At eScholar, we understand that we have a great responsibility as a vendor serving the education field. eScholar serves many education agencies and our data management solutions have an impact on over 20 million students. The proper handling of our client’s data, including student data, is a top priority for us.
As a firm that designs, develops and licenses enterprise data management software to education agencies, the contracts we have with our customers provide us with clarity and specificity concerning our customer’s expectations and our responsibilities, including the care and handling of data.
eScholar provides support for our customers when they license our products. Customers that deploy eScholar software on their own agency’s servers can be assured that their data is completely under their agency’s control. Their data is not transmitted to, or stored, on eScholar servers. Only a small fraction of agencies also contract with eScholar to host their data. Only in those cases does eScholar host any education data. The hosting provisions of those contracts contain clear language dictating the policies and procedures regarding access to and handling of those data.
eScholar conducts training for all its staff members on the proper handling of customer data and the Family Educational Rights and Privacy Act (FERPA) regulations. All staff members must pass an annual test to make sure that they keep current with both eScholar and customer policies and procedures regarding the handling of customer data. Though this is not required by law, we conduct this training because we understand the significance of our responsibilities. We regularly review our policies and procedures to ensure compliance to federal and state laws and security best practices. eScholar is also one of the signatories of the Student Privacy Pledge, which commits eScholar to carry out responsible stewardship and appropriate use of student data according to the pledge and all laws.
The ethical use of data is paramount for the protection of privacy, and the use of data in education is no exception. As a vendor and leader in providing technology solutions for education, eScholar has a firm commitment to our customers and stakeholders, including students, parents, and teachers, not to use the data for any purpose other than to meet our contractual obligations to our customers. In no case will the data ever be used for advertising or marketing purposes.
If you have any questions or concerns regarding our privacy policies, please reach out to us directly at firstname.lastname@example.org.
We collect the following types of personal data for the purposes listed below. You may choose not to provide us with any personal information, but you will not be able to access portions of the site that require personal information. For purposes of the eu general data protection regulation, 2016/679 (the “GDPR“), and certain other applicable laws, we act as a data controller with respect to the personal information described below.
Description and Purpose
If you contact us or submit a question via our Site, or otherwise inquire about our business, we will collect your name, email address, and phone number.
We process Contact Information to operate our business, to respond to your request, to ensure the privacy and security of our Site and operations, to maintain our databases and back-ups, to manage our relationships with you, to communicate with you, and to keep records of our communications with you. The legal basis for this processing is consent or, where applicable, our legitimate interests in the proper administration of our Site and business, the proper management of our business relationships, and the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
Communications and Inquiries
If you contact us, in addition to your Contact Information, we will receive the subject matter of your message and any comments, content, or other information that you choose to provide.
We process Communications and Inquiries to operate our business, to respond to your request, to ensure the privacy and security of our Site and operations, to maintain our databases and back-ups, to manage our relationships with you, to communicate with you, and to keep records of our communications with you. The legal basis for this processing is consent or, where applicable, our legitimate interests in the proper administration of our Site and business, the proper management of our business relationships, and the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
Job Application Information
If you apply for a job position through our Site, we collect the information disclosed in our Job Applicant Privacy Notice, which supplements this Policy. We process job application information for the purposes disclosed in the Job Applicant Privacy Notice.
The legal basis for this processing is our legitimate interests in the proper administration of our Site and business, and, where applicable, taking steps, at your request, to enter into a contract.
Cookies and Similar Technologies
We process Cookies and Similar Technologies to operate the Site, to serve you the content and functionality you request, to ensure the privacy and security of our Site, to develop new services, to enhance your experience and provide you with a more personal and interactive experience, and for usage analytics purposes. Where required by law, we rely on your express opt-in consent for the use of marketing, performance, and analytic cookies and similar technologies. The legal basis for processing of strictly necessary cookies is our legitimate interests in the proper administration of our Site and business.
Device and Usage Information
When you visit the Site, we automatically collect information from your browser and your device, which includes the date and time of your visit as well as your location, Internet Protocol (IP) address or unique device identifier, domain server, browser type, access time, and data about which pages you visit.
