Exclsis360.com
Platform & Services Privacy Statement
Our Excelsis360.com School Platform & Services
Privacy Statement applies to our Excelsis360.com products and services
(“products”, “platform” or “services”) licensed by our educational agency and
institution customers (“customers” or “schools”). These services include but
are not limited to excelsis360.com ERP Solution and Excelsis360 Mobile apps.
This Statement applies to information we collect from, or collect or maintain
on behalf of, our school customers using these services, including the personal
information of school employees, parents/guardians, students, etc. as well as
school website and custom mobile app users.
While we do not provide information to third
parties other than as described in this statement, our school customers may
choose to do so. This Statement does not apply to information that schools
provide to, or that is collected by, third parties through any of our services
when that information sharing is determined by and controlled by our school
customer. Schools should carefully read the privacy policies of such third
party services before agreeing to share personal information with those parties
through our services.
We do not determine what, if any, personal
information that our school customers choose to make publicly available, such
as on their school websites or apps. This Statement does not apply to such
personal information that schools choose to make publicly available such as on
their school websites (Presence) or their custom school apps. We will not sell,
trade, lease or loan such publicly available student personal information we
host or access through our services to any third party for any reason,
including for marketing or advertising.
We operate as a school service provider,
meaning that our customer agreement is with an educational agency or
institution (“customer”) and not with an individual educator, parent, student
or other individual (“user”) including not with visitors to our school websites
or users of our school mobile applications. As such, we collect and maintain
both customer and user personal information, including student personally
identifiable information from education records, only acting as authorized by
our customer agency/institution to deliver services to and on behalf of the
agency/institution (e.g., in the United States, with regard to student personal
information, as a “school official” as allowed under the federal Family
Educational Rights and Privacy Act (FERPA)). In this role, we are deemed by the
school to perform a service or function for which the school would otherwise
use its employees.
Student personally identifiable information we
obtain from our customer educational agency/institution continues to be the
property of, and maintained under the direct control of, the
agency/institution. We enable our customer agency/institution to exercise
direct control over this student personal information through our Terms of Use,
Terms of Service, and other agreements as well as through our product
functionality to support school compliance with FERPA and other applicable
laws. We shall not be responsible for any agency/institution violations of
FERPA (in the United States) or laws in other jurisdictions where they apply
specifically to our customer public or other education entity and not directly
to Excellerate.
By using our product(s) or service(s), you
agree to the terms of this Privacy Statement.
We collect and maintain only the information
that is necessary to provide the Services to and on behalf of our customer
agency/institution, or as otherwise shared with us by the agency/institution or
their users.
We use this personal information to verify and
provide access to your account, to correspond with you, to deliver our products
and services, to resolve problems in service delivery, and as otherwise
requested or directed by the agency/institution. We may as necessary also use
this personal information to ensure legal or regulatory compliance, to protect
the safety of individuals or the security of the service, to take precautions
against liability, and as otherwise required or permitted by law. We neither
claim nor assert any other rights or licenses to use student personally
identifiable information.
In general, we do not knowingly collect
personal information directly from students, including children under 13, but
only as shared with us by our customer agency/institution. Exceptions are a
student username, password and related account login credential information
that we collect directly from the student if necessary when they login to our services
as authorized by their school. By default, students cannot create an account –
to enable our direct collection of their personal information – without the
school’s consent. When we do collect student personal information directly from
students, including children under the age of 13, we do so only on behalf of
and under the direct control of our customer agency/institution, and the
agency/institution is responsible for obtaining any necessary prior parental
consents. Should we learn that we collected personal information from a child
under 13 and the school does not provide proof of consent within a reasonable
time, we will delete all such personal information. We do not enable or
encourage students to make their personal information publicly available.
More specifically, our services may collect,
maintain and/or access the following types of personal information:
·
• Parent and school
staff contact information such as names, language preferences and contact data
(e.g., phone number, email address, and device ID);
·
• Student information
such as name, unique identifier, email address, attendance, lunch account
status, bus route, and class schedule;
·
• Account login
credentials and session information such as usernames, passwords, email
address, IP addresses, device IDs, and/or session cookies to automate
customized settings;
·
• Notifications our
school customers send to their constituents (e.g., staff, parents/guardians);
and
·
• Student or other
personal information within files or web pages hosted on our platform or
distributed through our services.
In addition, a few of our services may, as
needed to deliver the service, also collect or maintain the following personal
information:
·
• Through Presence
(school website hosting): student and school staff photos.
When you use our school and other mobile
applications, you may also be prompted to grant the app access to certain
information and functions on your device, including your device ID, geolocation
information, and calendar. We do not access this information, which remains on
your device. This information is necessary for your device to enable the app to
remain updated with the latest school information such as receiving push
notifications, importing calendar events, and identifying nearby schools.
Some of our services may as needed also use
cookies and other technologies to collect non-identifiable information about
service usage such as language preference, Internet Protocol (IP) address,
session time and length, and types of platforms used to access our services.
This data allows us to simplify login, personalize service delivery, understand
usage, and improve service delivery. Visitors can set their browsers to refuse
cookies, but certain features may not function properly as a result.
We use aggregate or anonymous information for
other purposes such as to evaluate, develop, improve and market our services.
We do not sell, trade, lease or loan the
personal information we collect or maintain to any third party for any reason,
including that we do not sell or otherwise share student personal information
with direct marketers, advertisers, or data brokers.
We do not knowingly share or disclose student
personal information with any other third parties other than as needed to
deliver and improve the service, as permitted or required by law or government
authorities such as for law enforcement or judicial purposes, as necessary to
protect the rights or safety of individuals or the service, to ensure legal or
regulatory compliance or take precautions against liability, or as otherwise
expressly directed by our customers. Through our services, our customers may
choose to disclose such information in their sole discretion, such as by
displaying it on their school website operating on our platform, but we are not
responsible for such disclosures.
