Last Updated on April 23, 2020
The Gradelink Corporation (collectively “Gradelink,” “our,” “us,” or “we”) respects student, parent, teacher, principal, school administrator and user or visitor (collectively “Data Subjects”) privacy. We believe providing the best protection of their information reasonably possible is our responsibility.
1) Relates to any Personally Identifiable Information and Non-Personally Identifiable Information collected, stored, owned, or used by Gradelink including, but not limited to, the collection of information:
a) Through the Gradelink service, which includes the Gradelink website and the Gradelink text message service (the “Service”)
b) At the time of signup
c) Any service or feature offered therein, including but not limited to:
i) The Gradelink website
ii) Any applications, third party or otherwise
iii) Any promotions or temporary programs that may be open from time to time
2) Does not apply to any other websites, mobile applications, social media platforms, email lists, or any other information collected, owned or stored by any entity other than Gradelink or through any other means other than those enumerated herein.
3) Does not apply to any third-party applications that happen to make use of the Gradelink service.
Note: Gradelink cannot and will not be held responsible for the software, websites, applications, or services of other companies or entities.
Generally, use of our service may require you to provide information such as your name, email address, address, telephone number and other relevant data. This information is used by us to identify you and provide you with the services you expect of us, support, answer questions, onboard you as a new user, account management and generally in order to meet our obligations to you and fulfill our other contractual obligations.
Gradelink may collect the following types of information from you:
1) Personally Identifiable Information
Personally Identifiable Information refers to the types of information that can be used to identify or contact a single person, or to aggregate disparate pieces of information into one data picture of a single student or individual. The types of Personally Identifiable Information collected by Gradelink may include:
a) Student Information including, but not limited to:
iii) Phone Numbers
iv) Email Addresses
v) Birth Dates
vii) Grade Levels
viii) Birth Locations
ix) Ethnicity/Race (based on US federal guidelines)
x) Prior school locations and history
xi) Living situations
xii) Siblings – Names, Birthdates, Grade levels, Schools
xiii) Insurance Companies and Policy numbers
xiv) Hospital preferences
xvii) Health histories
xviii) Church or Worship information
xix) Student photographs
b) Parent Information including, but not limited to:
iii) Phone Numbers
iv) Email Addresses
vii) Education Levels
c) Other information that can be used to identify a specific individual, including but not limited to, information passed through our service for purposes of contacting with third parties
2) Non-Personally Identifiable Information:
Non-Personally identifiable information is information that cannot be used to identify a specific individual, but we believe is nonetheless worthy of respect and reasonable protection. While Gradelink does analyze the Service logs to monitor the flow of traffic to the Service and make improvements thereto, and those logs do contain Non-Personally Identifiable Information, no attempt to link individual log entries to specific Service visitors or students and users is made by us unless specifically required in order to maintain operability of the Service or identify potential malicious behavior. The types of Non-Personally Identifiable Information collected by Gradelink either by virtue of your utilizing the Service or through your own submission may include:
a) Internet Protocol (IP) address, Unique Device Identifiers (UDID), and protocol information
b) Browser language and browser agent
c) Domain Name System (DNS) requests
d) Browsing history, limited only to the time spent on the domain, time and date of the visit, number of clicks, and referring link from which the user came
e) Hypertext Transfer Protocol (HTTP) headers and application information, system date, full request, status, and content length
f) Operating System
g) Similar behavioral, usage, and/or device information
Gradelink sets the required retention periods for specified categories of personal data and sets out the minimum standards to be applied when destroying certain information.
Applies to all:
1) Business units, processes, and systems in all countries in which the Gradelink conducts business and has dealings or other business relationships with third parties.
2) Gradelink officers, directors, employees, agents, affiliates, contractors, consultants, advisors or service providers that may collect, process, or have access to data (including personal data and/or sensitive personal data).
Note: It is the responsibility of all the above to familiarize themselves with this Policy and ensure adequate compliance with it.
3) Information used at the Company including, but not limited to:
b) Hard copy documents
c) Soft copy documents (data)
d) Video and audio
Gradelink maintains current customer data including student attendance records and student transcript records indefinitely for as long as customer maintains service.
Unless otherwise mandated differently by applicable law or regulation, the general retention period for information is 3 years (36 months).
