<li>Updating our company name to reflect changes within our organization.</li>
<li>Describing of new rights available to California consumers under the California Consumer Privacy Act (CCPA).</li>
<li>Clarifying the use of external content and our evaluation of third-party content providers.</li>
<b>Table of Contents</b>
<li>Personal Information We Collect</li>
<li>How We Use Personal Information</li>
<li>How We Share Personal Information</li>
<li>School Customer Responsibilities</li>
<li>California Consumer Protection Act</li>
It is important to us that educational institutions or individuals who have purchased and are using our Educational Services ("Customers", or "you") understand the measures we have taken to keep our Services a safe and trustworthy environment for all Users.</p>
<li>We will NEVER sell your Student Data to third parties.</li>
<li>We will NEVER perform targeted advertising of your Student Users.</li>
<li>We will NEVER share your Student Data with third parties for the purpose of targeted advertising.</li>
<li>We will NEVER build marketing profiles of your Student Users.</li>
<li>We will NEVER claim ownership of your Student Data.</li>
From time to time, we may update it to address new issues or reflect changes to our Services.
If we are making updates that involve material changes to the collection, protection, use or disclosure of Personal Information, we will attempt to provide you with advanced notice of the revisions.
This notice may occur through various methods depending on which will best allow us to reach affected customers.
These methods may include, but are not limited to, e-mail, postal mail, or a conspicuously-posted website notice.
Depending on the method that is used, we may also provide Users of the Service with advance notice of material changes, however, Customers who are educational institutions should ensure that they keep students, parents, and other stakeholders informed of any material changes, as data handling practices can vary based on school-specific configurations and requests.
Any such revisions to this Policy are effective immediately upon posting of a revised Policy.
Your use of the Services subsequent to such posting constitutes your acceptance of such revisions.</p> B.
Contact Us <p>We are committed to maintaining a dialogue with Customers about our data handling practices.
If you have any concerns, comments or questions about this Policy or general Service-related data handling practices, please contact us by emailing our Data Privacy Office at email@example.com.</p> C.
Personal Information We Collect <p>We collect information about Users of the Service in multiple ways, including Personal Information provided directly to us by a Customer for upload to the Service, data collected directly from or generated by Student and Educator Users of the Service, and data generated through your use of the Service.
In addition, some of our products allow our customers to input certain optional demographic or other identifying data (student email address, date of birth, etc.) if such information is useful for the district's educational purposes.
These fields do not need to be populated to use our products, but if the district supplies any of this data, it will be treated in accordance with this Policy.
The following tables contain information about elements of Student and Educator Data commonly collected from our Customers (as applicable).
Although we do attempt to maintain the accuracy of these tables, data handling practices may vary significantly across our K-12 products.</p> Student data input by Customers Required Student Data <ul>
<li>First and Last Name</li>
<li>Grade, Year, or Group</li>
</ul> Educator data input by Customers Required Educator Data <ul>
<li>First and Last Name</li>
<li>Contact Details (School/District-Issued or Personal E-mail Address)</li>
</ul> Optional Educator Data <ul>
<li>Date of Birth</li>
</ul> Directly Collected or User Generated Personal Information <p>Many of our Educational Services allow Users to create, upload and share information.
Collection of this information is optional and at the discretion of the Customer and/or User.
The following tables contain information about elements of Student and Educator Data commonly collected directly from or generated by our Customers and their Users.</p> Optional data collected from end users Student Data Input or Generated by Users <ul>
<li>Exercise, Activity, or Assessment Responses</li>
<li>Exercise, Activity, and Assessment Grades, Scores, and Reports</li>
<li>Assessment or Appraisal Information or Reports</li>
<li>Notebook Entries or Text Annotations</li>
<li>Private Forum or Chat Postings or Comments</li>
<li>Photographic, Video, or Audio Recordings</li>
</ul> Educator Data Input or Generated by Users <ul>
<li>Private Forum or Chat Postings or Comments</li>
<li>Contact Details (School-Issued or Personal E-mail Address)</li>
<li>Photographic, Video, or Audio Recordings</li>
</ul> Service-Generated Data <p>The Service you have purchased may generate information tied to specific Users as a core part of its functionality, such as for adaptive learning or providing immediate feedback to students.
If you choose to disable or block these technologies, it may prevent or impair required functionality and therefore your use of the Service.</p> Application and System Logs <p>Application and system logs are critical to ensuring the availability and security of the Service.