Access to personal information is limited to
our employees and our service providers as needed to deliver the service, to
the school customer, and to other third party organizations if enabled by, and
as determined by, the school.
We do not share student personal information
with third parties, though a few of our service providers may have limited
access to such information within our data systems in the course of their
providing us with data analytics, software programming and related services to
support our service delivery, evaluation or improvement. In some instances, we
store student personal information with a third party data hosting provider,
though student personal information is secured through access controls and
electronic protection methods to prevent provider access. We have agreements in
place with all third parties with access to student personal information to
ensure they only use the information for purposes necessary to deliver the
authorized service to us and to ensure they maintain the confidentiality and
security of the information.
We maintain a comprehensive set of security
practices that are reasonably designed in accordance with commercial best
practices to protect the security, privacy, confidentiality, and integrity of
student personal information against risks – such as unauthorized access or
use, or unintended or inappropriate disclosure – through the use of
administrative, technological, and physical safeguards appropriate to the
sensitivity of the information.
All student personal information is protected
according to industry standard security protocols. Data is located in
datacenter facilities using industry standard access control protections.
Our services include role-based authorization
control functionality to enable our customer school’s account administrator to
configure and limit access to student personal information.
We limit internal access to student personal
information to only those Excellerate employees and contractors with a need to
access the information to deliver the service.
We maintain a comprehensive hiring, training,
and retraining process which includes rigorous pre-employment screening. All
company employees with access to student personal information receive annual
training on privacy laws and best practices for maintaining confidentiality of
student personal information.
If we know of a systems security breach by an
unauthorized party or that any student personal information was used for an
unauthorized purpose, we will comply with relevant state and other data breach
laws. We will notify our customer agency/institution of any breach resulting in
unauthorized release of data in the most expedient way possible and without
unreasonable delay so that you can take appropriate steps.
We use reasonable efforts to assist our
customers in identifying any known security breach in their systems or
processes, but we make no claims or warranties to our customer or to any user
for any inability, failure or mistake in connection with such assistance.
We attempt to keep your information complete,
current and accurate. The agency/institution on behalf of whom we are
collecting or maintaining student personal information has the right to review,
correct, have deleted, and/or refuse to permit further collection or use of the
information. In cases where such actions are not otherwise provided for by
directly available product functionality, we will provide direct assistance
within a reasonable time in response to a written request from the agency/institution.
We will also assist the agency/institution in
its response to requests from parents/guardians/students to review and/or
correct a student’s personally identifiable information, including as required
of agencies/institutions under applicable laws (including FERPA in the United
States). As needed, we will provide direct assistance to the agency/institution
in its response to the parent/guardian within a reasonable time following the
agency/institution written request to us for such assistance. If we receive
such requests directly from parents/guardians/students, we will refer those
requests to our customer agency/institution and will not otherwise directly
respond to those requests.
In general, we will retain personal
information only as necessary to support the authorized purpose, comply with
our legal obligations and agreements, resolve disputes, or as otherwise
directed by our school customers. Any student personal information will remain
subject to the restrictions and requirements described in this privacy policy
for as long as we retain it. If and when personal information has been
de-identified, that information is no longer personal information and no longer
treated as such according to the terms of this privacy policy. We will use reasonable
de-identification methods to ensure the privacy and security of personal
information entrusted to us.
We will permanently delete student personally
identifiable information at any time within fourteen (14) business days of a
request from the customer agency/institution and within 24 months after the
agency/institution account is expired, terminated or otherwise inactive, unless
otherwise requested except for the regulatory compliance. Our school customers
are provided regular opportunities to update their data, including marking
personal information for deletion.
If we are involved in a merger, acquisition,
or sale of all or a portion of our assets, including in the case of our
bankruptcy, you will be notified via email of any change in ownership. In such
a case, a successor entity will adhere to the terms of this privacy statement
with regard to the previously collected student personal information.
Please note that our products and services may
contain links to third party websites or services. In many cases, those links
are instituted, enabled or directed by our customer agency/institution without
our knowledge or control. In other cases, we direct the link such as to our
partners in technology or education. In either case, while we try to link only
to sites that share our high standards and respect for privacy, we are not
responsible for the content, security, or privacy practices employed by other such
parties and their websites and services. Unless otherwise noted, those third
party resources are not covered by this Privacy Statement or any other of our
policies or terms. You are encouraged to carefully review the separate and
distinct privacy policy and terms of use of any such third party service before
using it.
We reserve the right at our discretion to
change, modify, add or remove portions of this Privacy Statement from time to
time. We will note any such changes by updating the publication date of this
Privacy Statement. If we make significant changes, we will also provide notice
to our customer agency/institution by sending an email to the account
administrator. If we make any material changes to this privacy statement
impacting student personal information that lessen protections previously noted
herein, we will provide our customer agency/institution with thirty (30) days
notice prior to implementing those changes and provide choice for termination
of services and deletion or return of such information. In some cases, when
required by law, we may ask you to agree to changes before they go into effect.
By continuing to use our product(s) or service(s) after we provide notice of
any changes to our privacy statement, you agree to the terms of this privacy
statement.
If you are the administrator of an educational
agency/institution customer account and have any questions about this statement
or if you believe we are not handling your information in accordance with our
privacy statement, please contact us per the information below.
If you are otherwise a user of one of our
school services, we encourage you to first contact your educational
agency/institution with any questions or concerns regarding this privacy
statement or our handling of personal information.
Excellerate Education Solutions
1040 Dundee Ave #202, East Dunde, Il, 60118.
www.excellerate-edu.com/privacy.htm
This policy was last updated on July 1st
, 2020.