We process Device and Usage Information to operate the Site, to serve you the content and functionality you request, to ensure the privacy and security of our Site, to develop new services, to enhance your experience and provide you with a more personal and interactive experience, and for usage analytics purposes. The legal basis for this processing is our legitimate interests in monitoring and improving our Site.
Other Processing Activities. We may also process personal information when necessary for the following:
We may process your personal information in connection with any of the purposes and uses described in this Policy on one or more of the following legal grounds:
We do not use personal information for making any automated decisions affecting or creating profiles other than as described herein.
Location of Processing. Although based in Canada, we also have operations in the United States, and personal information may be transferred to, stored, and processed in Canada, the United States, and other countries in which we or our affiliates, partners, service providers, or agents maintain facilities. By sending us personal information or using the Site, you agree and consent to the processing of your personal information in locations such as the United States, which may not offer the levels of protection required in other countries. We rely on recognized legal bases to lawfully conduct cross-border/international transfers of personal information, such as express consent, when transfer is necessary for us to deliver services pursuant to an agreement, or when the transfer is subject to safeguards that assure the protection of the personal information.
Cookies and Similar Technologies
First and Third-Party Cookies
A “cookie” is a small file created by a web server that can be stored on your device (if you allow) for use either during a particular browsing session (a “session” cookie) or a future browsing session (a “persistent” cookie). “Session” cookies are temporarily stored on your device and remain there until they expire at the end of your browsing session. “Persistent” cookies remain stored on your device until they expire or are deleted by you. Local shared objects (or “flash” cookies) are used to collect and store information about your preferences and navigation to, from, and on a website. First-party cookies are set by the website you are visiting, and they can only be read by that site. Third-party cookies are set by a party other than that website.
Other Similar Technologies
In addition to cookies, there are other data collection technologies, such as Internet tags, web beacons, pixels (clear gifs, pixel tags, and single-pixel gifs), and navigational data collection (log files, server logs, etc.) that can be used to collect data as you navigate through and interact with a website. For example, web beacons are tiny graphics with unique identifiers that are used to understand browsing activity. UTM codes are strings that can appear in a URL when you move from one web page or website to another. The string can represent information about your browsing, such as which advertisement, page, or publisher sent you to the receiving website.
What Cookies and Similar Technologies Are in Use and Why Do We Use Them?
The cookie is used by Google Analytics to calculate visitor, session, and campaign data and to keep track of site usage for the Site’s analytics report. The cookie stores information anonymously and assigns a randomly generated number to identify unique visitors.
This cookie is used to distinguish users.
The cookie is used by Google Analytics to store information about how visitors use the Site, and it helps create an analytics report about how the Site is performing. The data collected includes the number of visitors, where the visitor access the page from, and the pages visited by the visitor in an anonymous form.
Used to store information about the time a sync with the lms_analytics cookie took place for users in the designated countries
LinkedIn Ads ID syncing
Browser Identifier cookie to uniquely identify devices accessing LinkedIn to detect abuse on the platform
Used to remember a user’s language setting
Used to make a probabilistic match of a user’s identity outside the designated countries
To optimize data center selection
Used to identify LinkedIn Members off LinkedIn in the designated countries for advertising
Used to identify LinkedIn Members in the designated countries for analytics
We retain and use your personal information for as long as is necessary to fulfill the purposes for which it was collected, to comply with our business requirements and legal obligations, to resolve disputes, to protect our assets, to provide our services, and to enforce our agreements.
We take reasonable steps to delete the personal information we collect when (1) we have a legal obligation to do so, (2) we no longer have a purpose for retaining the information, and (3) if you ask us to delete your information, unless we determine that doing so would violate our existing, legitimate legal, regulatory, dispute resolution, contractual, or similar obligations. We may also decide to delete your personal information if we believe it is incomplete, inaccurate, or that our continued storage of your personal information is contrary to our legal obligations or business objectives.
To the extent permitted by law, we may retain and use anonymous, de-identified, and aggregated information for performance reporting, benchmarking, and analytic purposes and for product and service improvement. When we delete data, it will be removed from our active servers and databases; but, it may remain in our archives when it is not practical or possible to delete it.
We are required by law to maintain records of consumer requests submitted under the California Consumer Privacy Act and how we responded to such requests for at least 24 months. We only use this information for recordkeeping purposes.
