Common use of Disposition of Data Clause in Contracts

Disposition of Data. Provider shall dispose or delete all personally identifiable data obtained under the DPA when it is no longer needed for the purpose for which it was obtained and transfer/migrate said data to LEA or LEA’s designee within sixty (60) days of the date of termination and according to a schedule and procedure as the Parties may reasonably agree in a readable and usable format. This copy of all Student Data will be provided in a standard format with standard delimiters and a matching data dictionary, mutually agreeable and sufficient to enable efficient transfer of the Student Data to a new system. It must include all Student Data which may have been re-disclosed to or held by subprocessors or agents of the Provider. Nothing in the DPA authorizes Provider to maintain personally identifiable data obtained under any other writing beyond the time period reasonably needed to complete the disposition. Disposition shall include (1) the shredding of any hard copies of any Pupil Records; (2) Erasing; or (3) Otherwise modifying the personal information in those records to make it unreadable or indecipherable. Permanent destruction of this Confidential Data must be non-recoverable and meet DoD standard 5220.22-M and processes recommended by NIST Special Publication 800-88. Provider shall provide written notification to LEA when the Data has been disposed within ninety (90) days. The duty to dispose of Student Data shall not extend to data that has been de-identified or placed in a separate Student account, pursuant to the other terms of the DPA. The LEA may employ a “Request for Return or Deletion of Student Data” FORM, A Copy of which is attached hereto as Exhibit “D”). Upon receipt of a request from the LEA, the Provider will immediately provide the LEA with any specified portion of the Student Data within three (3) calendar days of receipt of said request. The Provider shall ensure that such transfer/migration uses facilities and methods that are compatible with the relevant systems of the LEA or its transferee, and to the extent technologically feasible, that the LEA will have reasonable access to Student Data during the transition.

Disposition of Data. Upon written request from LEA during the term of the Service Agreement, Provider shall dispose or delete all personally identifiable data Student Data obtained under the DPA when it is no longer needed for the purpose for which it was obtained and transfer/migrate said data to obtained. LEA or LEA’s designee within sixty shall have thirty (6030) days after termination or expiration (whichever is earlier) of the date of termination and according its Service Agreement with Provider to notify Provider in writing that LEA wishes Provider to make available or otherwise transfer data in either a schedule and procedure as the Parties may reasonably agree in a readable and usable CSV or other mutually-agreeable format. This copy of After such thirty (30) day time period has expired, Provider shall use commercially reasonable efforts to dispose or delete all Student Data will be provided in a standard format with standard delimiters and a matching data dictionary, mutually agreeable and sufficient to enable efficient transfer of obtained under the Student Data to a new system. It must include all Student Data which may have been re-disclosed to or held by subprocessors or agents of the ProviderService Agreement. Nothing in the DPA authorizes Provider to maintain personally identifiable data obtained under any other writing beyond the time period reasonably needed to complete the disposition. Disposition shall include commercially reasonable efforts to complete: (1) the shredding of any hard copies of any Pupil Records; (2) Erasing; or (3) Otherwise modifying the personal information in those records to make it unreadable or indecipherable. Permanent destruction of this Confidential Data must be non-recoverable and meet DoD standard 5220.22-M and processes recommended by NIST Special Publication 800-88. Provider shall provide written notification to LEA when the Data has been disposed within ninety (90) daysdisposed. The duty to dispose of Student Data shall not extend to data that has been de-identified or placed in a separate Student account, pursuant to the other terms of the DPA. The LEA may employ a “Request for Return or Deletion of Student Data” FORM, A Copy of which is attached hereto as Exhibit “D”). Upon receipt of a written request from the LEA, the Provider will immediately provide the LEA with any specified portion of the Student Data within three fourteen (314) calendar days of receipt of said request. The Provider shall ensure that such transfer/migration uses facilities and methods that are compatible with the relevant systems of the LEA or its transferee, and to the extent technologically feasible, that the LEA will have reasonable access to Student Data during the transition.

