Data include all Personally Identifiable Information (PII) and other non-public information. Data include, but are not limited to, student data, metadata, and user content.
Provider may use de-identified Data for product development, research, or other purposes. De-identified Data will have all direct and indirect personal identifiers removed. This includes, but is not limited to, name, ID numbers, date of birth, demographic information, location information, and school ID. Furthermore, Provider agrees not to attempt to re-identify de-identified Data and not to transfer de-identified Data to any party unless that party agrees not to attempt re-identification.
Provider will not use any Data to advertise or market to students. Advertising or marketing maybe directed to the Client only if student information is properly de-identified.
Provider will not change how Data are collected, used, or shared in any way without advance notice to and consent from the Client.
Provider will only collect Data necessary to fulfill its duties as outlined in the service description.
Provider will use Data only for the purpose of fulfilling its duties and providing services under this Agreement, and for improving services under this Agreement.
Provider is prohibited from mining Data for any purposes other than those agreed to by the parties. Data mining or scanning of user content for the purpose of advertising or marketing is prohibited.
Data cannot be shared with any additional parties without prior written consent of the User except as required by law.
Provider will ensure that all Data in its possession and in the possession of any subcontractors, or agents to which the Provider may have transferred Data, are destroyed or transferred to the Client under the direction of the Client when the Data are no longer needed for their specified purpose, at the request of the Client.
Parties agree that all rights, including all intellectual property rights, shall remain the exclusive property of the Client, and Provider has a limited, nonexclusive license solely for the purpose of performing its obligations to the Client. This Agreement does not give Provider any rights, implied or otherwise, to Data, content, or intellectual property, except as expressly stated in the Agreement. This includes the right to sell or trade Data.
Any Data held by Provider will be made available to the Client upon request by the Client.
Provider will store and process Data in accordance with industry best practices. This includes appropriate administrative, physical, and technical safeguards to secure Data from unauthorized access, disclosure, and use. Provider will conduct periodic risk assessments and remediate any identified security vulnerabilities in a timely manner. Provider will also provide prompt notification of the Client in the event of a security or privacy incident, as well as best practices for responding to a breach of PII.