We collect log data for such purposes as monitoring the health of the Service, detecting unauthorized access and fraudulent activity on the Service, preventing and responding to Service-related security incidents, and ensuring appropriate scaling of the Service's computing resources.</p> Do Not Track Disclosures <p>Do Not Track ("DNT") is a proposed mechanism for allowing website visitors to control the collection of certain Usage Data.
Although there has been research into the development of a standard to support the use of DNT signals, there is no adopted standard to follow.
We do not currently respond to Do Not Track signals, but we are closely monitoring DNT proposals for further developments.</p> Third-Party Collection <p>Although we may use third-party vendors, subcontractors, and service providers to assist us in providing the Service, we do not permit third-party ad networks or similar services to collect the Personal Information of our authenticated Users.</p> D.
How We Use Personal Information <p>We use your Personal Information for educational purposes and to exercise our legal rights, as described below.</p> Educational Uses <p>We use Personal Information to provide you with the Service(s) requested.
We may use your Personal Information for any purposes required or permitted under our Agreement or with your consent.</p> Legal and Safety Uses <p>We may use your Personal Information to protect or exercise our legal rights, to defend against claims, to investigate fraud and other criminal conduct, to enforce our Terms of Service, to respond to a government request, to protect the security, integrity and availability of the Service, or to otherwise protect the property and safety of the Company, our Users, and others.</p> De-Identified and Aggregate Data <p>We may use Usage Data and other properly de-identified or aggregate data to improve existing products, develop new products, communicate product effectiveness and outcomes, and for other related purposes.
Our methods for de-identification are informed by guidance from the National Institute of Standards and Technology (NIST), the U.S.
Department of Education's Privacy Technical Assistance Center, and the Department of Health and Human Services.
Unless required to do so by law, we will not attempt to re-identify de-identified data and, where feasible and appropriate, will not transfer de-identified data to a third party unless they also agree not to attempt re-identification.</p> E.
How We Share Personal Information <p>We share your Personal Information with third parties solely for the purpose of providing Educational Services to you and to exercise our legal rights, as described below.</p> Subcontractors <p>Depending on the Service, we may hire subcontractors, vendors or other third parties to help deliver or improve the Service.
Third-parties that we work with who have access to your Personal Information are subject to stringent privacy and security contractual requirements equivalent to those set forth in this Policy, including, but not limited to, prohibitions on collection, use or disclosure of Personal Information for non-educational purposes and maintenance of a comprehensive information security program.</p> Merger, Acquisition or Bankruptcy <p>If we are involved in a merger, acquisition, or sale of all or a portion of our assets, we may need to share your Personal Information with the acquiring entity.
We will condition any merger, acquisition, or sale on continued adherence to the terms of this Policy and maintaining a materially similar level of protection for your Personal Information.
If such an event occurs, we will provide you information about the coming change, how it may impact you and any choices you may have.</p> Legal and Safety Disclosures <p>We may disclose your Personal Information when it is required or permitted by law, such as to comply with a subpoena, court order or similar legal process, to protect or exercise our legal rights, to defend against claims, to investigate fraud and other criminal conduct, to enforce our Terms of Service, to respond to a government request, to protect the security, integrity and availability of the Service, or to otherwise protect the property and safety of the Company, our Users, and others.</p> Data Ownership and Access Requests <p>Customers who are educational institutions have primary responsibility for fulfilling student and parent access, amendment, and export requests.
In most cases, Customers can fulfill these requests using the built-in functionality of the Service.
Where this functionality is not available or the Customer cannot otherwise fulfill the request on their own, we will provide reasonable assistance with the production or export of Student Data if the assistance is in accordance with our Agreement and applicable law.
In rare cases, we may not be able to fully satisfy these requests.
Examples include requests for confidential company information in addition to Student Data, requests for Student Data in a specific or proprietary format that we are unable to support, or requests that are prohibited by law.</p> F.
Security <p>We store and process Customer Personal Information in accordance with industry standards and applicable law.
Our comprehensive information security program protects your Personal Information from unauthorized access, use and disclosure through the use of reasonable and appropriate physical, administrative and technical safeguards.
We perform periodic risk assessments of our information security program and prioritize remediation of identified security vulnerabilities.
Nevertheless, security is a shared responsibility and no method of data transmission over the Internet or method of electronic storage is 100% secure.
Therefore, we cannot guarantee the absolute security of your Personal Information.</p>
<p>If you have general questions for us regarding the security and confidentiality of your Personal Information, please feel free to contact us using the information in Section B above.</p> Breach Notification <p>In the event of a security incident affecting our systems that involves your Personal Information, we will notify you as required by applicable law and the terms of our Agreement.
