This privacy policy (the ‘Privacy Policy’) governs the manner in which Foreword Development LLC (‘Group’, the ‘development group’, ‘we’, ‘us’) collects, uses, maintains and discloses information collected from users (each, a ‘User’) of the Foreword Development LLC website (the ‘Site’) and Group’s mobile applications (the ‘Applications’). The Privacy Policy applies to the Site and the Applications and all products and services offered by Group.

1. Responsible authority

   Foreword Development is based in Paris. Our presence in Paris is the responsible legal authority for the processing of User’s personal data, which are stored on servers in Frankfurt run by Linode. Foreword Development does not use Amazon Web Services for the processing or the storage of any user information.

   If you have any questions regarding data protection, please contact us at the email address on the top left.

2. Personal identification information

   We may collect personal identification information from Users in a variety of ways, including, but not limited to, when Users visit the Site, use the Applications, register on the Site or the Applications, fill out a form and in connection with other activities, services, features or resources we make available on the Site and/or Applications. Users may be asked for, as appropriate, name, email address, mailing address or phone number. Personal data that User provides will only be processed for correspondence with User or only for the purpose for which User has made the data available to us.

   Users may visit our Site and Applications anonymously. We will collect personal identification information from Users only if they voluntarily submit such information to us. Users can always refuse to supply personal identification information, except that it may prevent them from engaging in certain Site or Applications related activities.

   The basis for this data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.

   The functioning of two services offered by Group requires personal identification of User, namely:

   1. Admin

      The administration sections (‘Admin’) of the Site or Applications require a login to protect the integrity of the data provided by the Site and Applications. Apropos the Site, a session cookie is set on User’s browser verifying User has sufficient permissions to access the administration section. This cookie is hashed and inaccessible to other domains. While a User is logged-in to Admin, said User is personally identifiable by names, email address and IP address. These information are essential for Admin to function. The name and email address of each Admin User are supplied by a ‘super-admin’ (an Admin User with the power to create new Admin Users) except for the first super-admin, whose information are voluntarily supplied to the development group. The information that defines an Admin User’s account is never associated with non-Admin usage of the Site or Applications.

   2. Liftshare

      Liftsharing/ ridesharing features of the Site or Applications require personal identification information to function properly and securely. The information of Users with active Liftshare accounts are associated with their non-Liftshare use of the Site or Applications. This association is necessary to send particular Liftshare information to the correct User.

      Vis-à-vis other active Liftshare Users within an application-specific geographic radius, a User’s given name, surname initial and phone number or email address (according to the User’s preference) will be displayed in Liftshare. A User’s street address will never be displayed or shown on a map to any other User of any permission level anywhere in the Site or Applications. The geographic radius (‘as the bird flies’) is particular to each Application and is displayed to the User throughout and after the Liftshare registration process. Liftshare Users may choose to close their Liftshare account at any time, soon after which all Liftshare data concerning that User will be deleted from Group’s servers.

   3. Covid-19 vaccination scheduling

      Group has partnered with select medical laboratories to provide scheduling software. This service of Group is distinct from our secondary-education-focused products.

      To function securely and effectively, this service requires personal identification information, including names, date of birth, a short health description of User provided by a partner laboratory and a phone number. Such information are transmitted securely and not shared with third parties.

3. Non-personal identification information

   We may collect non-personal identification information about Users whenever they interact with our Site or Applications. Non-personal identification information may include, but is not limited to the browser name, the type of computer, the type of mobile device and technical information about User’s means of connection to our Site or Applications, such as the operating system and the Internet service providers utilised and other similar information.

4. Web-browser cookies

   Our Site may use ‘cookies’ to enhance User experience. User’s web browser places cookies on their hard-drive for record-keeping purposes and sometimes to track information about them. User may choose to set their web browser to refuse cookies, or to alert User when cookies are being sent. If they do so, some parts of the Site may not function properly.

   Group does not use advertising, statistical or analytical cookies, from a third-party or otherwise. The Site and Applications do not use Google Analytics, Facebook Pixel, embedded ‘social’ network buttons and similar tracking/ advertising software.

   The administration section’s pre-login pages and other pages of the Site or Applications may include a Google reCAPTCHA challenge to protect the information of existing Users. We reluctantly use this service of Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, U.S.A., which maintains their own privacy policy and sets their own cookies. Moreover, the challenge does not compensate User for their labour in training object-identification algorithms. The information generated by the cookie about User’s use of the concerned pages is usually sent to and stored at a server in the U.S.A.

5. Collection of user information

   Before or at the time of collecting personal information, we will identify the purposes for which information is being collected. We will collect and use personal information of a User solely with the objective of fulfilling those purposes specified by us and for other compatible purposes, unless we obtain the consent of the individual concerned or as required by law. We will only retain personal information as long as necessary for the fulfilment of those purposes. We will collect personal information by lawful and fair means and, where appropriate, with the knowledge or consent of the individual concerned.

6. Group’s Protection of User Information

   1. Group asks for personal information only when strictly necessary; the Site and Applications are robust for Users who wish to remain anonymous.

   2. We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorised access, alteration, disclosure or destruction of User’s personal information, username, password, transaction information and data stored on our Site and Applications.

   3. All data exchange between the Site or Applications and its Users happens over a SSL secured communication channel and is encrypted and protected with digital signatures. Other technical barriers, including one-way hashes, anti-robot challenges, two-factor authentication, remote session closure and session timeouts are in place to ensure unauthorised persons cannot access, modify or destroy user data.

7. Sharing user’s personal information

   We do not sell, donate, give, share, trade or rent Users information, ‘personal’ or otherwise. We may share generic aggregated demographic information not linked to any personal identification information regarding visitors and users with our business partners for the purposes outlined above.

8. Duration of data storage

   We delete data as soon as it is no longer required for the aforementioned purposes. User may delete Group’s applications from their device, which will, within one month, trigger deletion of remote data regarding User.

   Users may request receipt of all data regarding their usage of Site and the Applications by sending correspondence to the email address on the top left.