Generally, use of our service may require you to provide information such as your name, email address, address, telephone number and other relevant data. This information is used by us to identify you and provide you with the services you expect of us, support, answer questions, onboard you as a new user, account management and generally in order to meet our obligations to you and fulfill our other contractual obligations.
Gradelink may collect two (2) types of information from you: (1) Personally Identifiable Information and (2) Non-Personally Identifiable Information:
1. Personally Identifiable Information. Personally Identifiable Information refers to the types of information that can be used to identify or contact a single person, or to aggregate disparate pieces of information into one data picture of a single student or individual. The types of Personally Identifiable Information collected by Gradelink may include:
(i) Student Information. This includes but is not limited to Names, Addresses, Phone Numbers, Email Addresses, Birth Date, Gender, Grade Level, Birth Location, Ethnicity/Race [based on US federal guidelines], prior school location/history, living situation, sibling name/birthdate/grade level/school, Insurance company/policy numbers, hospital preference, medications, allergies, health history, church/worship information, and student photographs.
(ii) Parent Information. This includes but is not limited to Names, Addresses, Phone Numbers, Email Addresses, Employer, Occupation, Education Level.
(ii) Other information. All other information that can be used to identify a specific individual, including but not limited to information passed through our service for purposes of contacting with third parties.
2. Non-Personally Identifiable Information. Non-Personally identifiable information is information that cannot be used to identify a specific individual, but we believe is nonetheless worthy of respect and reasonable protection. While Gradelink does analyze the Service logs to monitor the flow of traffic to the Service and make improvements thereto, and those logs do contain Non-Personally Identifiable Information, no attempt to link individual log entries to specific Service visitors or students and users is made by us unless specifically required in order to maintain operability of the Service or identify potential malicious behavior. The types of Non-Personally Identifiable Information collected by Gradelink either by virtue of your utilizing the Service or through your own submission may include:
(i) Internet Protocol (IP) address, Unique Device Identifiers(UDID), and protocol information;
(ii) Browser language and browser agent;
(iii) Domain Name System (DNS) requests;
(iv) Browsing history, limited only to the time spent on the domain, time and date of the visit, number of clicks, and referring link from which the user came;
(v) Hypertext Transfer Protocol (HTTP) headers and application information, system date, full request, status, and content length;
(vi) Operating System, and/or
(vii) Similar behavioral, usage, and/or device information.
How Information is Collected
Gradelink does not collect personally identifiable information about you through the Service without your knowledge, action or without informing you of such collection. However, your information is requested, collected and stored through your use of specific features of the Service. In the course of your using and interacting with the Service, we may collect Non-Personally Identifiable Information and Personally Identifiable Information about you from the following sources:
- Information we receive from you through online enrollment forms you complete or contacts you make with us, or information we receive from you, personally, through the use of the Service, including, but not limited to your use of any chat features, email newsletter registration, the “Contact Us” form or in conjunction with any promotion.
- Information we receive from your device through the use of the Service.
- Information we receive from our partners, service providers, payment processors, or other members.
- Information we receive from other sources.
We may collect Non-Personally Identifiable Information from you, with your implicit consent by virtue of using the Service, in the following ways:
HTTP Cookies. As is true of virtually all dynamic websites on the internet, the Gradelink website uses “cookies” (i.e., a small file that the website writes to a user’s device) to help track your usage of the website, including what advertising you have seen and whether you have logged in. Cookies are used to “remember” settings you choose to enable on the website and to record your browsing activity on the website. Neither the website, nor the cookies, can read any data off of your device outside of our cookies; this includes any cookies saved by other websites. If you wish to not receive a cookie following your visit to the website, you must disable cookies globally or for the website specifically through your web browser. Similarly, you can delete all of the cookies you have saved through your web browser. Consult your web browser’s documentation for assistance.
Web Beacons. A web beacon is an embedded image, usually invisible, in a website that is used purely to determine whether a user has accessed the website. The intent is to track who is reading a given website, when they are reading it, and from what device they are reading it from. The use of web beacons is commonplace, but it does mean a third party server will receive your internet protocol address, the type of web browser you are using, and the existence of any cookies previously saved to your device from earlier visits. The owner of the third party server can store all of the information, assign it a unique tracking token, and monitor your behavior on the website over a long period of time.
Unique Identifiers. Over the course of your visiting and utilizing the Service, we may assign you a unique identifier to keep track of your future visits and usage. We use the identifier to gather aggregate demographic information and form a snapshot of who our users are as a whole, and we use it to personalize the information you see on the website, new features we develop and deploy and, at times, the information you receive from us via our Service. We keep this information purely for our own internal use, and this information is not shared with others, nor is an effort made to connect a unique identifier with an individual person’s identity.
Use and Limits of Use for Information Collected
We do not collect, maintain, use, or share student Personal Information beyond that needed for authorized educational purposes or as authorized by the parent/student. Information we collect and aggregate about our users is used for a few purposes:
- To provide you with information regarding the educational or school products, services or offerings you request.
- For non-student data, to provide for direct sales and marketing purposes.
- To improve said products, services and offerings.
- To communicate with you about our products, services and offerings.
- To respond to your submission of your contact information and resume in conjunction with a job opportunity.
