Privacy Policy

Last Updated: 3/31/2022

We recently updated our Privacy Policy. Updates include:

  • Updating our company name to reflect changes within our organization.
  • Describing of new rights available to California consumers under the California Consumer Privacy Act (CCPA).
  • Clarifying the use of external content and our evaluation of third-party content providers.
  • Updated information on our iKeepSafe COPPA Safe Harbor Certification Program.

A. Policy Overview

This privacy policy ("Privacy Policy" or "Policy") describes how Savvas Learning Company LLC (the "Company," "we," "our" or "us"), collects, protects, uses and shares personal information gathered from Users of our websites, applications, products and services ("Educational Service(s)", or "Service(s)") that link to this Privacy Policy. It is important to us that educational institutions or individuals who have purchased and are using our Educational Services ("Customers", or "you") understand the measures we have taken to keep our Services a safe and trustworthy environment for all Users.

Although Sections C, D, and E of this Privacy Policy provide detailed information on our collection, use and disclosure of your Personal Information, we would like to highlight the following:

  • We will NEVER sell your Student Data to third parties.
  • We will NEVER perform targeted advertising of your Student Users.
  • We will NEVER share your Student Data with third parties for the purpose of targeted advertising.
  • We will NEVER build marketing profiles of your Student Users.
  • We will NEVER claim ownership of your Student Data.

Changes to this Policy

We encourage you to read through and understand this Privacy Policy. From time to time, we may update it to address new issues or reflect changes to our Services. If we are making updates that involve material changes to the collection, protection, use or disclosure of Personal Information, we will attempt to provide you with advanced notice of the revisions. This notice may occur through various methods depending on which will best allow us to reach affected customers. These methods may include, but are not limited to, e-mail, postal mail, or a conspicuously-posted website notice. Depending on the method that is used, we may also provide Users of the Service with advance notice of material changes, however, Customers who are educational institutions should ensure that they keep students, parents, and other stakeholders informed of any material changes, as data handling practices can vary based on school-specific configurations and requests. Please feel free to contact us if you have questions or concerns regarding intended Privacy Policy revisions.

In accordance with our commitment to provide notice as described above, we reserve the right to revise the terms of this Privacy Policy. Any such revisions to this Policy are effective immediately upon posting of a revised Policy. Your use of the Services subsequent to such posting constitutes your acceptance of such revisions.

B. Contact Us

We are committed to maintaining a dialogue with Customers about our data handling practices. If you have any concerns, comments or questions about this Policy or general Service-related data handling practices, please contact us using one of the following methods:

Email:

privacy@savvas.com


Mailing address:

Savvas Learning Company LLC

Attention: Chief Privacy Officer

15 E Midland Ave, Paramus

New Jersey 07652, US


Phone

800-848-9500

C. Personal Information We Collect

We collect information about Users of the Service in multiple ways, including Personal Information provided directly to us by a Customer for upload to the Service, data collected directly from or generated by Student and Educator Users of the Service, and data generated through your use of the Service. Depending on the Services provided, we may also collect Personal Information through other methods that follow the terms of this Privacy Policy.

Personal Information Input by Customers

When a Customer contracts with us to provide an Educational Service, initial setup and configuration of that Service, in most cases, will involve an initial transfer of Personal Information by the Customer. In addition, some of our products allow our customers to input certain optional demographic or other identifying data (student email address, date of birth, etc.) if such information is useful for the district's educational purposes. These fields do not need to be populated to use our products, but if the district supplies any of this data, it will be treated in accordance with this Policy. The following tables contain information about elements of Student and Educator Data commonly collected from our Customers (as applicable). Although we do attempt to maintain the accuracy of these tables, data handling practices may vary significantly across our K-12 products.

Student data input by Customers

Required Student Data:

  • First and Last Name
  • School Name
  • District/Institutional Name
  • Grade, Year, or Group

Educator data input by Customers

Required Educator Data:

  • First and Last Name
  • Contact Details (School/District-Issued or Personal E-mail Address)
  • School Name
  • District/Institutional Name

Optional Educator Data

  • District ID
  • Date of Birth

Directly Collected or User Generated Personal Information

Many of our Educational Services allow Users to create, upload and share information. Collection of this information is optional and at the discretion of the Customer and/or User. The following tables contain information about elements of Student and Educator Data commonly collected directly from or generated by our Customers and their Users.

Optional data collected from end users

Student Data Input or Generated by Users

  • Grades
  • Exercise, Activity, or Assessment Responses
  • Exercise, Activity, and Assessment Grades, Scores, and Reports
  • Educator Feedback
  • Assessment or Appraisal Information or Reports
  • Creative Works
  • Notebook Entries or Text Annotations
  • Private Forum or Chat Postings or Comments
  • Photographic, Video, or Audio Recordings

Educator Data Input or Generated by Users

  • Private Forum or Chat Postings or Comments
  • Contact Details (School-Issued or Personal E-mail Address)
  • Photographic, Video, or Audio Recordings

Service-Generated Data

The Service you have purchased may generate information tied to specific Users as a core part of its functionality, such as for adaptive learning or providing immediate feedback to students. Service-generated data may also include the automatic generation of usernames or other data elements tied to a specific User, where those elements are not provided or set by the Customer.

