Privacy Policy

5. Secure Attendance

Top Hat has a feature that captures Location Information when used by an Institution User to take attendance (“Secure Attendance”). Location Information is not associated with any Personal Information in the Products. Location Information is only used for the purpose of Secure Attendance. Location Information is not tracked any other time.  

6. Accessing and Correcting Your Personal Information 

You are entitled to access and correct your Personal Information at any time. Top Hat will, at your request, provide you with copies of your Personal Information Top Hat has in its possession, including for the purpose of correcting or updating your Personal Information, unless there is an exception to such disclosure that applies under Applicable Law. Please send such request to Top Hat as described in Section 14. Before Top Hat provides you with access to your Personal Information, Top Hat may require proof of identity. For most requests, your Personal Information will be provided free of charge; provided, however, Top Hat may charge a reasonable fee if such request requires a substantial effort on Top Hat’s part. If Top Hat refuses to provide you with access to your Personal Information, Top Hat will provide you with reasons for the refusal and inform you of any exceptions relied upon under Applicable Law (unless it would be unreasonable to do so). 

For more information on potential rights under different Applicable Laws, please see the Jurisdiction-Specific Requirements section below.

7. Account Deletion and Marketing Communications Preferences  

7.1. Account Deletion Requests. You may request the deletion of your User Account at any time. Top Hat may delete your Personal Information, subject to technological constraints, Institution requirements, and Applicable Law (and relevant exceptions). For users in the United States, please be aware that privacy laws do allow for the retention of personal information collected under FERPA.

7.2. Appeal Process. In the event that Top Hat is unable to complete your request to delete your Personal Information, Top Hat shall inform you of the reason for denying the request.

To appeal Top Hat’s decision, please follow the steps below:

Contact Top Hat’s Data Privacy Officer at privacy@tophat.com outlining the details of your request and your appeal;

If you wish to appeal further, please see the contact details for the Data Protection Authority in your state outlined in the Jurisdiction Specific Requirements. 

7.3. Unsubscribe from Marketing Communications. If you do not wish to continue receive marketing communications you’ve opted into, you will need to do one of the following:

a) Follow the “unsubscribe” instructions included within each e-mail communication;

b) Select or deselect (depending on the service) the appropriate option in your User Account settings; or  

c) Email support@tophat.com with subject line: Email Unsubscribe

7.4. California Residents.  For California Users, additional information on Do Not Sell or Share my Personal Information can be found here.

8. Safeguards Top Hat has in Place  

8.1. Top Hat stores and processes Personal Information on servers in Canada and the United States. Accordingly, your Personal Information may be available to government bodies or their agencies in those jurisdictions under a lawful order.  Top Hat employs reasonable administrative, physical, and technical measures to ensure that your Personal Information is secure. In addition, Top Hat’s dedicated team of information technology professionals works to maintain data accuracy and prevent unauthorized access to sensitive information. Unfortunately, no security system can be guaranteed to be 100% secure. Accordingly, Top Hat cannot guarantee the security of your Personal Information. The Internet is not a secure medium and you acknowledge and agree that the privacy of your e-mail communication and Personal Information can never be guaranteed as any e-mail communication may be lost, intercepted or altered. 

The safety and security of your information also depends on you. Where you have chosen a password for access to certain parts of our Products, you are responsible for keeping this password confidential. You should not share your password with anyone, and you should not re-use passwords that you use on other websites or services.

8.2. Third-Party Service Providers are bound by agreement or obligations with Top Hat to implement and maintain reasonable security procedures and practices in order to use and disclose your Personal Information in a manner consistent with the use and disclosure provisions of this Policy, unless you consent otherwise. Third-Party Service Providers are located in Canada, the United States, the Philippines, and Europe and, as a result, your Personal Information may be stored, processed or transferred into or out of these countries where applicable. Top Hat takes all reasonable measures and precautions to protect your Personal Information when it is being handled by Third-Party Service Providers.  If you wish to obtain more information on Top Hat’s use of Third-Party Service Providers and policies and practices regarding Third-Party Service Providers, please send such request to Top Hat as described in Section 14 hereof.