As an exemption, retention periods may be prolonged in cases such as:
1) Ongoing investigations from authorities, if there are records of personal data that are needed by the Company to prove compliance with any legal requirements; or
2) When exercising legal rights in cases of lawsuits or similar court proceeding recognized under local, State or Federal law.
Certain non-critical data such as individual assignment records older than 36 months may be purged periodically to improve system and resource efficiency.
Gradelink, on a regular basis, reviews all information to decide whether to destroy or delete once the purpose for which the information was created is no longer relevant.
All instances of suspected information breaches shall be investigated, and action taken as appropriate.
Gradelink maintains nightly backups of customer data for purposes of retrieval in the event of accidental deletion or system failure.
Though Gradelink strives to meet any reasonable request for data retrieval, no guarantees are expressed or implied by Gradelink regarding viability or success of a data retrieval or restoration effort.
Restoration or retrieval of customer data from backup sets for any reason other than the result of a Gradelink systemic event, may be subject to processing fees based on factors such as the age of backup and breadth or complexity of data requested.
How Information is Collected
Gradelink does not collect personally identifiable information about you through the Service without your knowledge, action or without informing you of such collection. However, your information is requested, collected and stored through your use of specific features of the Service.
By using and interacting with the Service, we may collect Non-Personally Identifiable Information and Personally Identifiable Information about you from the following sources:
1) Information we receive from you through online enrollment forms you complete or contacts you make with us, or information we receive from you, personally, through the use of the Service, including, but not limited to your use of any chat features, email newsletter registration, the “Contact Us” form or in conjunction with any promotion.
2) Information we receive from your device using the Service.
3) Information we receive from our partners, service providers, payment processors, or other members.
4) Information we receive from other sources.
We may collect Non-Personally Identifiable Information from you, with your implicit consent by virtue of using the Service, in the following ways:
1) HTTP Cookies
As is true of virtually all dynamic websites on the internet, the Gradelink website uses “cookies” (e.g., a small file that the website writes to a user’s device) to help track your usage of the website, including what advertising you have seen and whether you have logged in. Cookies are used to “remember” settings you choose to enable on the website and to record your browsing activity on the website. Neither the website, nor the cookies, can read any data from your device outside of our cookies; this includes any cookies saved by other websites. If you wish to not receive a cookie following your visit to the website, you must disable cookies globally or for the website specifically through your web browser. Similarly, you can delete all the cookies you have saved through your web browser. Consult your web browser’s documentation for assistance.
2) Web Beacons
A web beacon is an embedded image, usually invisible, in a website that is used purely to determine whether a user has accessed the website. The intent is to track who is reading a given website, when they are reading it, and from what device they are reading it from. The use of web beacons is commonplace, but it does mean a third-party server will receive your internet protocol address, the type of web browser you are using, and the existence of any cookies previously saved to your device from earlier visits. The owner of the third-party server can store all the information, assign it a unique tracking token, and monitor your behavior on the website over a long period of time.
3) Unique Identifiers
Over the course of your visiting and utilizing the Service, we may assign you a unique identifier to keep track of your future visits and usage. We use the identifier to gather aggregate demographic information and form a snapshot of who our users are as a whole, and we use it to personalize the information you see on the website, new features we develop and deploy and, at times, the information you receive from us via our Service. We keep this information purely for our own internal use, and this information is not shared with others, nor is an effort made to connect a unique identifier with an individual person’s identity.
Use and Limits of Use for Information Collected
We do not collect, maintain, use, or share student Personally Identifiable Information beyond that needed for authorized educational purposes or as authorized by the parent and/or student.
Information we collect and aggregate about our users is used for a few of the following purposes:
1) To provide you with information regarding the educational or school products, services or offerings you request.
2) For non-student data, to provide for direct sales and marketing purposes.
3) To improve said products, services and offerings.
4) To communicate with you about our products, services and offerings.
5) To respond to your submission of your contact information and resume in conjunction with a job opportunity.
We explicitly do not use Personally Identifiable Information to provide targeted advertising to students. We have no ads in-program and our targeted ads (e.g., Google AdWords) are directed towards school decision makers, not students. Student and parent Personal Information is never used for advertising.
