal Members can request the deletion or modification of their Portal account by submitting this Partner Help form. 

Regardless of whether you are a Member, depending on where you live, and subject to our obligations under applicable laws, you may have certain rights and choices regarding your Personal Information. Please note that these rights may vary based on the country or state where you reside, and our obligations under applicable law.

Verification of Rights Requests

If you submit a request, we typically must verify your identity to ensure that you have the right to make that request, reduce fraud, and to ensure the security of Personal Information. If an agent is submitting the request on your behalf, we reserve the right to validate the agent’s authority to act on your behalf.

We may require that you match the Personal Information we have on file in order to adequately verify your identity. If you have an account, we may require that you log into the account to submit the request as part of the verification process. We may not grant access to certain Personal Information to you if prohibited by law.

Regional Rights – United States     

Access/Know – You may have the right to receive certain information, such as the following (these rights, and the applicable types of data and time periods, will vary depending on the laws applicable to the state or country in which you reside):

• Access to and/or a copy of certain Personal Information we hold about you.
• You may have the right to obtain certain Personal Information in a portable format.
• California residents also have the right to obtain information about: 1) the categories of Personal Information we have collected or disclosed about you; (2) the categories of sources of such information; (3) the business or commercial purpose for collecting or selling your Personal Information; (4) the categories of third parties to whom we disclosed Personal Information; and (5) the right to confirm whether we are processing your Personal Information.

Erasure – You may have the right to request that we delete certain Personal Information we have about you. We may either decide to delete your Personal Information entirely, or we may anonymize or aggregate your Personal Information such that it no longer reasonably identifies you. Certain Personal Information may be exempt from such requests under applicable law. For example, we need certain types of information so that we can provide our services to you, we may be required to retain certain information for legal purposes, and there may be other reasons we may need to keep certain Personal Information under various applicable laws. In addition, if you ask us to delete your Personal Information, you may no longer be able to access or use some of our tools or services.

Correction – You may have the right to request that we correct certain Personal Information we hold about you.

Limitation of Processing – Certain laws may allow you to object to or limit the manner in which we process some of your Personal Information, including the ways in which we use or share it. For example, you may have these rights if the processing was undertaken without your consent in connection with our legitimate business interests (although we may not be required to cease or limit processing in cases where our interests are balanced against your privacy interests).

Regulator Contact – You may have the right to contact or file a complaint with regulators or supervisory authorities about our processing of Personal Information. To do so, please contact your local data protection or consumer protection authority.

Postings by Minors – Users of our Services under the age of 18 in certain jurisdictions have the right to require that we delete any content they have posted on one of our Services.

Non-Discrimination – California residents have the right to not to receive discriminatory treatment as a result of their exercise of rights conferred by the CCPA.

Other – You may have the right to receive information about the financial incentives that we offer to you, if any. You may also have the right to not be discriminated against (as provided for in applicable law) for exercising certain of your rights.

Appeal – You have the right to appeal if we do not take action or deny your request. Please contact us using the information below to exercise these rights.     

Rights Requests

If you believe that you have specific rights under your jurisdiction and you would like to exercise any of these rights, please submit a request via email at dataprivacy@metametrics.com. Other than marketing opt-out and do-not-sell, do-not-share (for behavioral advertising purposes) or limit use of sensitive data requests, you will be required to verify your identity before we fulfill your request. In certain jurisdictions, you may be able to designate an authorized agent to make a request on your behalf, subject to certain requirements of your applicable law. We may require that you provide the email address we have on file for you (and verify that you can access that email account) as well as an address, phone number, or other data we have on file, in order to verify your identity. Please do not include any student identification numbers in your request. If an agent is submitting the request on your behalf, we reserve the right to validate the agent’s authority to act on your behalf, and we may be required to take additional verification measures under applicable law.

Opt-Out of Sale & “Sharing” for Behavioral Advertising

MetaMetrics does not currently “sell” or “share” for behavioral advertising (as defined by the California Consumer Privacy Act and other U.S. state laws) any Personal Information subject to this Privacy Policy, and we do not exchange Personal Information for any type of financial incentive. However, if you wish to be placed on our “do not sell or share” list in the event that we begin selling Personal Information or sharing it for behavioral advertising purposes in the future, please submit a request via email to dataprivacy@metametrics.com and request to be added to this list.

Cookies, Similar Technologies, & Targeted Advertising

Opt-Out – If you do not want information collected through the use of cookies, you can manage/deny cookies (and certain technologies) using your browser’s settings menu or our Manage Cookies page located at https://hub.lexile.com/cookies-policy/. You may need to opt out of cookies and similar technologies on third-party sites directly via the third party. For example, to opt out of Google’s analytics and marketing Services, visit Google Analytics Terms of Use, the Google Policy, or Google Analytics Opt-out.

Do Not Track – Please note that our Services do not currently respond to browser-based “do not track” signals. We will respond to any similar signals in the future as may be required by applicable law.

Additional Marketing Rights & Choices

Opt-out of Marketing – All individuals have the right to opt out of receiving marketing communications from MetaMetrics at any time. You may exercise your choices regarding marketing communications by clicking on the “unsubscribe” link in emails we send you, or you can submit a request via email at hello@metametrics.com.

Direct Marketing – California residents and residents of certain other states may have the right to request a list of Personal Information we have disclosed about you to third parties for direct marketing purposes during the preceding calendar year.

