Last Updated: 3/31/2022
A. Policy Overview
Changes to this Policy
B. Contact Us
We are committed to maintaining a dialogue with Customers about our data handling practices. If you have any concerns, comments or questions about this Policy or general Service-related data handling practices, please contact us using one of the following methods:Email:
Savvas Learning Company LLC
Attention: Chief Privacy Officer
15 E Midland Ave, Paramus
New Jersey 07652, US
C. Personal Information We Collect
Personal Information Input by Customers
When a Customer contracts with us to provide an Educational Service, initial setup and configuration of that Service, in most cases, will involve an initial transfer of Personal Information by the Customer. In addition, some of our products allow our customers to input certain optional demographic or other identifying data (student email address, date of birth, etc.) if such information is useful for the district's educational purposes. These fields do not need to be populated to use our products, but if the district supplies any of this data, it will be treated in accordance with this Policy. The following tables contain information about elements of Student and Educator Data commonly collected from our Customers (as applicable). Although we do attempt to maintain the accuracy of these tables, data handling practices may vary significantly across our K-12 products.
Student data input by Customers
Required Student Data:
Educator data input by Customers
Required Educator Data:
Optional Educator Data
Directly Collected or User Generated Personal Information
Many of our Educational Services allow Users to create, upload and share information. Collection of this information is optional and at the discretion of the Customer and/or User. The following tables contain information about elements of Student and Educator Data commonly collected directly from or generated by our Customers and their Users.
Optional data collected from end users
Student Data Input or Generated by Users
Educator Data Input or Generated by Users
The Service you have purchased may generate information tied to specific Users as a core part of its functionality, such as for adaptive learning or providing immediate feedback to students. Service-generated data may also include the automatic generation of usernames or other data elements tied to a specific User, where those elements are not provided or set by the Customer.
Cookies and Related Technologies
Application and System Logs
Application and system logs are critical to ensuring the availability and security of the Service. We collect log data for such purposes as monitoring the health of the Service, detecting unauthorized access and fraudulent activity on the Service, preventing and responding to Service-related security incidents, and ensuring appropriate scaling of the Service's computing resources.
Do Not Track Disclosures
Do Not Track ("DNT") is a proposed mechanism for allowing website visitors to control the collection of certain Usage Data. Although there has been research into the development of a standard to support the use of DNT signals, there is no adopted standard to follow. We do not currently respond to Do Not Track signals, but we are closely monitoring DNT proposals for further developments.
Although we may use third-party vendors, subcontractors, and service providers to assist us in providing the Service, we do not permit third-party ad networks or similar services to collect the Personal Information of our authenticated Users.
D. How We Use Personal Information
We use your Personal Information for educational purposes and to exercise our legal rights, as described below.
We use Personal Information to provide you with the Service(s) requested. We may use your Personal Information for any purposes required or permitted under our Agreement or with your consent.
Legal and Safety Uses
We may use your Personal Information to protect or exercise our legal rights, to defend against claims, to investigate fraud and other criminal conduct, to enforce our Terms of Service, to respond to a government request, to protect the security, integrity and availability of the Service, or to otherwise protect the property and safety of the Company, our Users, and others.
De-Identified and Aggregate Data
Customer data no longer needed for the delivery of our services shall either be deleted or de-identified and aggregated. We may use Usage Data and other properly de-identified or aggregate data to improve existing products, develop new products, communicate product effectiveness and outcomes, and for other related purposes. Our methods for de-identification are informed by guidance from the National Institute of Standards and Technology (NIST), the U.S. Department of Education's Privacy Technical Assistance Center, and the Department of Health and Human Services. Unless required to do so by law, we will not attempt to re-identify de-identified data and, where feasible and appropriate, will not transfer de-identified data to a third party unless they also agree not to attempt re-identification.
E. How We Share Personal Information
We share your Personal Information with third parties solely for the purpose of providing Educational Services to you and to exercise our legal rights, as described below.
Depending on the Service, we may hire subcontractors, vendors or other third parties to help deliver or improve the Service. Third-parties that we work with who have access to your Personal Information are subject to stringent privacy and security contractual requirements equivalent to those set forth in this Policy, including, but not limited to, deletion, de-identification and prohibitions on collection, use or disclosure of Personal Information for non-educational purposes and maintenance of a comprehensive information security program.
Merger, Acquisition or Bankruptcy
If we are involved in a merger, acquisition, or sale of all or a portion of our assets, we may need to share your Personal Information with the acquiring entity. We will condition any merger, acquisition, or sale on continued adherence to the terms of this Policy and maintaining a materially similar level of protection for your Personal Information. If such an event occurs, we will provide you information about the coming change, how it may impact you and any choices you may have.