9. Family Education Rights & Privacy Act (FERPA)

In the United States, FERPA restricts the disclosure of personally identifiable information from a Student User’s education records, unless an exception applies.  For US Users, Top Hat’s data protection and privacy policies and practices allow Institutions to comply with FERPA, and other applicable federal and state privacy laws. Top Hat maintains the privacy of Personal Information, and only uses this information to deliver and improve Top Hat Products provided to Institutions and Student Users.  You may also have specific rights related to accessing and/or updating your Personal Information when FERPA applies.  Student Users may also edit Personal Information provided to Top Hat by accessing their account information and updating their settings. Full instructions can be found here: Updating Student User Account Information. In the event that any collected Student User Personal Information is inaccurate, Users have the ability to contact Top Hat Support via email or phone to request corrections. Prior to amending Personal Information, Top Hat will validate the user’s identity, and notify the Institution of the request if required by prior agreement.

For further information about FERPA compliance, or to access, modify, or remove any such data, please contact Top Hat as described in Section 14.

10. Cookies 

Top Hat uses cookies as well as pixel tags, web beacons, clear GIFs and other similar technologies (collectively, “Cookies”) to ensure our Websites and Products work as intended, to understand and save your preferences for future visits, to analyze how our Website and Products are used, to provide you relevant advertising, and to compile aggregate data about site traffic and site interaction.  

Types of Cookies.  The following is a list of cookie types: (a) Necessary Cookies 
are essential to enabling your use of the Website and Products and will always remain active; (b) Preferences Cookies allows Top Hat to remember the choices you make on the Website and Products and to provide enhanced and more personalized features, such as customising a certain webpage, remembering if Top Hat has asked you to participate in surveys, and for other services you request; (c) Statistics Cookies 
help Top Hat learn how well the Website and Products are performing; and (d) Marketing Cookies are a specialized type of cookie that can be shared by more than one website or service and are used for legitimate marketing and advertising purposes.  

Managing Your Cookie Preferences.  If you do not want information collected through the use of Cookies, you can manage your Cookie preferences through Top Hat’s Privacy Preference Center, which is accessible when you first visit the Website, or by clicking “Cookie Settings” in the Website appearing at the bottom of your screen.  You may update your Cookie-related preferences at any time.

Many advertising companies that collect information for interest-based advertising are members of the Digital Advertising Alliance (DAA) or the Network Advertising Initiative (NAI), both of which maintain websites where people can opt out of interest-based advertising from their members. To opt-out of website interest-based advertising provided by each organization’s respective participating companies, visit the DAA’s opt-out portal available at http://optout.aboutads.info/, or visit the NAI’s opt-out portal available at http://optout.networkadvertising.org/?c=1.

To opt-out of data collection for interest-based advertising across mobile applications by participating companies, download the DAA’s AppChoices mobile application opt-out offering here: https://youradchoices.com/appchoices.

Use of Google Analytics.  We may use third-party service providers to monitor and analyze the use of our Site. Presently, we use Google Analytics. Google Analytics is a web analytics service offered by Google LLC (“Google”) that tracks and reports Site traffic. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy?hl=en. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics, available at: https://tools.google.com/dlpage/gaoptout.

Browser-Based Controls.  We do not control third parties’ collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. In addition, most web browsers provide help pages relating to setting cookie preferences. More information may be found for the following browsers here:

Google Chrome

Internet Explorer

Mozilla Firefox

Safari (Desktop)

Safari (Mobile)

Android Browser

Opera

Opera Mobile

Do Not Track. Some Internet browsers include the ability to transmit “Do Not Track” or “DNT” signals. Since uniform standards for “DNT” signals have not been adopted, our Website does not currently process or respond to “DNT” signals.

Mobile App Advertising.  When you use our mobile applications, we or our third party marketing partners may use one or more of several different identifiers for your mobile device, including Apple Identifier For Advertising (IDFA) or Android Advertising ID (AAID), to target and deliver ads to you in our app or other apps. This means that, depending on your settings and permissions, your device identifier may be accessed by third-party ad networks and used to (a) help manage the number and types of ads you see; (b) track the source of installs related to ads seen in other apps; and (c) identify your interests and behavior and target advertising to you based on those interests and behavior.

