Little Lights Mobile Application

Privacy Statement

Last Updated: March 15, 2023

This privacy statement describes the activities of the Bungie Foundation acting on behalf of hospitals, clinics, health care providers, charitable organizations, and our other customers (“our customers” or “your organization”) in connection with the Little Lights Apps and our related services (“the services”).

When we provide the Little Lights app and services, we process personal data of consumers or end-users (“users” or “you”) on behalf of and at the direction of organizations that are our customers – for you, that is the organization through whom you receive the service. In other words, we act as a service provider or a “data processor” to your organization for your personal data acting under agreements with your organization.

We are not responsible for the privacy practices of your organization. Ultimately, your organization’s privacy statement describes the data the service collects, how your data is used, and the data rights you may have. This privacy statement also does not apply to third party apps that we make available through the service or the third-party provider of the iPad or device through which you access the service. You should read the privacy statement of, and direct any privacy inquiries to, your organization and those third parties.

Additionally, this statement does not apply to any of our other sites or services that display or reference a different privacy statement. Specifically, this privacy statement does not apply to the Bungie Foundation website, www.bungiefoundation.org, or activities of Bungie Foundation outside of this service. The privacy statement for the Bungie Foundation website can be found here . This statement also does not apply to Bungie, Inc., or its activities. If you leave the service to make a purchase, the service may direct you to a Bungie, Inc. site. where the Bungie Inc. Privacy Statement applies.

PERSONAL DATA THE SERVICE COLLECTS The types of personal data the service collects depend on how your organization, as our customer, configures, and how you interact with, the service, and the choices you make. Your organization may also provide the service to children. To learn how children’s data may be handled please read the specific privacy disclosures and statements of, and direct any privacy inquiries to, your organization and third parties as they are responsible for those specific disclosure, statements, and inquiries.

The service collects information about you in various ways when you use the app and services, including information you provide directly, information collected automatically, and information provided from, or associated by, customers.

Information you provide directly. The app and service are designed to allow customers to collect personal data you provide through the service. For example:

Name and contact information. If you contact us for customer support for the services, we may collect name and contact details such as email address. Your organization may also use or associate other data described here with similarly identifying name and contact data for other purposes.

Demographic data. The app and service request that you provide an age range category to provide you with a personalized and an age-appropriate experience with the app.

Content and files. The service collects content and messages you upload to the services; and if you send us email messages or other communications, the service collects and retains those communications.

Sensitive Personal Information. The service may also automatically collect sensitive geographic location information described below.

Information the service collects automatically. When you use the service, the service collects some information automatically. For example:

• Identifiers and device information. The service automatically logs your Internet Protocol (IP) address and information about your device, including device identifiers (such as MAC address), device type, your device’s operating system and type and version, language, settings, and configuration.

• Usage data. In connection with device IDs and other identifiers the service automatically logs your activity on the app, how you interact with the service, the links you click on, the pages you viewed, how long you spent on a page, and other details about your use of and actions on the app. Third-party analytics service providers also collect and access this data to help us operate, enhance, and improve the service.

• Geolocation data. Our customers have the ability to collect your device’s geolocation data at all times, including when you use the services. This information includes precise geolocation data, meaning data derived from a device and that is used to locate you within a circle with a radius of 1,850 feet or less, and may be considered a type of sensitive personal information. We need this information to determine at which of our customers the device you are using is located. Our customers may also use this information to locate missing devices and for other purposes disclosed to you and described in their privacy statements.

Information the service creates or generates. New information may be inferred from other data the service collects (“inferences”). For example, whether or not geolocation tracking is on, the service may infer your general geographic location (such as city, state, and country) based on your IP address.

OUR USE OF PERSONAL DATA AS A SERVICE PROVIDER Personal data is used on behalf of your organization for the purposes described in this privacy statement or as otherwise disclosed to you by your organization or third-party apps and device providers in their privacy statement. Our services typically use personal data for the following purposes:

Product and service delivery. Purposes of Use: To provide and deliver the services, including troubleshooting, improving, and personalizing those services. Categories of Personal Data: Demographic data, content and files, identifiers and device information, geolocation data, usage data, inferences. Sensitive Information: precise geolocation data, and contents of communications.

Business operations. Purposes of Use: To operate our business, such as improving internal operations, securing our systems, detecting fraudulent or illegal activity, and meeting our legal obligations. Categories of Personal Data: Demographic data, content and files, identifiers and device information, geolocation data, usage data, inferences. Sensitive Information: precise geolocation data, and contents of communications.

