TCB logo
Sign in Register

Institutional Privacy Policy

 

THE CHAIRMAN’S BAO®

PRIVACY, STUDENT DATA, AND SECURITY POLICY

(SCHOOL DISTRICT PROCUREMENT VERSION)

1. PURPOSE AND SCOPE

This Privacy, Student Data, and Security Policy (“Policy”) describes how The Chairman’s Bao Ltd. (“TCB,” “we,” “us,” or “our”) collects, uses, discloses, stores, and protects personal information and Student Data in connection with its Website and Mobile Application (the “Services”).

This Policy applies to:

  • Educational institutions, including schools, districts, and other educational agencies (“Institutions”);
  • Students accessing the Services through Institutional accounts;
  • Any administrator, teacher, or staff user acting on behalf of an Institution.

2. REGULATORY COMPLIANCE

TCB is committed to compliance with applicable data protection and student privacy laws, including but not limited to:

  • The Family Educational Rights and Privacy Act (“FERPA”);
  • The Children’s Online Privacy Protection Act (“COPPA”);
  • Applicable U.S. state student privacy laws, including SOPIPA-aligned requirements;
  • The UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018.

Where Institutional use is involved, this Policy is intended to operate in conjunction with any executed Data Processing Agreement (“DPA”) or Student Data Privacy Agreement (“SDPA”).

3. DEFINITIONS

Student Data” means information that is directly related to an identified or identifiable student and is maintained by TCB in its capacity as a service provider to an Institution.

Education Records” has the meaning set forth under FERPA and includes records maintained by an educational institution or by a party acting on its behalf.

De-identified Data” means data that has been modified to remove all direct and indirect identifiers and that cannot reasonably be used to identify an individual.

4. ROLE OF TCB (FERPA SCHOOL OFFICIAL)

When providing Services to Institutions, TCB acts as a “School Official” with a legitimate educational interest under FERPA.

In this capacity, TCB:

  • Processes Student Data solely for authorized educational purposes;
  • Acts only on the written instructions of the Institution;
  • Does not obtain ownership rights in Student Data;
  • Does not use Student Data for any purpose other than service delivery, support, maintenance, or improvement of the Services;
  • Maintains administrative, technical, and physical safeguards appropriate to protect Student Data.

5. COLLECTION AND USE OF STUDENT DATA

TCB collects and processes only the minimum Student Data necessary to provide the Services, as determined by the Institution’s configuration.

Student Data may include:

  • Account identifiers (which may be pseudonymous or de-identified);
  • Learning activity and progress data;
  • User-generated educational content;
  • Device and technical information;
  • Authentication and session data.

Institutions may elect to implement:

  • Pseudonymous identifiers;
  • Anonymous identifiers;
  • De-identified or minimally identifiable student records.

TCB supports such configurations where operationally feasible.

6. USE RESTRICTIONS

TCB expressly agrees that it shall not:

  • Sell Student Data or Education Records;
  • Use Student Data for advertising or targeted marketing;
  • Create behavioral profiles for advertising purposes;
  • Monetize Student Data in any manner inconsistent with this Policy or applicable law;
  • Use Student Data for purposes unrelated to educational service delivery.

7. DATA SHARING AND DISCLOSURE

TCB does not disclose Student Data except:

  • As directed in writing by the Institution;
  • As required by applicable law, regulation, or valid legal process;
  • To approved subprocessors performing services on behalf of TCB under written contractual obligations.

All subprocessors are bound by written agreements requiring:

  • Confidentiality;
  • Data security controls;
  • Prohibition on secondary use of Student Data;
  • Compliance with applicable privacy laws.

8. DATA PROCESSING AGREEMENTS (DPA / SDPA)

TCB will enter into Data Processing Agreements (DPAs), Student Data Privacy Agreements (SDPAs), or equivalent institutional agreements upon request.

Such agreements may govern:

  • Data ownership;
  • Permitted uses;
  • Security obligations;
  • Retention and deletion requirements;
  • Audit and compliance provisions.