We have put security measures in place to protect personal information from being accidentally lost, used, altered, or disclosed or accessed in an unauthorized manner and to detect fraudulent identify-verification activity, including when transmitting personal information in response to data subject requests. From time to time, we review our security procedures to consider appropriate new technologies and methods.
However, no security system is perfect, and no data transmission is 100% secure. As a result, while we strive to protect personal data, we cannot guarantee or warrant the security of any information transmitted to or from the Site or services. Your use of the Site is at your own risk. We cannot guarantee that your data will remain secure in all circumstances.
If a data breach compromises your personal information, we will notify you and any applicable regulator when we are required to do so by applicable law.
Please use the “Contact Us” details at the end of this Policy to exercise your rights and choices under this Policy.
Email Preferences. If you no longer wish to receive communications from us via email, you may opt-out by clicking the “unsubscribe” link at the bottom of our emails or by contacting us via the “Contact Us” details at the end of this Policy and providing your name and email address so that we may identify you in the opt-out process. Once we receive your instruction, we will promptly take corrective action.
Accuracy and Updating Your Personal Information. Our goal is to keep your personal information accurate, current, and complete. If any of the personal information you have provided to us changes, please update it in your user/account profile, or let us know via the “Contact Us” details at the end of this Policy. We are not responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal data that you provide to us.
Complaints. If you believe that your rights relating to your personal information have been violated, you may lodge a complaint with us by contacting us via the “Contact Us” details at the end of this Policy.
Individual Rights. You may have certain rights relating to your personal data under local data protection laws, and we discuss the rights provided in various jurisdictions below. We honor individuals’ rights where required under applicable law, and, depending on the applicable laws, these rights may include the right to:
All requests should be sent to us at the contact details noted in the “Contact Us” section of this Policy. Your personal information may be processed in responding to these rights. If you are exercising a right that is the responsibility of a third party, including one of our affiliates, we will direct you to contact the appropriate data controller who is responsible for responding to your request.
Right of Access. To the extent required by law, you have the right to receive confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the following information: the purposes of the processing; the categories of personal data concerned; and the recipients or categories of recipient to whom the personal data have been or will be disclosed. We will provide a copy of your personal information in compliance with applicable law.
Right of Rectification. Our goal is to keep your personal information accurate, current, and complete. Please contact us if you believe your information is not accurate or if it changes.
Right to Erasure. In some cases, you have a legal right to request that we delete your personal information when (1) it is no longer necessary for the purposes for which it was collected, (2) consent has been withdrawn in certain instances, (3) you have objected to the processing in certain instances, (4) the personal information has been unlawfully processed, (5) the personal data have to be erased for compliance with a legal obligation; and (6) the personal data were collected in relation to the offer of information society services. However, the right is not absolute. When we delete personal information, it will be removed from our active servers and databases; but, it may remain in our archives when it is not practical or possible to delete it. We may also retain your personal information as needed to comply with our legal obligations, resolve disputes, or enforce any agreements.
Right to Restrict Processing. You have the right to restrict the processing of your data when (1) the accuracy of the personal data is contested, for a period enabling the controller to verify the accuracy of the personal data; (2) the processing is unlawful and you oppose erasure and request a restriction instead; (3) we no longer need the personal data, but you need us to keep it for the establishment, exercise, or defense of legal claims; or (4) you have objected to us processing the personal information, pending resolution of the objection.
Right to Object. In certain circumstances, you have the right to object to the processing of your personal information where the processing is necessary for performance of a task carried out in the public interest, for our legitimate interests, or for the legitimate interests of others. You also have the right to object where personal data are processed for direct marketing purposes or for scientific or historical research purposes or statistical purposes.
Right to Withdraw Consent. If you have provided your consent to the collection, processing, and transfer of your personal information, you may have the right to fully or partially withdraw your consent. Once we have received notice that you have withdrawn your consent, in whole or in part, we will no longer process your information for the purpose(s) to which you originally consented and have since withdrawn unless there are compelling legitimate grounds for further processing that override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. Withdrawal of consent to receive marketing communications will not affect the processing of personal information for the provision of our services.