Product improvement, development, and research. Purposes of Use: To develop new services or features and conduct research. Categories of Personal Data: Demographic data, content and files, and device information, geolocation data, usage data, s inferences.

Personalization. Purposes of Use: To help our customers understand you and your preferences and to enhance your experience and enjoyment using the services. Categories of Personal Data: Demographic data, content and files, device information, geolocation data, usage data, inferences.

Customer/user support. Purposes of Use: To provide customer support and respond to your questions. Categories of Personal Data: Contact information, demographic data, content and files, identifiers and device information, geolocation data, usage data, inferences. Sensitive Information: precise geolocation data and contents of communications

Please review your organization’s privacy statement to find out how they use data they may collect about you through the services.

OUR DISCLOSURE OF PERSONAL DATA We disclose personal data as directed and agreed to with your organization. In addition, subject to agreements with your organization, we may disclose each of the categories of personal data described above to the types of third parties described below for the following business purposes:

Customers. We provide personal data to the organization who provided you this service for the purposes described in this statement and in our agreements with that organization.

Subprocessors/Service providers. We provide personal data to vendors or agents working on our behalf for the purposes described in this statement. For example, companies we’ve hired to provide analytics and customer service support or assist in protecting and securing the services’ systems and services may need access to personal data to provide those functions.

Corporate transactions. We may disclose personal data as part of a corporate transaction or proceeding such as a merger, financing, acquisition, bankruptcy, dissolution, or a transfer, divestiture, or sale of all or a portion of the services’ business or assets.

Legal and law enforcement. We will access, disclose, and preserve personal data when we believe that doing so is necessary to comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies.

Security, safety, and protecting rights. We will disclose personal data if we believe it is necessary to:

  • protect you or our customers and others, for example to prevent spam or attempts to commit fraud, or to help prevent the loss of life or serious injury of anyone;
  • operate and maintain the security of the services, including to prevent or stop an attack on the services, computer systems or networks; or
  • protect the rights or property of ourselves or others, including enforcing our agreements, terms, and policies.

Finally, we may use and disclose de-identified information in accordance with applicable law.

To understand how your organization and third parties, such as third-party app and device providers, disclose or share personal data they may receive about you through the services, please visit their privacy statement or contact them directly.

CHOICE AND CONTROL OF PERSONAL DATA
The services are designed to provide a variety of ways for you to control certain personal data the services collect. We do not determine if your organization or third-party app and device providers alters these controls or how they honor these choices and controls and they may provide you with additional choices and controls.

Access, portability, correction, and deletion. If you wish to access, copy, download, correct, or delete personal data about you that we hold, you may submit a user support request to us in the app.

On Apple devices, users can control the privacy of the services in the following ways:

  1. Privacy Settings: Users can access the privacy settings on their device by going to the "Settings" app and selecting "Privacy." In the privacy settings, users can see a list of all the apps on their device and the types of data that each app has access to. Users can toggle the permissions for each app to allow or deny access to different types of data.
  2. App Permissions: When an app is installed, it may request access to certain types of data or resources on the device. Users can review and accept or reject these permissions before installing the app.
  3. App Notifications: Users can control the notifications that apps can send them by going to the "Settings" app and selecting "Notifications." In the notifications settings, users can see a list of all the apps on their device and toggle the notifications for each app on or off.
  4. Location Services: Users can enable or disable location services on their device by going to the "Settings" app and selecting "Privacy" followed by "Location Services." In the location services settings, users can see a list of all the apps on their device that have requested access to location data, and they can toggle the location permissions for each app to allow or deny access. For example, you can disable geolocation tracking at any time.

If you would like to learn about or exercise your rights or make a request beyond the controls above, please review the privacy statement of, or contact, your organization or the third-party app or device provider.

RETENTION OF PERSONAL DATA We retain personal data for as long is directed by our customers as necessary to provide the services. Please contact your organization or the third-party app or device provider for their retention policies.

LOCATION OF PERSONAL DATA The personal data the service collects is stored and processed in the United States. We take steps with the intent of processing and protecting personal data as described in this statement wherever the data are located.

CHANGES TO THIS PRIVACY STATEMENT
We will update this privacy statement when necessary to reflect changes in the services, how we use personal data, or the applicable law. When we post changes to the statement, we will revise the "Last Updated" date at the top of the statement. If we make material changes to the statement, we will provide notice or obtain consent regarding such changes as may be required by law.

MORE INFORMATION If you have a privacy concern, complaint, or a question, please contact the organization through whom you received the service or the third-party app or device provider.