How Information is Safeguarded
Gradelink employs industry standard physical, administrative, and technological security measures and safeguards to keep Personal Information safe. Our methods and measures, both technical and administrative, evolve with the changing security landscape. We are cognizant of the sensitivity of some of the data being collected, used, and stored, through the Service, and the current state of technology and threats to information. Gradelink’s security measures include, but are not limited to:
1) Data encryption
3) Data use and access limitations both technologically and physically
4) Limitations on access for Gradelink personnel and vendors
5) Physical access controls for our facilities
Sale of Data
We do not sell Personally Identifiable Information under any circumstances, even with the consent of the student or parent.
Correction or Change of Data
We permit Data Controllers to contact us at firstname.lastname@example.org and request copies of the data we currently store related to them and the ability to make any necessary corrections or changes.
Status as Data Controller or Data Processor
Generally, we process Personally Identifiable Information both as a Data Processor and as a Data Controller, as defined by the GDPR.
In terms of the GDPR regulations, we are a “Data Processor” and our customers or the school administrators are the “Data Controllers” for student, parent and faculty data. In other words, Gradelink takes the information administrators, teachers, schools, districts or parents give us, and processes that for them. In the case of Gradelink, student data is added to the platform via administrators, teachers, schools, districts or students and parents — not by Gradelink itself, except in cases where the customer has requested, we import student data on their behalf. Whoever adds a student account to the Service is an adult representing that student and they are attesting they have the legal right to do so. Students cannot sign-up to Gradelink without such a representing administrating adult. It is the responsibility of that representative, or their employer, to make certain they have received all appropriate authorization from the student’s guardians according to their jurisdiction.
In terms of security, account holders are responsible for keeping their own accounts secure. As an administrator, one has access to student data. We recommend having a random and unique password, using a password manager, and changing the password often. We’ll work hard to keep your data safe, but it is the user’s responsibility to maintain the security of their account credentials.
When Information Is Disclosed
All Third Parties that we currently integrate with in terms of sharing student Personal Data are members of the Student Privacy Pledge (www.studentprivacypledge.org) and themselves agree to abide by the same broad restrictions and limitations set forth in this policy and generally remain consistent with the Student Privacy Pledge.
As such, we:
1) Do all that we reasonably can to ensure Personally Identifiable Information that is disclosed to us by our users and members is secure. We may provide Non-Personally Identifiable Information to our affiliates and other businesses or persons for the purposes of:
a) Processing such information on our behalf
b) Promoting our services or the services of our affiliates and partners, as permitted by applicable privacy law.
3) May share your Non-Personally Identifiable Information with third parties to illustrate Service user usage patterns or for any advertisement campaigns we may run, content we produce, the Service’s functionality, and other services we provide.
4) Must reserve the right to disclose Non-Personally Identifiable Information and Personally Identifiable Information to shield ourselves from liability, to investigate and defend any third party claims or allegations, to assist law enforcement agencies, to protect the security of the Service, and to protect the rights, property and safety of Gradelink, its members and users.
5) Cannot and will not be responsible for any breach of security by any third party or for any actions of any third party on the site that, despite our best efforts, receives any of the information that is disclosed to us.
Informed Choice Non-Disclosure
Information for California Residents
If you are a California resident, California law requires us to provide you with some additional information regarding how we collect, use, and share your “personal information” (as defined in the California Consumer Privacy Act (“CCPA”)). This information and the rights discussed below do not apply to information collected about our employees, former employees, candidates, contractors, service providers, or business contacts of Gradelink.
Categories of Personal Information We Collect, Use and Disclose
Throughout this Policy, we discuss in detail the specific pieces of information we collect from and about users and discuss how we use and share such information.
We may collect, use, and disclose for business purposes, the following categories of information about you or your use of the Products:
1) Identifiers (e.g., name, address, email address)
2) Device identifiers
3) Internet or other network or device activity (e.g., browsing history or app usage)
4) Location data
5) Physical characteristics or description (i.e., if you voluntarily submit a photo)
6) Educational data
7) Other information that identifies or can be reasonably associated with you.
How We Use These Categories of Personal Information
We use the categories of personal information we collect from and about you consistent with the various business purposes we discuss throughout this Policy
Sale of Personal Information
The CCPA sets forth certain obligations for businesses that “sell” personal information. We do not sell personal information and have not engaged in such activity in the past twelve months. We do share certain personal information with other entities as outlined in this Policy.