Right to Complain. If you believe we have not processed your personal information in accordance with applicable law, we encourage you to contact us at email@example.com. You may also have the right to make a complaint to an applicable Supervisory Authority or seek a remedy through the courts. A list of Supervisory Authorities for residents of the EU or EEA is available at: https://edpb.europa.eu/about-edpb/board/members_en. If you need further assistance regarding your rights, please contact us using the contact information provided below and we will consider your request in accordance with applicable law.
Nevada residents may submit a verified request to us at firstname.lastname@example.org to request that we not make any sale (as defined under Nevada law) of any covered information (as defined under Nevada law) that we have collected or will collect about you. Please provide your name and contact information in your request, and we will respond to your request in accordance with Nevada law.
All terms used in this section shall have the meanings given in the California Consumer Privacy Act, as amended (“CCPA”), when applicable.
CCPA Notice at Collection. We collect and process personal information for as described in the “How Do We Collect and Use Personal Information” section of this Policy. The relevant CCPA categories for this information are listed below. We may provide a separate notice at collection if we collect additional information or intend to use information for additional purposes.
For purposes of the CCPA, Contact Information includes the following categories of personal information:
Job Application Information
For purposes of the CCPA, Job Application Information includes the following categories of personal information:
Communications and Inquiries
For purposes of the CCPA, Communications and Inquiries includes the following categories of personal information:
Cookies and Similar Technologies
For purposes of the CCPA, Cookies and Similar Technologies includes the following categories of personal information:
Device and Usage Information
For purposes of the CCPA, Device and Usage Information includes the following categories of personal information:
Data Practices During Last 12 Months. The disclosures below describe our data practices during the last twelve months:
No Financial Incentive. We do not offer financial incentives or any price or service difference in exchange for the retention or sale of your personal information.
Do Not Sell or Share My Personal Information. Under the CCPA, you have the right to direct us to stop selling or sharing your personal information to third parties and to refrain from doing so in the future. For purposes of the CCPA, we do not sell or share personal information as defined under applicable law.
Limited Use of Sensitive Information. We only use or disclose sensitive personal information for purposes permitted by the CCPA and to which the right to limit does not apply.
CCPA Individual Rights. California consumers have the rights described below. However, these rights do not apply in all instances and are subject to certain exceptions as a matter of law. By way of example, these rights do not apply where we collect or sell a consumer’s personal information if: (1) we collected that information while the consumer was outside of California, (2) no part of a sale of the consumer’s personal information occurred in California, and (3) no personal information collected while the consumer was in California is sold.
Request to Know. As a California resident, you have the right to request: (1) the specific pieces of personal information we have collected about you; (2) the categories of personal information we have collected about you; (3) the categories of sources from which the personal information is collected; (4) the categories of personal information about you that we have sold or shared and the categories of third parties to whom the personal information was sold or shared; (5) the categories of personal information about you that we disclosed for a business purpose and the categories of third parties to whom the personal information was disclosed for a business purpose; (6) the business or commercial purpose for collecting, disclosing, selling, or sharing personal information; and (7) the categories of third parties to whom we disclose personal information. Our response will cover the 12-month period preceding our receipt of a verifiable request unless a longer period is requested by you.
Request to Delete. As a California resident, you have a right to request the erasure/deletion of certain personal information collected or maintained by us. As described herein, we will delete your personal information from our records and notify any service providers and contractors (as defined under applicable law) to delete your personal information from their records. However, we are not required to honor a deletion request if an exemption applies under the law.
Right to Correct. As a California resident, you have a right to correct inaccuracies in your personal information, taking into account the nature of the personal information and the purposes for which we process the personal information. We will use commercially reasonable efforts to correct the inaccurate personal information as directed by you.
Right to Limit Use and Disclosure. As a resident of California, you have the right to limit our use and disclosure of your sensitive personal information to that use which is necessary to perform our services and provide our goods as requested by you, or as otherwise permitted by law. We only use or disclose sensitive personal information for purposes permitted by the CCPA and to which the right to limit does not apply.
Right to Opt Out. As a resident of California, you have the right to direct us to stop selling or sharing your personal information to third parties and to refrain from doing so in the future. For purposes of this right, we do not sell or share personal information as defined under applicable law.