Apple requires app developers to ask for permission before they can track your activity across apps or websites they do not own in order to target advertising to you, measure your actions due to advertising, or to share your information with data brokers. If you previously gave our mobile app permission to track, you can tell our app to stop tracking your activity. On iOS or iPadOS, go to Settings, tap on our app, then tap to turn off Allow Tracking. You can also reset your IDFA from your mobile device’s settings page, which will prevent continued use of existing behavioral data tied to your previous IDFA.

If you have an Android device, and are running Android 12 or above, you can delete your AAID permanently by opening Settings, navigating to Privacy > Ads, tapping “Delete advertising ID,” then tapping it again on the next page to confirm. This will prevent any app on your phone from accessing it in the future. Please note that if you do so, you will still see advertisements, but they will not be tailored to your inferred interests.

11. Third-Party Websites and Links 

The Products are connected to other websites or linked resources provided by third parties (“Third-Party Websites”). You acknowledge and agree that Top Hat makes no representation, warranty, covenant, or claim regarding, and Top Hat expressly disclaims and denies any responsibility or liability for, directly or indirectly, the privacy practices on any Third-Party Websites accessible by link from the Website or Products. You agree that the inclusion of any such link does not suggest, represent, warrant, covenant or imply that Top Hat monitors, endorses or exerts any control over such Third-Party Website.  You agree that Top Hat provides these links to you only as a convenience, and the inclusion of any link does not suggest, represent, warrant, covenant or imply affiliation, endorsement or adoption by Top Hat of any such Third-Party Website.  When you leave the Top Hat Website or Products, you acknowledge and agree that Top Hat’s terms and policies do not govern your access to, and use of, other Third-Party websites. you acknowledge Top Hat’s recommendation to review the applicable privacy and data gathering practices of any Third-Party website to which you navigate from the Website or Products.

12. Social Media Features 

The Website may include social media features, such as the Facebook button, and widgets, such as the Share this button or interactive mini-programs that run on the Website (“Social Media Features”). As described above, Social Media Features may collect your IP address, which page you are visiting on the Website, and may set a Cookie to enable the feature to function properly. Social Media Features are either hosted by a third party or hosted directly on the Website. Your interactions with these features are governed by the privacy policy of the third party providing it. 

13. Jurisdiction-Specific Requirements and Rights

Top Hat is committed to ensuring it meets Applicable Law requirements for our Users. For specific information about Applicable Law in your jurisdiction, including contact information for your federal, state, or provincial privacy regulator if required, please see our Jurisdiction Specific Requirements page, available at: https://tophat.com/company/legal/jurisdisction-specific-privacy-requirements/. 

Depending on applicable law where you reside or are located, you may be able to assert certain rights identified below with respect to your Personal Information. If any of the rights listed below are not provided to you under the law that governs the processing of your Personal Information, we have absolute discretion in providing you with those rights. Please refer to the table below to determine the rights you have in your jurisdiction.

Your rights in relation to your Personal Information are not absolute. Depending upon the applicable law, access to your rights under the applicable law may be denied: (a) when denial of access is required or authorized by law; (b) when granting access would have a negative impact on another’s privacy; (c) to protect our rights and properties; or (d) where the request is frivolous or vexatious, or for other reasons.

Privacy rights include the following:

Right to Know/Access. You may have the right to obtain a copy, or a list of categories of the Personal Information that we hold about you, as well as other supplementary information, such as the purposes of processing, and the entities to whom we disclose your Personal Information.

Right to Correct. You may have the right to correct any of your Personal Information in our records and systems. You may request us to rectify, correct or update any of your Personal Information held by us that is inaccurate. In addition to the methods described below, you can correct your Personal Information through your account settings.

Right to Delete. Under certain circumstance, you may have the right to request that we delete the Personal Information that we hold about you. This right is not absolute, and we may refuse such a request if there are compelling legitimate grounds for keeping your Personal Information, for legitimate purposes, or as required by law. In addition, in the event your deletion request is honored, we may retain a record of your deletion request as required under applicable laws and their exceptions.

Right to Portability. You may have the right to receive a copy of the Personal Information we have collected about you in a structured, commonly used and machine-readable format.