Withdrawing Your Consent/Opt-Out – You may withdraw any consent you have provided at any time. The consequence of your withdrawing consent might be that we cannot perform certain services for you, such as location-based services, personalizing or making relevant certain types of advertising, or other services conditioned on your consent or choice not to opt out.

Additional CCPA Mandatory Disclosures 

For purposes of the CCPA, we add these supplemental disclosures, which are described in further detail above in this Privacy Policy.

• Categories of Personal Information disclosed for a Business Purpose in the last 12 months (business purposes for these disclosures are as described above):
• Disclosed to Service Providers, Partners, Affiliates, Google Analytics, or Disclosed With Consent: Identity Data, Contact Data, General Location Data, Device/Network Data, Account Log-In Data.
• Disclosed to Service Providers: Audio/Visual Data, Financial Data.
• Categories of Sensitive Personal Information Used or Disclosed: Financial Data. 
• Data Sold/Shared: We have not “sold” or “shared” Personal Information (as defined by the CCPA) in the last 12 months.     

Residents of European Economic Area, Switzerland, & United Kingdom, & Parties That Adhere to EU Laws & Regulations     

Controller

The data controller (i.e., the entity that determines the purpose and means of processing your Personal Information) for your Personal Information is MetaMetrics, Inc. 

Legal Basis

We process your Personal Information in accordance with applicable data protection laws. If you are subject to the General Data Protection Regulation (“GDPR”), we process Personal Information in accordance with one of the required legal bases. For example, when you voluntarily provide Personal Information to us, we primarily process it with your consent or in order to fulfill a contract with you. We also process on the basis of our Legitimate Interests (as further described in the “Business Purposes” and other data processing disclosures above). We may also process certain Personal Information to the extent required by applicable legal requirements or vital interests. Please see above for additional details.

International Transfers

If you are located in the European Economic Area (“EEA”), please note that some countries outside the EEA do not have laws that protect your privacy rights as extensively as those in the EEA. However, if we do transfer your Personal Information to other territories, we will put in place appropriate safeguards designed to ensure that your Personal Information will be protected and processed in accordance with this Privacy Policy and the requirements of applicable data protection laws, including, when applicable, the General Data Protection Regulation (“GDPR”) or the UK GDPR (as defined in UK Data Protection Act 2018). We may transfer Personal Information from the EEA to the US using the EU or UK (as applicable) standard contractual clauses or other lawful mechanisms.

Your Rights

Residents of the EU/EEA, UK, and Switzerland have the following rights. Please review the above section “Verification of Rights Request” as to how we may verify your identity using Personal Information.  Applicable law may provide exceptions and limitations to all rights.

Access: You may have a right to access the Personal Information we process.

Consent: To the extent we rely on your consent to process Personal Information, you may withdraw your consent at any time. We may continue processing on alternative or additional legal bases. Withdrawal of consent does not affect the lawfulness of processing undertaken prior to withdrawal.

Deletion: You may request that we delete your Personal Information. We may delete your data entirely, or we may anonymize or aggregate your information such that it no longer reasonably identifies you. 

Data Export: You may request that we send you a copy of your Personal Information in a common portable format of our choice. 

Restriction: You may request that we restrict the processing of Personal Information to what is necessary for a lawful basis.

Objection: You may have the right under applicable law to object to any processing of Personal Information based on our legitimate interests. We may not cease or limit processing based solely on that objection, and we may continue processing where our interests in processing are appropriately balanced against individuals’ privacy interests. In addition to the general objection right, you may have the right to object to processing (to the extent we undertake such processing):

• for profiling purposes;
• for direct marketing purposes (we will cease processing upon your objection); and
• involving automated decision-making with legal or similarly significant effects.

Rectification: You may correct any Personal Information that you believe is inaccurate.

Regulator Contact: You have the right to file a complaint with regulators about our processing of Personal Information. To do so, please contact your local data protection or consumer protection authority. 

Rights Requests

If you would like to exercise any of these rights, please submit your request via email at dataprivacy@metametrics.com.

In your request, please make clear what request you are making and any specific instructions. Please do not include any student identification numbers in your request. We verify your identity and geographic residency before fulfilling your request (see above for more information). We will comply with your request as soon as reasonably practicable and within the time periods required by applicable law. 

Please note that we often need to retain certain Personal Information for recordkeeping purposes and/or to complete any transaction that you began prior to submitting your request (e.g., when you make a purchase or enter a promotion, you may not be able to change or delete the Personal Information provided until after the completion of the purchase or promotion). We also may not delete certain Personal Information for legal reasons. 

Changes & Questions

How Should You Track Changes to This Privacy Policy?

We may update this Privacy Policy periodically and as necessary from time to time. We will post a link to the updated policy in the footer of all covered Sites if changes are made. We encourage you to review this page regularly to stay up to date on changes to this Privacy Policy.

Additionally, for registered users of the Hub, notifications may be made through your account if material changes occur and we determine that notice is required. Your continued use of the service constitutes your acknowledgement of the processing described in this Privacy Policy and any updates.

 

Where Should You Direct Questions to Us About This Privacy Policy?

If at any time you have questions or concerns about our privacy practices, in general, or this Privacy Policy in particular, please feel free to contact us by sending an email to dataprivacy@metametrics.com.