We will always attempt to notify you of any security incident affecting your Personal Information that we believe poses a material risk of harm to you, your staff or your students.</p> Federation and Identity Management Support <p>We strongly support and encourage the use of secure federated identity management technologies such as SAML in conjunction with our Services.
These technologies make access to our Service safer and more secure for your district and Users.</p> Use, Retention and Deletion <p>We do not collect, maintain, use, or share Personal Information beyond what is required for the educational purposes for which it was collected and will retain, destroy or de-identify your Personal Information in accordance with applicable law and the terms of our Agreement.
Deletion and retention functionality and procedures vary based on the Service used.</p> G.
Customer Responsibilities <p>Although we have taken numerous steps to ensure the privacy and security of Personal Information we hold on your behalf, your use of the Services must also be in accordance with prevailing security practices.
These practices include, but are not necessarily limited to, (i) securely configuring your accounts using federated identity management or strong and unique passwords and not sharing your authentication information, (ii) avoiding the upload of unnecessary Personal Information into the Service, (iii) exercising oversight to ensure your Educator and Student Users are using the Service appropriately, (iv) training and educating your Users on the importance of privacy and security.
and (v) limiting information sharing by allowing Users to access only the information that they need.</p> H.
Miscellaneous External Content <p>Certain Services we offer may link, or provide Users with the ability to link, to external content such as online videos or news articles.
Educator Users often make these sites available as reading materials for Student User assignments or exercises.
We urge our Customers and Educator Users to exercise caution by evaluating the privacy practices of external sites you are linking to, particularly those that collect Personal Information from your Student Users.</p>
Should you have concerns over the privacy practices of our linked or integrated external content, please notify us using the contact information in Section B above.</p> Governing Terms <p>Unless otherwise stated in the Agreement, the terms of this Policy shall prevail and supersede any inconsistent terms and conditions contained in the Agreement.</p> FERPA <p>Our Services comply with all applicable provisions of the Family Educational Rights and Privacy Act (FERPA) (20 U.S.C.
34 CFR Part 99).
We receive Student Data from Customers who are educational institutions as a "school official" under FERPA and only process Student Data for educational purposes.
In the event we receive a subpoena or judicial order for the disclosure of education records, we will notify the associated institutional Customer(s) prior to fulfilling the request in accordance with FERPA.
For additional information on FERPA, please visit the U.S.
Department of Education's Privacy Technical Assistance Center.</p> COPPA <p>Our Services comply with all applicable provisions of the Children's Online Privacy Protection Act (COPPA) (15 USC 6501 et seq.) To the extent COPPA applies to information we collect, we process such information for educational purposes only, at the direction of the partnering Customer.
For additional information on COPPA and educational institution consent, please refer to the Federal Trade Commission's Complying with COPPA: Frequently Asked Questions.</p> I.
Definitions <p>Capitalized terms not defined in this section are defined by applicable law when a citation is present.</p>
<li>"Data Handling Practices" means Company's practices related to the collection, protection, use or disclosure of Personal Information.</li>
<li>"Educator Data" means the personally identifiable information of Users of the Service who are not students, such as teachers or School administrators.</li>
<li>"Educator User" means a User of the Service who is not a student, such as a school administrator, faculty member, board member, school employee, school agent or representative.</li>
<li>"Personal Information" means the personally identifiable information of Users of the Service.</li>
<li>"Student Data" means the personally identifiable information received about Student Users of the Service.</li>
<li>"Student User" means a User of the Service who is a student at an educational institution who has purchased and is using a Service.</li>
<li>"Usage Data" means data gathered about Users' activity on the site, which may be collected through the use of system or application logs, cookies, mobile device identifiers, IP addresses and other industry-accepted technology.</li>
<li>"User" means an authenticated Authorized User of our U.S.
K-12 online websites, applications, products and services.</li>
California Consumer Protection Act (CCPA) <p>The Services we provide to our Customers comply with all applicable provisions of the California Consumer Protection Act (CCPA) (§1798.100 et seq.) The information we collect is solely for the delivery of our Services and is not sold to any third parties.
It is our objective to ensure any Personally Identifiable Information (PII) we have about our customers is accurate and necessary to provide our Services</p>
<p>To the extent CCPA applies to information we collect about individual California consumers, it is your right under CCPA to, access, rectify, object to, request erasure, export or choose how we process any PII collected for the delivery of our services at any time.
If you are a student or parent of a student at an educational institution using our products and wish to exercise any of these rights, please direct any requests to the appropriate representative at your educational institution.
For any other Customers to whom we have sold our products to directly (not an educational institution), you can exercise your rights to pose questions, comments, or concerns by emailing our Data Privacy Office at firstname.lastname@example.org.