Right to Opt-Out Sale / Right to Opt-Out of Sharing for Targeted Advertising. You may have the right to opt-out of: (i) the sale of your Personal Information; and (ii) the sharing of your Personal Information for targeted advertising. For the avoidance of doubt, we do not sell your contact information, student records, or other information about you to third parties.  While we do not sell your Personal Information for money or as part of any other exchange, like many websites, we use Cookies, pixels, and similar technology, and we make available certain information, such as your IP address or device identifiers, to certain third-party advertisers in order to improve your user experience and to optimize our marketing activities. Under some state privacy laws’ unique definition of “sell”, this could be considered a sale, and it could be considered “sharing” of your Personal Information for targeted, cross-context behavioral advertising purposes. You have the right to direct us not to “sell” your Personal Information to third parties, and to direct us not to share or use your Personal Information for targeted advertising purposes. To exercise your right to opt-out, please use the “Cookie Settings” tool available via our Website footer, or email us as described in the “Contact Us” section below. Top Hat processes opt-out preference signals in a frictionless manner in alignment with applicable law. To start using an opt-out preference signal for your web browser, please refer to the Global Privacy Control instructions provided here. You will need to submit a separate opt-out of selling/sharing request on each device and browser you use to visit our Website. Please note that you may still receive generalized ads after opting out of targeted advertising. 

Right to Limit Use and Disclosure of Sensitive Personal Information. If you are a California resident, to the extent your sensitive Personal Information, as that term is defined under California privacy law, is used to infer characteristics about you, you have the right to object to our processing of your sensitive Personal Information. We do not process your sensitive personal information for our Products.

Right to Opt-Out of Automated Decision-making or Profiling. You may have the right not to be subject to a decision which significantly impact your rights that is based solely on automated processing (where a decision is taken about you using an electronic system without human involvement). No decision will be made by us about you solely on the basis of automated decision making which has a significant impact on you.

Right Against Discrimination. You may have the right not to be discriminated against for exercising any of the rights described in this section. We will not discriminate against you for exercising your rights.

Right to Appeal. In certain jurisdictions, you may have the right to appeal if we refuse to take action on your rights request. Instructions on how to appeal will be provided to you upon such a denial, but in any event, such instructions will be substantially similar to those provided in this Policy for submitting requests.

Shine the Light. If you are a California resident, you have the right to ask us for a notice describing what categories of Personal Information we share with third parties or corporate affiliates for those third parties’ or corporate affiliates’ direct marketing purposes. That notice will identify the categories of Personal Information shared with third parties and used for direct marketing purposes and the name and address of the third parties that received such Personal Information.

Right to Object. You may have the right to object to processing of your Personal Information for direct marketing purposes or if we are processing your Personal Information on the basis of our legitimate interest under applicable law.

Right to Restrict. In some jurisdictions, applicable law may give you the right to restrict or object to us processing or transferring your Personal Information under certain circumstances. We may continue to process your Personal Information if it is necessary for the defense of legal claims, or for any other exceptions permitted by applicable law.

Right to Withdraw Consent. In certain jurisdictions, to the extent the processing of your Personal Information is based on your consent, you may withdraw your consent at any time. Your withdrawal will not affect the lawfulness of our processing based on consent before your withdrawal.

Marketing Communications. You may choose to provide us with your email address to send free newsletters, surveys, offers, and other promotional materials to you, as well as targeted offers from third parties. You can stop receiving promotional emails by following the unsubscribe instructions in emails that you receive. If you decide not to receive promotional emails, we may still send you service-related communications. 

Please note that “unsubscribe” requests may not take effect immediately and may take a reasonable amount of time to receive, process, and apply, during which time your information shall remain subject to this Policy. Additionally, you should be aware that any information provided to third-parties prior to your election to unsubscribe will not be retrieved or rescinded, unless required by applicable law.

Right to Lodge a Complaint. You may have the right to lodge a complaint with your local data protection authority about our processing of your Personal Information. Contact details for data protection authorities in the European Economic Area are available here, and contact details for the United Kingdom’s ICO are available here.

As mentioned above, depending on where you reside or are located, you may be able to assert certain rights with respect to your Personal Information. To determine which rights you have, please refer to the table below that references the rights as described immediately above. Any places that are not listed either do not have a law providing such rights, or their law does not apply to our operations.