Data Ownership and Access Requests
Customers who are educational institutions have primary responsibility for fulfilling student and parent access, amendment, and export requests. In most cases, Customers can fulfill these requests using the built-in functionality of the Service. Where this functionality is not available or the Customer cannot otherwise fulfill the request on their own, we will provide reasonable assistance with the production or export of Student Data if the assistance is in accordance with our Agreement and applicable law. In rare cases, we may not be able to fully satisfy these requests. Examples include requests for confidential company information in addition to Student Data, requests for Student Data in a specific or proprietary format that we are unable to support, or requests that are prohibited by law.
We store and process Customer Personal Information in accordance with industry standards and applicable law. Our comprehensive information security program protects your Personal Information from unauthorized access, use and disclosure through the use of reasonable and appropriate physical, administrative and technical safeguards. We perform periodic risk assessments of our information security program and prioritize remediation of identified security vulnerabilities. Nevertheless, security is a shared responsibility and no method of data transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee the absolute security of your Personal Information.
If you have general questions for us regarding the security and confidentiality of your Personal Information, please feel free to contact us using the information in Section B above.
In the event of a security incident affecting our systems that involves your Personal Information, we will notify you as required by applicable law and the terms of our Agreement. We will always attempt to notify you of any security incident affecting your Personal Information that we believe poses a material risk of harm to you, your staff or your students.
Federation and Identity Management Support
We strongly support and encourage the use of secure federated identity management technologies such as SAML in conjunction with our Services. These technologies make access to our Service safer and more secure for your district and Users.
Use, Retention and Deletion
We do not collect, maintain, use, or share Personal Information beyond what is required for the educational purposes for which it was collected and will retain (where required), destroy or de-identify your Personal Information in accordance with applicable law and the terms of our Agreement. Deletion and retention functionality and procedures vary based on the Service used.
G. Customer Responsibilities
Although we have taken numerous steps to ensure the privacy and security of Personal Information we hold on your behalf, your use of the Services must also be in accordance with prevailing security practices. These practices include, but are not necessarily limited to, (i) securely configuring your accounts using federated identity management or strong and unique passwords and not sharing your authentication information, (ii) avoiding the upload of unnecessary Personal Information into the Service, (iii) exercising oversight to ensure your Educator and Student Users are using the Service appropriately, (iv) training and educating your Users on the importance of privacy and security; and (v) limiting information sharing by allowing Users to access only the information that they need.
Certain Services we offer may link, or provide Users with the ability to link, to external content such as online videos or news articles. Educator Users often make these sites available as reading materials for Student User assignments or exercises. We urge our Customers and Educator Users to exercise caution by evaluating the privacy practices of external sites you are linking to, particularly those that collect Personal Information from your Student Users.
Unless otherwise stated in the Agreement, the terms of this Policy shall prevail and supersede any inconsistent terms and conditions contained in the Agreement.
Our Services comply with all applicable provisions of the Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99). We receive Student Data from Customers who are educational institutions as a "school official" under FERPA and only process Student Data for educational purposes. In the event we receive a subpoena or judicial order for the disclosure of education records, we will notify the associated institutional Customer(s) prior to fulfilling the request in accordance with FERPA. For additional information on FERPA, please visit the U.S. Department of Education's Privacy Technical Assistance Center.
Our Services comply with all applicable provisions of the Children's Online Privacy Protection Act (COPPA) (15 USC 6501 et seq.) To the extent COPPA applies to information we collect, we process such information for educational purposes only, at the direction of the partnering Customer. For additional information on COPPA and educational institution consent, please refer to the Federal Trade Commission's Complying with COPPA: Frequently Asked Questions. Savvas is proud member of the iKeepSafe COPPA Safe Harbor Certification Program. Should customers have any questions or concerns regarding our COPPA policies and practices, contact COPPAPrivacy@ikeepsafe.org.
Capitalized terms not defined in this section are defined by applicable law when a citation is present.
J. California Consumer Protection Act (CCPA)
The Services we provide to our Customers comply with all applicable provisions of the California Consumer Protection Act (CCPA) (§1798.100 et seq.) The information we collect is solely for the delivery of our Services and is not sold to any third parties. It is our objective to ensure any Personally Identifiable Information (PII) we have about our customers is accurate and necessary to provide our Services
To the extent CCPA applies to information we collect about individual California consumers, it is your right under CCPA to, access, rectify, object to, request erasure, export or choose how we process any PII collected for the delivery of our services at any time. If you are a student or parent of a student at an educational institution using our products and wish to exercise any of these rights, please direct any requests to the appropriate representative at your educational institution. For any other Customers to whom we have sold our products to directly (not an educational institution), you can exercise your rights to pose questions, comments, or concerns by emailing our Data Privacy Office at firstname.lastname@example.org.