Disposition of Data. To the extent feasible, Provider shall dispose or delete all personally identifiable data obtained under Student Data and Teacher Data stored by Provider pursuant to the DPA Underlying Agreement when it is no longer needed for the purpose for which it was obtained obtained, and transfer/migrate transfer said data in a standard data format to LEA or LEA’s designee within sixty (60) days of on the date of termination and of the Underlying Agreement according to a schedule and procedure as the Parties may reasonably agree in agree. Upon a readable and usable format. This copy written request of all the LEA, except for backups, the Provider will dispose or delete Student Data will be provided in a standard format with standard delimiters and a matching data dictionary, mutually agreeable and sufficient to enable efficient transfer of the Student Teacher Data to a new system. It must include all Student Data which may have been re-disclosed to or held by subprocessors or agents of the Providerwithin sixty days. Nothing in the DPA authorizes Provider to maintain personally identifiable data obtained under any other writing beyond the time period reasonably needed to complete the disposition, except for backups as outlined below. Disposition shall include (1) the shredding of any hard copies of any Pupil Records; (2) Erasing; or (3) Otherwise modifying the personal information in those records to make it unreadable or indecipherable. Permanent destruction of this Confidential Data must be non-recoverable and meet DoD standard 5220.22-M and processes recommended by NIST Special Publication 800-88. Provider shall provide written notification to LEA when the Student Data and Teacher Data has been disposed within ninety (90) daysdisposed. The duty to dispose of Student Data and Teacher Data shall not extend to data that has been de-identified or placed in a separate Student account, pursuant to the other terms of the DPA. All backups will be deleted within one year. Backups will receive the same protections as all other Student Data under this DPA and the LEA may request in writing at any time the status of backups. The LEA may request within one year of termination of this DPA, the status of a backup and may request deletion of any restored LEA data. The LEA may employ a “Request Directive for Return or Deletion Disposition of Student Data” FORMform, A Copy a copy of which is attached hereto as Exhibit “D”). Upon receipt of a request from the LEA, the Provider will immediately provide the LEA with any specified portion of the Student Data or Teacher Data in a standard file format within three ten (310) calendar business days of receipt of said request. The Provider shall ensure that such transfer/migration uses facilities and methods that are compatible with the relevant systems of the LEA or its transferee, and to the extent technologically feasible, that the LEA will have reasonable access to Student Data during the transition.

Disposition of Data. To the extent feasible, Provider shall dispose or delete all personally identifiable data obtained under Student Data and Teacher Data stored by Provider pursuant to the DPA Underlying Agreement when it is no longer needed for the purpose for which it was obtained obtained, and transfer/migrate transfer said data in a standard data format to LEA or LEAXXX’s designee within sixty (60) days of on the date of termination and of the Underlying Agreement according to a schedule and procedure as the Parties may reasonably agree in agree. Upon a readable and usable format. This copy written request of all the LEA, except for backups, the Provider will dispose or delete Student Data will be provided in a standard format with standard delimiters and a matching data dictionary, mutually agreeable and sufficient to enable efficient transfer of the Student Teacher Data to a new system. It must include all Student Data which may have been re-disclosed to or held by subprocessors or agents of the Providerwithin sixty days. Nothing in the DPA authorizes Provider to maintain personally identifiable data obtained under any other writing beyond the time period reasonably needed to complete the disposition, except for backups as outlined below. Disposition shall include (1) the shredding of any hard copies of any Pupil Records; (2) Erasing; or (3) Otherwise modifying the personal information in those records to make it unreadable or indecipherable. Permanent destruction of this Confidential Data must be non-recoverable and meet DoD standard 5220.22-M and processes recommended by NIST Special Publication 800-88. Provider shall provide written notification to LEA when the Student Data and Teacher Data has been disposed within ninety (90) daysdisposed. The duty to dispose of Student Data and Teacher Data shall not extend to data that has been de-identified or placed in a separate Student account, pursuant to the other terms of the DPA. All backups will be deleted within one year. Backups will receive the same protections as all other Student Data under this DPA and the LEA may request in writing at any time the status of backups. The LEA may request within one year of termination of this DPA, the status of a backup and may request deletion of any restored LEA data. The LEA may employ a “Request Directive for Return or Deletion Disposition of Student Data” FORMform, A Copy a copy of which is attached hereto as Exhibit “D”). Upon receipt of a request from the LEA, the Provider will immediately provide the LEA with any specified portion of the Student Data or Teacher Data in a standard file format within three ten (310) calendar business days of receipt of said request. The Provider shall ensure that such transfer/migration uses facilities and methods that are compatible with the relevant systems of the LEA or its transferee, and to the extent technologically feasible, that the LEA will have reasonable access to Student Data during the transition.