- For retention only as long as retention is necessary.
We explicitly do not use Personal Information to provide targeted advertising to students. We have no ads in-program and our targeted ads (e.g. Google AdWords) are directed towards school decision makers, not students. Student and parent Personal Information is never used for advertising.
How Information is Safeguarded
Gradelink employs industry standard physical, administrative, and technological security measures and safeguards in an effort to keep Personal Information safe. Our methods and measures, technical and administrative, evolve with the changing security landscape. We are cognizant of the sensitivity of some of the data being collected, used, and stored, through the Service, and the current state of technology and threats to information. Gradelink’s security measures include, but are not limited to, data encryption, firewalls, data use and access limitations both technological and physical, limitations on access for personnel and vendors, and physical access controls for our facilities.
Sale of Data
We do not sell Personal Data under any circumstances, even with the consent of the student or parent.
Correction or Change of Data
We permit Data Subjects to contact us at DPO@GRADELINK.COM and request a copy of the data we currently store related to them and the ability to make any necessary corrections or changes.
Status as Data Controller or Data Processor
Generally, we process Personally Identifiable Information both as a Data Processor and as a Data Controller, as defined by the GDPR.
In terms of the GDPR regulations, We are a “Data Processor” and our customers or the school administrators are the “Data Controllers” for student, parent and faculty data. In other words, Gradelink takes the information administrators, teachers, schools, districts or parents give us, and processes that for them. In the case of Gradelink, student data is added to the platform via administrators, teachers, schools, districts or students and parents — not by Gradelink itself, except in cases where the customer has requested we import student data on their behalf. Whoever adds a student account to the Service is an adult representing that student and they are attesting they have the legal right to do so. Students cannot sign-up to Gradelink without such a representing administrating adult. It is the responsibility of that representative, or their employer, to make certain they have received all appropriate authorization from the student’s guardians according to their jurisdiction.
In terms of security, account holders are responsible for keeping their own accounts secure. As an administrator, one has access to student data. We recommend having a random and unique password, using a password manager, and changing the password often. We’ll work hard to keep your data safe but it is the user’s responsibility to maintain the security of their account credentials.
When Information Is Disclosed
All Third Parties that we currently integrate with in terms of sharing student Personal Data are members of the Student Privacy Pledge (www.studentprivacypledge.gov) and themselves agree to abide by the same broad restrictions and limitations set forth in this policy and generally remain consistent with the Student Privacy Pledge.
We may share your Non-Personally Identifiable Information with third parties to illustrate Service user usage patterns or for any advertisement campaigns we may run, content we produce, the Service’s functionality, and other services we provide.
We must reserve the right to disclose Non-Personally Identifiable Information and Personally Identifiable Information to shield ourselves from liability, to investigate and defend any third party claims or allegations, to assist law enforcement agencies, to protect the security of the Service, and to protect the rights, property and safety of Gradelink, its members and users. We cannot and will not be responsible for any breach of security by any third party or for any actions of any third party on the site that, despite our best efforts, receives any of the information that is disclosed to us.
Informed Choice Non-Disclosure
Information from California Residents
California law permits California residents to request information from a business regarding the use of certain categories of Personally Identifiable information for the purposes of direct marketing. California residents that use the Service may request this information by sending an email to UNSUBSCRIBE@GRADELINK.COM or a letter to the attention of Marketing Department care of Gradelink, Inc., 26741 Portola Pkwy. #1E-649, Foothill Ranch, California, USA. If requesting by email, please include your name used at sign up. If requesting by mail, please include your name and your postal address.
Information from European Union Users
By using the Service and providing us with your information, you authorize us to collect your information, use and store your information outside of the European Union (“EU”). All transfers of data within the European Economic Area (EEA) will be done in accordance with the data processing requirements of the GDPR.
International Transfers of Information
Personally and Non-Personally Identifiable Information may be processed, stored, and used outside of the country in which you are located. Data privacy laws vary across jurisdictions, and different laws may be applicable to your data depending on where it is processed, stored or used.
Privacy on Third Party Sites
The Service may contain or provide links to any number of other websites, including links to various third party service providers, used for the purposes of providing information or processing your requests. Gradelink is not responsible for the privacy practices or the content of any of those websites. Please check those websites for privacy policies and read them thoroughly prior to using their website.
“Do Not Track”
Your browser may permit, or may even default, to transmitting a “Do Not Track” header to websites and online services you visit. There is currently no industry standard for what a website can, or should, do when a user transmits such a header. As a result, the Gradelink website, along with most other sites, does not recognize or modify its behavior as a result of the receipt of a “Do Not Track” header.
Social Networking Features
From time to time the Gradelink website will contain “buttons” that link to various social networking platforms. Additionally, Gradelink may maintain presences on various social networking platforms, which enable you to interact with us. These interactions range from communicating directly with Gradelink to “sharing” or “liking” content posted by Gradelink.
Gradelink has no current plans to sell or in any way transfer or cause to be transferred our ownership. To the extent that we can, we will only contract or sell to an entity that agrees to abide by the policies set forth here or, in the alternative, we will provide parents/students with an option to decline transferring their information to the successor entity.
EFFECTIVE AS OF: August 8, 2019
LAST UPDATED: August 8, 2019