Common use of DATA COLLECTION, PROCESSING, PRIVACY & SECURITY Clause in Contracts

DATA COLLECTION, PROCESSING, PRIVACY & SECURITY. The Parties understand and agree that use of the Application and associated services involves the receipt, processing, review, and analysis by Company of personally identifiable information of Customer’s Authorized Users (“Customer Data”). As between the Parties, Customer Data is, and remains, the property of Customer as controller of the Customer Data, and Company acts as service provider and processor of the Customer Data under this Agreement. Company confirms that it will use Customer Data solely to enable Company to provision and support its Applications and associated services and operations, to fulfill its obligations to Customer under and in accordance with this Agreement, and as provided under applicable law. Company covenants and agrees that it has and will at all times during the Term of this Agreement and while Company is in possession of Customer Data, maintain an information security program that includes reasonable and appropriate administrative, technical, physical, organizational and operational safeguards, and other security measures designed to safeguard Customer Data while in Company’s systems from unauthorized access, loss, misuse and/or alteration, consistent with standards in the educational technology service provider industry and the requirements of applicable law. Company agrees that it will restrict access to Customer Data to Company employees and authorized agents and providers who require access to such information to enable Company to provision and support its Applications and services to its customers, and who are under contractual obligations of confidentiality to Company. Company shall at all times be fully responsible to Customer under this Agreement for Company employees, authorized agents, and providers. If Customer is a U.S. school, U.S. school district, or U.S. state or federal agency, and Customer Data includes personally identifiable information about a student protected under the Family Educational Rights and Privacy Act of 1974, as amended (20 U.S.C. § 1232g et seq.) or other applicable state student educational records privacy law (“FERPA Protected Data”), Company covenants and agrees that shall use and process such FERPA Protected Data in compliance with FERPA and such applicable state student records privacy law. Customer agrees that Company shall be considered a “School Official” for its institution for purposes of the performance of services under this Agreement in accordance with FERPA, and Company shall provide reasonable assistance to Customer with respect to Customer’s compliance obligations thereunder. In addition to any other terms entered into between Customer and Company with respect to Company’s handling of Customer Data including FERPA Protected Data, Company shall process such Customer Data in accordance with Company’s Student Records Privacy Statement & Security Plan. If an Authorized User (that is not the Customer Enterprise Administrator), or if a parent, legal guardian, or student contacts Company with a request to review, modify, export, or delete Customer Data, or if an agency, court, law enforcement or other entity requests access to Customer Data, Company will (unless prohibited by writ or compulsory legal process) promptly direct the requesting individual or entity to contact the Customer, and/or notify Customer of the request, and thereafter, Company will use reasonable and good faith efforts to assist Customer in fulfilling any such requests, as directed by the Customer. Notwithstanding the foregoing or anything to the contrary, the Parties acknowledge and agree that, consistent with applicable law, Company may collect, use, analyze, and retain data generated through the use by Customer and Authorized Users of the Application and services from which all personally identifiable information and individually identifying attributes have been removed (“De-identified Data”) for benchmarking, development of best practices, improvement or development of Company’s educational products and services, and/or for educational research and statistical purposes, without reimbursement to or prior notice or authorization from Customer. Company agrees that it will not use or publish materials utilizing such De-identified Data in any way that identifies Customer or any Authorized User as the source of that data without the prior written consent of Customer or Authorized User. Company shall in no event attempt to re-identify De-identified Data or authorize others to do so.

DATA COLLECTION, PROCESSING, PRIVACY & SECURITY. The Parties understand and agree that use of the Application and associated services involves the receipt, processing, review, and analysis by Company of personally identifiable information of Customer’s Authorized Users (“Customer Data”). As between the Parties, Customer Data is, and remains, the property of Customer as controller of the Customer Data, and Company acts as service provider and processor of the Customer Data under this Agreement. Company confirms that it will use Customer Data solely to enable Company to provision and support its Applications and associated services and operations, to fulfill its obligations to Customer under and in accordance with this Agreement, and as provided under applicable law. Company covenants and agrees that it has and will at all times during the Term of this Agreement and while Company is in possession of Customer Data, maintain an information security program that includes reasonable and appropriate administrative, technical, physical, organizational and operational safeguards, and other security measures designed to safeguard Customer Data while in Company’s systems from unauthorized access, loss, misuse and/or alteration, consistent with standards in the educational technology service provider industry and the requirements of applicable law. Company agrees that it will restrict access to Customer Data to Company employees and authorized agents and providers who require access to such information to enable Company to provision and support its Applications and services to its customers, and who are under contractual obligations of confidentiality to Company. Company shall at all times be fully responsible to Customer under this Agreement for Company employees, authorized agents, and providers. If Customer is a U.S. school, U.S. school district, or U.S. state or federal agency, and Customer Data includes personally identifiable information about a student protected under the Family Educational Rights and Privacy Act of 1974, as amended (20 U.S.C. § 1232g et seq.) or other applicable state student educational records privacy law (“FERPA Protected Data”), Company covenants and agrees that shall use and process such FERPA Protected Data in compliance with FERPA and such applicable state student records privacy law. Customer agrees that Company shall be considered a “School Official” for its institution for purposes of the performance of services under this Agreement in accordance with FERPA, and Company shall provide reasonable assistance to Customer with respect to Customer’s compliance obligations thereunder. In addition to any other terms entered into between Customer and Company with respect to Company’s handling of Customer Data including FERPA Protected Data, Company shall process such Customer Data in accordance with Company’s Student Records Privacy Statement & Security Plan. Company considers all Student Data to be strictly confidential, and Company’s collection, use and sharing of Student Data is governed by this Agreement and any applicable laws and regulations including, in the U.S., provisions of FERPA, as well as the Children's Online Privacy Protection Act ("COPPA") and applicable state laws, including without limitation the Illinois Student Online Personal Protection Act (SOPPA). For purposes of this Agreement, "Student Data" is defined as personal information that is directly related to an identifiable student and may include "educational records" as defined by FERPA. If an Authorized User (that is not the Customer Enterprise Administrator), or if a parent, legal guardian, or student contacts Company with a request to review, modify, export, or delete Customer Data, or if an agency, court, law enforcement or other entity requests access to Customer Data, Company will (unless prohibited by writ or compulsory legal process) promptly direct the requesting individual or entity to contact the Customer, and/or notify Customer of the request, and thereafter, Company will use reasonable and good faith efforts to assist Customer in fulfilling any such requests, as directed by the Customer. Notwithstanding the foregoing or anything to the contrary, the Parties acknowledge and agree that, consistent with applicable law, Company may collect, use, analyze, and retain data generated through the use by Customer and Authorized Users of the Application and services from which all personally identifiable information and individually identifying attributes have been removed (“De-identified Data”) for benchmarking, development of best practices, improvement or development of Company’s educational products and services, and/or for educational research and statistical purposes, without reimbursement to or prior notice or authorization from Customer. Company agrees that it will not use or publish materials utilizing such De-identified Data in any way that identifies Customer or any Authorized User as the source of that data without the prior written consent of Customer or Authorized User. Company shall in no event attempt to re-identify De-identified Data or authorize others to do so.