Cookies and Related Technologies

Our Services use cookies to enable you to sign-in to the Service and access your stored preferences and settings. You have a variety of tools to control the use of cookies, web beacons, and similar technologies, including browser controls to block and delete cookies. If you choose to disable or block these technologies, it may prevent or impair required functionality and therefore your use of the Service.

Application and System Logs

Application and system logs are critical to ensuring the availability and security of the Service. We collect log data for such purposes as monitoring the health of the Service, detecting unauthorized access and fraudulent activity on the Service, preventing and responding to Service-related security incidents, and ensuring appropriate scaling of the Service's computing resources.

Do Not Track Disclosures

Do Not Track ("DNT") is a proposed mechanism for allowing website visitors to control the collection of certain Usage Data. Although there has been research into the development of a standard to support the use of DNT signals, there is no adopted standard to follow. We do not currently respond to Do Not Track signals, but we are closely monitoring DNT proposals for further developments.

Third-Party Collection

Although we may use third-party vendors, subcontractors, and service providers to assist us in providing the Service, we do not permit third-party ad networks or similar services to collect the Personal Information of our authenticated Users.

D. How We Use Personal Information

We use your Personal Information for educational purposes and to exercise our legal rights, as described below.

Educational Uses

We use Personal Information to provide you with the Service(s) requested. We may use your Personal Information for any purposes required or permitted under our Agreement or with your consent.

Legal and Safety Uses

We may use your Personal Information to protect or exercise our legal rights, to defend against claims, to investigate fraud and other criminal conduct, to enforce our Terms of Service, to respond to a government request, to protect the security, integrity and availability of the Service, or to otherwise protect the property and safety of the Company, our Users, and others.

De-Identified and Aggregate Data

Customer data no longer needed for the delivery of our services shall either be deleted or de-identified and aggregated. We may use Usage Data and other properly de-identified or aggregate data to improve existing products, develop new products, communicate product effectiveness and outcomes, and for other related purposes. Our methods for de-identification are informed by guidance from the National Institute of Standards and Technology (NIST), the U.S. Department of Education's Privacy Technical Assistance Center, and the Department of Health and Human Services. Unless required to do so by law, we will not attempt to re-identify de-identified data and, where feasible and appropriate, will not transfer de-identified data to a third party unless they also agree not to attempt re-identification.

E. How We Share Personal Information

We share your Personal Information with third parties solely for the purpose of providing Educational Services to you and to exercise our legal rights, as described below.

Subcontractors

Depending on the Service, we may hire subcontractors, vendors or other third parties to help deliver or improve the Service. Third-parties that we work with who have access to your Personal Information are subject to stringent privacy and security contractual requirements equivalent to those set forth in this Policy, including, but not limited to, deletion, de-identification and prohibitions on collection, use or disclosure of Personal Information for non-educational purposes and maintenance of a comprehensive information security program.

Merger, Acquisition or Bankruptcy

If we are involved in a merger, acquisition, or sale of all or a portion of our assets, we may need to share your Personal Information with the acquiring entity. We will condition any merger, acquisition, or sale on continued adherence to the terms of this Policy and maintaining a materially similar level of protection for your Personal Information. If such an event occurs, we will provide you information about the coming change, how it may impact you and any choices you may have.

Data Ownership and Access Requests

Customers who are educational institutions have primary responsibility for fulfilling student and parent access, amendment, and export requests. In most cases, Customers can fulfill these requests using the built-in functionality of the Service. Where this functionality is not available or the Customer cannot otherwise fulfill the request on their own, we will provide reasonable assistance with the production or export of Student Data if the assistance is in accordance with our Agreement and applicable law. In rare cases, we may not be able to fully satisfy these requests. Examples include requests for confidential company information in addition to Student Data, requests for Student Data in a specific or proprietary format that we are unable to support, or requests that are prohibited by law.

F. Security

We store and process Customer Personal Information in accordance with industry standards and applicable law. Our comprehensive information security program protects your Personal Information from unauthorized access, use and disclosure through the use of reasonable and appropriate physical, administrative and technical safeguards. We perform periodic risk assessments of our information security program and prioritize remediation of identified security vulnerabilities. Nevertheless, security is a shared responsibility and no method of data transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee the absolute security of your Personal Information.

If you have general questions for us regarding the security and confidentiality of your Personal Information, please feel free to contact us using the information in Section B above.

Breach Notification

In the event of a security incident affecting our systems that involves your Personal Information, we will notify you as required by applicable law and the terms of our Agreement. We will always attempt to notify you of any security incident affecting your Personal Information that we believe poses a material risk of harm to you, your staff or your students.