Please understand that this is not an absolute right, and we retain full discretion to maintain certain of our information even after honoring a deletion or rights request. For instance, we may need to retain certain information for the purposes of complying with our ongoing legal obligations (including our obligation to maintain a record of your deletion request or past purchases), helping ensure security and integrity of our systems and the information under our control and/or protect the rights and interests of Top Hat and/or other individuals.

Residence	Applicable Rights
European Economic Area, United Kingdom, or Switzerland	(a) Right to Know/Access; (b) Right to Correct; (c) Right to Delete; (d) Right to Portability; (e) Right to Opt-Out of Sale / Right to Opt-Out of Sharing for Targeted Advertising; (g) Right to Opt-Out of Automated Decision-making or Profiling; (h) Right Against Discrimination; (k) Right to Object; (l) Right to Restrict; (m) Right to Withdraw Consent; and (o) Right to Lodge a Complaint.
California	(a) Right to Know/Access; (b) Right to Correct; (c) Right to Delete; (d) Right to Portability; (e) Right to Opt-Out of Sale / Right to Opt-Out of Sharing for Targeted Advertising; (f) Right to Limit Use and Disclosure of Sensitive Personal Information; (g) Right to Opt-Out of Automated Decision-making or Profiling (upon issuance of regulations by the California Privacy Protection Agency); (h) Right Against Discrimination; and (j) Shine the Light.
Colorado, Connecticut, Delaware, Iowa, Montana, Nebraska, New Hampshire, New Jersey, Oregon Tennessee,  Texas, Utah and Virginia	(a) Right to Know/Access; (b) Right to Correct; (c) Right to Delete; (d) Right to Portability; (e) Right to Opt-Out of Sale / Right to Opt-out of Sharing for Targeted Advertising; (g) Right to Opt-Out of Automated Decision-making or Profiling; (h) Right Against Discrimination; (i) Right to Appeal; and (m) Right to Withdraw Consent.
Any location, including those listed above	b) Right to Correct; (c) Right to Delete; and (n) Marketing Communications.

Fulfilling Your Request to Exercise Your Rights; Authorized Agents. 

Before fulfilling your request, we may be required by law to have you to verify the personal information we already have on file to confirm your identity. If we cannot verify your identity based on the information we have on file, we may request additional information from you, which we will only use to verify your identity, and for security or fraud-prevention purposes.

Depending on the Applicable Law where you reside, you may use an authorized agent to submit a rights request on your behalf. If you use an authorized agent to submit requests on your behalf, we will require you to directly verify your identity with us, or have you directly confirm with us that the authorized agent has been authorized to act on your behalf.

14. Contact Information 

Top Hat has a Data Privacy Officer, Annika Thurlow.

If you have any questions about this Policy, concerns about how Top Hat manages your Personal Information, or if you would like to make a complaint about how Top Hat manages your Personal Information, please contact Top Hat’s Data Privacy Officer, by mail or email at: (a) Tophatmonocle Corp., 151 Bloor Street West, Suite 200, Toronto, Ontario, Canada, M5S 1S4, and (b) privacy@tophat.com.

15. Children’s Privacy

As set forth in the User Agreement, the Products are not meant for users under the age of 13 years old.  Moreover, in order to create an account or use the Products, you must be either (i) at least 18 years of age and have the capacity to enter into the User Agreement; (ii) at least 13 years of age, but less than 18, years of age, enrolled in a higher education Institution and are an Eligible Student under FERPA; or (iii) if the Student User is are least 13 years of age, but less than 18, years of age, and not enrolled in a higher education Institution, you are the Student User’s parent or guardian with the authority to enter into the User Agreement and can consent to providing Personal Information related to the Student User on behalf of such Student User.  If a child under 13 provided our Website or Products with Personal Information, we ask that a parent or guardian contact us as described below so that we may promptly delete the child’s information from our record.

16. Interpretation of this Policy

This Policy does not create or confer upon any individual any rights, or impose upon Top Hat any obligations, in addition to any rights or obligations imposed by applicable federal, state and provincial privacy laws. Should there be any inconsistency between this Policy and applicable federal and provincial privacy laws, including FERPA or the Privacy Act in Australia, this Policy will be interpreted to comply with the applicable privacy laws.