Submission Process. You may submit a request to exercise one of the above rights via a toll-free telephone call to 1-888-847-7747 or by email to email@example.com. If a request is submitted in an incorrect manner or if it is deficient, we will either (1) treat the request as if it had been submitted via the designated manner, or (2) provide you with specific directions on how to submit the request or remedy any deficiencies, as applicable.
Verification Process. We are required to verify the identities of those who submit requests to exercise the above rights. To determine whether the individual making the request is the consumer about whom we have collected information, we will verify your identity by matching the identifying information provided by you in the request to the personal information that we already maintain about you. As a part of this process, you will be required to provide your name, address, and telephone number. We will inform you if we cannot verify your identity.
Authorized Agents. Authorized agents may submit requests via the methods identified in this Policy. If you use an authorized agent to submit a request to know or a request to delete, we may require: (1) the authorized agent to provide proof that you gave the agent signed permission to submit the request; (2) you to verify your identity directly with us; and (3) you to directly confirm with us that you provided the authorized agent permission to submit the request. However, we will not require these actions if you have provided the authorized agent with power of attorney pursuant to the California Probate Code.
Excessive Requests. If requests from a consumer are manifestly unfounded or excessive, in particular because of their repetitive character, we may either (1) charge a reasonable fee, or (2) refuse to act on the request and notify the consumer of the reason for refusing the request. If we charge a fee, the amount will be based upon the administrative costs of providing the information or communication or taking the action requested.
Non-Discrimination. You have the right not to receive discriminatory treatment by us due to your exercise of the rights provided by the CCPA. We do not offer financial incentives and price or service differences, and we do not discriminate against consumers, employees, applicants, or independent contractors for exercising their rights under the CCPA.
California Shine the Light. Under California Civil Code Section 1798.83, California residents who provide personal information in obtaining products or services for personal, family, or household use may be entitled to request and obtain from us once a calendar year information about the information we shared, if any, with other businesses for direct marketing uses. At present, we do not share your personal information with third parties for those third parties’ direct marketing purposes. Please be aware that not all information sharing is covered by the “Shine the Light” requirements and only information on covered sharing, if any, will be included in our response. As part of the California Online Privacy Protection Act, all users of our Site may make any changes to their information at any time by contacting us at firstname.lastname@example.org.
This Policy does not apply to any third-party websites or applications. The Site may contain links to, and media or other content from, third parties. These links are to external resources and third parties that have their own privacy policies. Because of the dynamic media capabilities of the Site, it may not be clear which links are to external, third-party resources. If you click on a third-party link, you will be redirected away from the Site. You can check the URL to confirm whether you have left the Site.
We cannot and do not (1) guarantee the adequacy of the privacy or security practices employed by or the content and media provided by any third parties or their websites, (2) control third parties’ independent collection or use or your information, or (3) endorse any third-party information, products, services or websites that may be reached through embedded links on the Site.
Our Site, products, and services are not directed to children under the age of 13, nor is information knowingly collected from children under the age of 13. No one under the age of 13 may access, browse, or use the Site or provide any information to us. If we learn that we have collected or received personal information from a child under the age of 13 without a parent’s or legal guardian’s consent, we will take steps to stop collecting that information and delete it. If you believe we have any received information from a child under the age of 13, please contact us using the “Contact Us” details provided below.
For more information about COPPA, please visit the Federal Trade Commission’s website at: https://www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/childrens-online-privacy-protection-rule.
We may add to, change, update, or modify this Policy from time to time. We will post all changes to this Policy on this page, and the updated policy will be effective immediately upon posting. If we make material changes, we will also notify you through a notice on the homepage of the Site for a reasonable period of time. We may also, in our discretion, notify you of changes to this Policy via email.
You are expected to, and you acknowledge and agree that it is your responsibility to, carefully review this Policy prior to using the Site, and from time to time, so that you are aware of its current terms. Your continued use of the Site after the “Last Updated” date will constitute your acceptance of and agreement to any changes and to our collection and sharing of your information according to the then-current Policy. If you do not agree with this Policy and our practices, you should not use the Site.
If you have any questions or concerns, wish to exercise your rights, or want to submit a complaint, please contact us using the information below, and we will do our best to assist you.
In Writing: 1 Antares Drive, Suite 100, Ottawa ON, K2E 8C4
By Email: email@example.com
Telephone: 1 (888) 847-7747