Disposition of Data. a. Upon written request from the LEA, Provider shall dispose or delete all personally identifiable data of Student Data obtained under the DPA Service Agreement. Provider shall respond to such a request for disposition in a reasonably timely manner (and pursuant to any time frame required under state law). Upon termination of the Service Agreement, if no written request from the LEA is received, individual user accounts will remain open and available for use for other educational purposes. The LEA may employ a “Directive for Disposition of Data” form, a copy of which is attached hereto as Exhibit “D”. If the LEA and Provider employ Exhibit “D,” no further written request or notice is required on the part of either party prior to the disposition of Student Data described in Exhibit “D." b. In addition to complying with disposition requests made by the LEA, Provider may dispose of Student Data: (i) when it the Student Data is no longer needed for the purpose for which it was obtained and transfer/migrate said data to LEA or LEA’s designee within sixty (60) days of the date of termination and according to a schedule and procedure as the Parties may reasonably agree in a readable and usable format. This copy of all Student Data will be provided in a standard format with standard delimiters and a matching data dictionary, mutually agreeable and sufficient to enable efficient transfer of the Student Data to a new system. It must include all Student Data which may have been re-disclosed to or held by subprocessors or agents of the Provider. Nothing in the DPA authorizes Provider to maintain personally identifiable data obtained under any other writing beyond the time period reasonably needed to complete the disposition. Disposition shall include (1) the shredding of any hard copies of any Pupil Recordsreceived; (2ii) Erasingin accordance with its disposition policy; or (3iii) Otherwise modifying the personal information in those records to make it unreadable or indecipherable. Permanent destruction of this Confidential Data must be non-recoverable and meet DoD standard 5220.22-M and processes recommended as required by NIST Special Publication 800-88. Provider shall provide written notification to LEA when the Data has been disposed within ninety (90) days. law. c. The duty to dispose of Student Data shall not extend to data Student Data that has been deDe-identified Identified or placed in an account controlled by a separate Student account, student or their parent pursuant to the other terms of the DPA. The LEA may employ a “Request for Return or Deletion Section II 3. d. Prior to disposition of Student Data” FORM, A Copy of which is attached hereto as Exhibit “D”). Upon receipt of a request from Data at the LEA, the Provider will immediately provide the LEA with any specified portion of the Student Data within three (3) calendar days of receipt of said request. The Provider shall ensure that such transfer/migration uses facilities and methods that are compatible with the relevant systems direction of the LEA under this section or its transfereeArticle II, and Section 3 (Separate Accounts), Provider may permit users or parents to maintain the extent technologically feasibleKhan Academy Website account as a personal account for purposes of retaining any content generated or provided by the user (including Learning activity). Certain account controls, including the ability to modify the account profile or delete the account, may be exercisable by the teacher that created the LEA account, by the student account holder or their parent. Requirements relating to transfer of data will have reasonable access be satisfied by the ability to Student Data during maintain a personal account or establish a personal login credential to allow the transitionstudent to maintain their account. Account transfer may not be available for some types of accounts due to limitations inherent in the functionality of the Services.

Disposition of Data. In accordance with the applicable terms in subsection (a) or (b) below, and upon a written request from the LEA, Provider shall dispose or delete all personally identifiable data obtained Student Data and Teacher Data under the DPA within thirty (30) days of the date of receipt of such written request. If no written request is received, Provider shall dispose or delete all Personally Identifiable Information contained in Student Data at the earliest of (a) when it is no longer needed for the purpose for which it was obtained and transfer/migrate said data to LEA or LEA’s designee within sixty (60b) days of the date of termination and according to a schedule and procedure as the Parties may reasonably agree in a readable and usable format. This copy of all Student Data will be provided in a standard format with standard delimiters and a matching data dictionary, mutually agreeable and sufficient to enable efficient transfer of the Student Data to a new system. It must include all Student Data which may have been re-disclosed to or held required by subprocessors or agents of the Providerapplicable law. Nothing in the DPA authorizes Provider to maintain personally identifiable data PII or Teacher Data obtained under any other writing beyond the time period reasonably needed to complete the dispositiondisposition unless a student, parent or legal guardian of a student chooses to establish a separate contractual relationship with the Provider and provides written consent for the transfer of the Student Data. Disposition shall include (1) the shredding of any hard copies of any Pupil RecordsStudent Data and Teacher Data; (2) ErasingErasing any Personally Identifiable Information; or (3) Otherwise modifying the personal information Personally Identifiable Information in those records to make it unreadable or indecipherable. Permanent destruction of this Confidential Data must be non-recoverable and meet DoD standard 5220.22-M and processes recommended by NIST Special Publication 800-88. Provider shall provide written notification to LEA when the Student Data and Teacher Data has been disposed within ninety (90) daysdisposed. The duty to dispose Upon receipt of a request from the LEA, the Provider will also immediately provide the LEA with any specified portion of the Student Data shall not extend to data that has been de-identified or placed in a separate Student account, pursuant to the other terms Teacher Data within ten (10) calendar days of the DPAreceipt of said request. The LEA may also employ a “Request for Return or Deletion of Student Data” FORM, A a Copy of which is attached hereto as Exhibit “D”). Upon receipt of a request from ) for the LEA, the Provider will immediately provide the LEA with any specified portion of the Student Data within three (3) calendar days of receipt of said written request. The Provider shall ensure that such transfer/migration uses facilities and methods that are compatible with the relevant systems of the LEA or its transferee, and to the extent technologically feasible, that the LEA will have reasonable access to Student Data during the transition.