Federation and Identity Management Support

We strongly support and encourage the use of secure federated identity management technologies such as SAML in conjunction with our Services. These technologies make access to our Service safer and more secure for your district and Users.

Use, Retention and Deletion

We do not collect, maintain, use, or share Personal Information beyond what is required for the educational purposes for which it was collected and will retain (where required), destroy or de-identify your Personal Information in accordance with applicable law and the terms of our Agreement. Deletion and retention functionality and procedures vary based on the Service used.

G. Customer Responsibilities

Although we have taken numerous steps to ensure the privacy and security of Personal Information we hold on your behalf, your use of the Services must also be in accordance with prevailing security practices. These practices include, but are not necessarily limited to, (i) securely configuring your accounts using federated identity management or strong and unique passwords and not sharing your authentication information, (ii) avoiding the upload of unnecessary Personal Information into the Service, (iii) exercising oversight to ensure your Educator and Student Users are using the Service appropriately, (iv) training and educating your Users on the importance of privacy and security; and (v) limiting information sharing by allowing Users to access only the information that they need.

H. Miscellaneous

External Content

Certain Services we offer may link, or provide Users with the ability to link, to external content such as online videos or news articles. Educator Users often make these sites available as reading materials for Student User assignments or exercises. We urge our Customers and Educator Users to exercise caution by evaluating the privacy practices of external sites you are linking to, particularly those that collect Personal Information from your Student Users.

This Privacy Policy does not apply to any non-Company site, as we are unable to control the associated privacy and security practices. However, in the case of third-party content providers to which we provide any Personal Information to facilitate the provision of Services to you, we have evaluated such third parties' data handling practices to ensure that they protect your Personal Information in accordance with this Privacy Policy. Should you have concerns over the privacy practices of our linked or integrated external content, please notify us using the contact information in Section B above.

Governing Terms

Unless otherwise stated in the Agreement, the terms of this Policy shall prevail and supersede any inconsistent terms and conditions contained in the Agreement.

FERPA

Our Services comply with all applicable provisions of the Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99). We receive Student Data from Customers who are educational institutions as a "school official" under FERPA and only process Student Data for educational purposes. In the event we receive a subpoena or judicial order for the disclosure of education records, we will notify the associated institutional Customer(s) prior to fulfilling the request in accordance with FERPA. For additional information on FERPA, please visit the U.S. Department of Education's Privacy Technical Assistance Center.

COPPA

Our Services comply with all applicable provisions of the Children's Online Privacy Protection Act (COPPA) (15 USC 6501 et seq.) To the extent COPPA applies to information we collect, we process such information for educational purposes only, at the direction of the partnering Customer. For additional information on COPPA and educational institution consent, please refer to the Federal Trade Commission's Complying with COPPA: Frequently Asked Questions. Savvas is proud member of the iKeepSafe COPPA Safe Harbor Certification Program. Should customers have any questions or concerns regarding our COPPA policies and practices, contact COPPAPrivacy@ikeepsafe.org.

I. Definitions

Capitalized terms not defined in this section are defined by applicable law when a citation is present.

  • "Agreement" means the terms of use or other user agreement for the applicable Services, along with any agreement that may have been executed between the Company and the Customer with respect thereto.
  • "Data Handling Practices" means Company's practices related to the collection, protection, use or disclosure of Personal Information.
  • "Educator Data" means the personally identifiable information of Users of the Service who are not students, such as teachers or School administrators.
  • "Educator User" means a User of the Service who is not a student, such as a school administrator, faculty member, board member, school employee, school agent or representative.
  • "Personal Information" means the personally identifiable information of Users of the Service.
  • "Student Data" means the personally identifiable information received about Student Users of the Service.
  • "Student User" means a User of the Service who is a student at an educational institution who has purchased and is using a Service.
  • "Usage Data" means data gathered about Users' activity on the site, which may be collected through the use of system or application logs, cookies, mobile device identifiers, IP addresses and other industry-accepted technology.
  • "User" means an authenticated Authorized User of our U.S. K-12 online websites, applications, products and services.

J. California Consumer Protection Act (CCPA)

The Services we provide to our Customers comply with all applicable provisions of the California Consumer Protection Act (CCPA) (§1798.100 et seq.) The information we collect is solely for the delivery of our Services and is not sold to any third parties. It is our objective to ensure any Personally Identifiable Information (PII) we have about our customers is accurate and necessary to provide our Services

To the extent CCPA applies to information we collect about individual California consumers, it is your right under CCPA to, access, rectify, object to, request erasure, export or choose how we process any PII collected for the delivery of our services at any time. If you are a student or parent of a student at an educational institution using our products and wish to exercise any of these rights, please direct any requests to the appropriate representative at your educational institution. For any other Customers to whom we have sold our products to directly (not an educational institution), you can exercise your rights to pose questions, comments, or concerns by emailing our Data Privacy Office at privacy@savvas.com.