California residents can make certain requests about their personal information under the CCPA. Specifically, if you are a California resident, you may request that we:
1) Provide you with information about:
a) The categories of personal information we collect, disclose or sell about you
b) The categories of sources of such information
c) The business or commercial purpose for collecting or selling your personal information
d) The categories of third parties with whom we share personal information
e) Such information is also set forth in this policy
2) Provide access to and/or a copy of certain information we hold about you
3) Delete certain information we have about you
4) Provide you with information about the financial incentives that we offer to you, if any
California residents can also designate an authorized agent to make such requests on their behalf.
The CCPA further provides you with the right to not be discriminated against (as provided for in applicable law) for exercising your rights.
Please note that certain information may be exempt from such requests under California law. For example, we may need certain information for legal compliance, in order to provide the Services to you, or because we are acting at the direction of a school. We also will take reasonable steps to verify your identity before responding to a request.
If you would like further information regarding your legal rights under California law or would like to exercise any of them, please contact us at email@example.com.
Shine the Light Disclosure. Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to obtain certain information regarding our disclosure, if any, of certain categories of personal information to third parties for their direct marketing purposes in the preceding calendar year. We do not share personal information with third parties for their own direct marketing purposes.
Information for International Users
When you use the Services, you are consenting to have your data transferred to and processed in the United States. Please understand that Gradelink is subject to the investigatory and enforcement powers of the Federal Trade Commission of the United States. If your use of the Services or disclosure of certain information to Gradelink would violate any law that is applicable to you, your right to use the Services and/or disclose such information is revoked, as it is wherever use of the Services is prohibited by law (as described in the Terms of Service).
Choices about Your Information
You may have certain legal rights to access certain information held and the ability to request its deletion. For example, your local laws may permit you to request that the data controller:
1) Provide access to and/or a copy of certain information they have about you;
2) Prevent the processing of your information for direct-marketing purposes;
3) Update information which is out of date or incorrect;
4) Delete certain information which they have about you;
5) Restrict the way that they process and disclose certain of your information;
6) Transfer your information to a third-party provider of services; and
7) Revoke your consent for the processing of your information.
The data controller will consider all requests and provide our response within the time period stated by applicable law. Certain information may be exempt from such requests in some circumstances, which may include if the data controller needs to keep processing your information for their legitimate interests or to comply with a legal obligation. The data controller may request that you provide them with information necessary to confirm your identity before responding to your request.
If you would like further information in relation to your legal rights under applicable law or would like to exercise any of them, please contact us at firstname.lastname@example.org.
Privacy on Third Party Sites
The Service may contain or provide links to any number of other websites, including links to various third-party service providers, used for the purposes of providing information or processing your requests. Gradelink is not responsible for the privacy practices or the content of any of those websites. Please check those websites for privacy policies and read them thoroughly prior to using their website.
Google User Data
1) View the email addresses of students in your classes
2) View course work and grades for students in the Google Classroom classes taught and view the course work and grades for classes administered
3) View course work and grades in Google Classroom
4) View your Google Classroom class rosters
Further, Gradelink will not transfer this Google Classroom data to others unless doing so is necessary to provide and improve these features, comply with applicable law, or as part of a merger, acquisition, or sale of assets nor will Gradelink use this Google Classroom data for serving advertisements.
Policy Regarding Children Under the Age Of 13
Gradelink, as a data processor, does not knowingly collect or solicit personal information from anyone under the age of 13. Personal information is provided to the Data Controller, upon enrollment/re-enrollment, by a parent or legal guardian.
“Do Not Track”
Your browser may permit, or may even default, to transmitting a “Do Not Track” header to websites and online services you visit. There is currently no industry standard for what a website can, or should, do when a user transmits such a header. As a result, the Gradelink website, along with most other sites, does not recognize or modify its behavior as a result of the receipt of a “Do Not Track” header.
Social Networking Features
From time to time the Gradelink website will contain “buttons” that link to various social networking platforms. Additionally, Gradelink may maintain presences on various social networking platforms, which enable you to interact with us. These interactions range from communicating directly with Gradelink to “sharing” or “liking” content posted by Gradelink.
Gradelink has no current plans to sell or in any way transfer or cause to be transferred our ownership. To the extent that we can, we will only contract or sell to an entity that agrees to abide by the policies set forth here or, in the alternative, we will provide parents/students with an option to decline transferring their information to the successor entity.