Effective Date: June 15, 2016
By using the Services, you authorize us to access your SIS or receive Student Data or other information via SIS, Secure File Transfer Protocol (“SFTP”), or any other secure transfer method to provide you software integration services.
SECTION 2. AUTHORIZATION TO ACCESS YOUR STUDENT DATA
A. OUR ACCESSYou authorize us to access Student Data and will provide a way for us access the information stored in your SIS. We will access and process Student Data only in order to provide the Services. As between us, you own all right, title and interest to all Student Data, you are (and other Schools are) solely responsible for any and all Student Data, whether provided by you, students, or others, and we do not own, control, or license Student Data, except to provide the Services.
B. THIRD PARTY ACCESSYou may designate one or more third-party Developers to securely access Student Data via our API. We will not send Student Data to a Developer unless explicitly authorized by you. You acknowledge that we are not responsible for the data practices of third party Developers, and that, as between us, you are solely responsible for the consequences of providing or transmitting Student Data to such Developers, or authorizing those Developers to access Student Data through the Services. At any time, you can revoke any Developer’s ongoing access to Student Data via the API by contacting us at support@PREto3.com.
We provide access to Student Data only to those employees and certain trusted service providers who have a legitimate need to access such information in connection with providing the Services to you. Of course, anyone involved in the handling of Student Data will treat such data as strictly confidential and shall not redisclose such data except as necessary in order to provide the Services. We will maintain access log(s) that record all disclosures of or access to Student Data within our possession and will provide copies of those access log(s) to you on your request.
C. OTHER ACCESSStudent Data is controlled by Schools, and we cannot permit anyone else to delete or control Student Data or to transfer such content, or allow access to Student Data by parents or legal guardians; as such, we refer any data access requests to the applicable School.
SECTION 3. HOW WE USE YOUR STUDENT DATA
B. ANONYMIZED DATAYou agree that we may collect and use data derived from Student Data, including data about any Users’ access and use of the Services, that has been anonymized, aggregated, or otherwise de-identified such that the data cannot reasonably identify a particular student, User, or School. We may use such data to operate, analyze, improve or market our Services. If we share or publicly disclose information (e.g., in marketing materials) that is derived from Student Data, that data will be aggregated or anonymized to reasonably avoid identification of a specific School or individual student. For example, we may (i) track the number of School administrators on an anonymized aggregate basis as part of our marketing efforts to publicize the total number of Users of the Services, and (ii) analyze aggregated usage patterns for product development efforts. You further agree that we may use, store, transmit, distribute, modify, copy, display, sublicense, and create derivative works of the anonymized, aggregated Student Data even after this Agreement has expired or been terminated.
SECTION 4. DELETING STUDENT DATA AND TERMINATING YOUR ACCESS TO THE SERVICES
A. DELETING STUDENT DATAYou may request in writing that we delete any of your Student Data (except as provided for the Section 3(B) above) in our possession at any time. We will comply with your request in a commercially reasonable time not to exceed ten (10) business days. If you grant access to Student Data to a Developer and subsequently need that data deleted, you need to request such deletion directly from that Developer.
SECTION 5. PRIVACY AND SECURITYWe care deeply about the privacy and security of Student Data. We maintain strict administrative, technical, and physical safeguards to protect Student Data stored in our servers, which are located in the United States. We limit access to Student Data only to those employees or service providers who have a legitimate need to access such data in the performance of their duties, and we provide employee training on privacy and data security laws and best practices. If there is any disclosure or access to any personally identifiable Student Data by an unauthorized party, we will promptly notify any affected Schools and will use reasonable efforts to cooperate with their investigations of the incident. If the incident triggers any third party notice requirements under applicable laws, you agree that, as the owner of the Student Data, you may be responsible for the timing, content, cost, and method of any required notice and compliance with those laws. However, at the request of the School and when permissible under applicable law, PREto3 agrees to bear responsibility for the timing, content and method of such required notice on behalf of the Schools. In all instances, PREto3 will indemnify Schools for all reasonable costs associated with compliance with such notice requirements arising from a breach of the PREto3 Service. For clarity and without limitation, PREto3 will not indemnify for any notification costs arising from a breach of a third party application whose service is accessed through the PREto3 Service.
Thanks for reading!