Institutions requiring such agreements or procurement documentation should contact:
contact@thechairmansbao.com

9. DATA RETENTION AND DELETION

Student Data is retained only for as long as necessary to provide the Services or as required by the Institution or applicable law.

Upon:

  • termination of Institutional services; or
  • written request from the Institution;

TCB shall:

  • return Student Data to the Institution; or
  • securely delete Student Data, including reasonable steps to remove data from active systems.

Backup data will be deleted or rendered inaccessible within a commercially reasonable period following deletion or termination.

10. SECURITY CONTROLS

TCB implements administrative, technical, and physical safeguards designed to protect Student Data against unauthorized access, disclosure, alteration, or destruction.

Such safeguards include, where appropriate:

  • Encryption in transit;
  • Access controls and authentication mechanisms;
  • Role-based access restrictions;
  • Monitoring and logging;
  • Security testing and vulnerability management;
  • Incident response procedures.

11. SECURITY INCIDENT NOTIFICATION

In the event of a confirmed security incident involving Student Data, TCB shall notify the affected Institution without undue delay and in any case no later than 72 hours after confirmation, unless a shorter period is required by applicable law or contractual obligation.

12. INTERNATIONAL DATA TRANSFERS

Student Data is processed by our servers in Singapore.

Where cross-border transfers occur, TCB implements appropriate safeguards consistent with applicable data protection laws, including approved contractual transfer mechanisms.

13. COPPA COMPLIANCE

For users under the age of 13 in the United States, TCB collects personal information only:

  • with verifiable parental consent; or
  • pursuant to Institutional authorization consistent with COPPA-compliant educational use.

TCB does not:

  • use children’s personal information for behavioural advertising;
  • sell children’s personal information;
  • permit profiling for advertising purposes.

Parents may request access, correction, or deletion of their child’s personal information by contacting:
contact@thechairmansbao.com

14. THIRD-PARTY SERVICE PROVIDERS

TCB uses subprocessors to support service delivery, including providers of:

  • Cloud infrastructure;
  • Authentication systems;
  • Analytics tools;
  • Customer support systems;
  • Payment processing systems;
  • Security monitoring services.

All subprocessors are contractually bound to:

  • process data only on behalf of TCB;
  • comply with applicable privacy and security requirements;
  • prohibit secondary use of Student Data.

15. ANALYTICS AND TRACKING TECHNOLOGIES

TCB uses analytics tools to measure service performance and improve functionality, including:

  • Google Analytics;
  • Microsoft Clarity;
  • Hotjar;
  • Meta Pixel (where applicable for non-student contexts).

For Institutional and Student accounts:

  • advertising tracking is disabled or restricted where required;
  • Student Data is not used for advertising or profiling purposes.

16. DATA DE-IDENTIFICATION

TCB may use de-identified data for:

  • research;
  • analytics;
  • product improvement;
  • service development.

TCB shall not attempt to re-identify de-identified data and shall require equivalent restrictions from any recipients of such data.

17. CHILD AND STUDENT PRIVACY OPTIONS

Institutions may configure accounts using:

  • pseudonymous identifiers;
  • anonymized identifiers;
  • de-identified student records.

TCB supports privacy-minimising implementations where requested by Institutions.

18. DATA OWNERSHIP

All Student Data and Education Records remain the property of the Institution or the applicable rights holder. TCB obtains only a limited, non-exclusive license to process such data for the purpose of providing the Services.

19. CONTACT INFORMATION

Privacy and procurement inquiries, including requests for DPAs or security documentation, should be directed to:

contact@thechairmansbao.com

 

Start learning
TCB Mandarin Excellence Programme
Pearson download TCB from App Store download TCB from goolge play download TCB APK
About Us Plans For Teachers Blog
Terms of Use Privacy Policy Contact Us
The Chairman's Bao® Ltd. is a company registered in England
and Wales with company number 09222815. The Chairman's Bao® Ltd. is a company registered in England and Wales with company number 09222815.
TCB support payment via Discover TCB support payment via JCB TCB support payment via Maestro TCB support payment via Master Card TCB support payment via Visa TCB support payment via American Express
Join our Facebook discussion group!