Disposition of Data. Upon written request, Provider shall dispose shall, at LEA’s election, return to LEA or delete all personally identifiable data obtained under the DPA when it upon termination of this DPA or the applicable service agreement, whichever is no longer needed for the purpose for which it was obtained and transfer/migrate said data to LEA or LEA’s designee within sixty later of (60i)within ninety (90) days of the date of termination for trial account and according six (6) months for paid accounts and (ii)according to a schedule and procedure as the Parties may reasonably agree in a readable and usable format. This copy of all Student Data will be provided in a standard format with standard delimiters and a matching data dictionary, mutually agreeable and sufficient to enable efficient transfer of the Student Data to a new system. It must include all Student Data which may have been re-disclosed to or held by subprocessors or agents of the Provideragree. Nothing in the DPA authorizes Provider to maintain personally identifiable data obtained under any other writing beyond the time period reasonably needed to complete the disposition. Disposition shall may include (1) the shredding of any hard copies of any Pupil Records; (2) Erasing; or (3) Otherwise modifying the personal information in those records to make it unreadable or indecipherable. Permanent destruction of this Confidential Data must be non-recoverable and meet DoD standard 5220.22-M and processes recommended by NIST Special Publication 800-88. Upon written request, Provider shall provide written notification to LEA when the Student Data has been disposed within ninety (90) daysdisposed. The duty to dispose of Student Data shall not extend to data that has been de-identified or placed in a separate Student account, pursuant to the other terms of the DPA. The LEA may employ a “Request for Return or Deletion of Student Data” FORM, A Copy of which is attached hereto as Exhibit “D”). Upon receipt of a request from the LEA, the Provider will immediately promptly provide the LEA with any specified portion of the Student Data within three fourteen (314) calendar days of receipt of said request. The Notwithstanding the foregoing, Provider shall ensure not be required to return or delete any computer records or files containing Student Data that such transfer/migration uses facilities have been created pursuant to its standard archiving or backup procedures, or contained in any archived electronic communications (e.g. emails). Provider may also retain a copy of personally identifiable information if required by applicable law, rule or regulation. The data protection obligations contained in this Agreement shall apply to the archived and methods that are compatible with legally required copies so long as they exist. To the relevant systems extent Provider restores any data, Provider will notify the LEA within thirty (30) days of restoring any of the LEA’s data from its back-up systems. The LEA or its transfereemay request deletion of any restored Student Data, and however, this may limit the LEA's ability to use the extent technologically feasible, that the LEA will have reasonable access to Student Data during the transitionservices offered by Provider.

Disposition of Data. Provider shall dispose or delete all personally identifiable data obtained under the DPA when it is no longer needed for the purpose for which it was obtained and transfer/migrate said data to LEA or LEA’s designee within sixty (60) days of the date of termination and according to a schedule and procedure as the Parties may reasonably agree in a readable and usable format. This copy of all Student Data will be provided in a standard format with standard delimiters and a matching data dictionary, mutually agreeable and sufficient to enable efficient transfer of the Student Data to a new system. It must include all Student Data which may have been re-disclosed to or held by subprocessors or agents of the Provider. Nothing in the DPA authorizes Provider to maintain personally identifiable data obtained under any other writing beyond the time period reasonably needed to complete the disposition. Disposition shall include (1) the shredding of any hard copies of any Pupil Records; (2) Erasing; or (3) Otherwise modifying the personal information in those records to make it unreadable or indecipherable. Permanent destruction of this Confidential Data must be non-recoverable and meet DoD standard 5220.22-M and processes recommended by NIST Special Publication 800-88. Provider shall provide written notification to LEA when the Data has been disposed within ninety (90) days. The duty to dispose of Student Data shall not extend to data that has been de-identified or placed in a separate Student account, pursuant to the other terms of the DPA. The LEA may employ a “Request for Return or Deletion of Student Data” FORM, A Copy of which is attached hereto as Exhibit “D”). Upon receipt of a request from the LEA, the Provider will immediately provide the LEA with any specified portion of the Student Data within three ten (310) calendar days of receipt of said request. The Provider shall ensure that such transfer/migration uses facilities and methods that are compatible with the relevant systems of the LEA or its transferee, and to the extent technologically feasible, that the LEA will have reasonable access to Student Data during the transition.

Disposition of Data. Provider shall dispose or shall, at LEA’s request, delete all personally identifiable data Personally Identifiable Information contained in Student Data obtained under the DPA upon termination within thirty (30) days for the data and within sixty-five (65) day for any back-ups, according to a schedule and procedure as the Parties may reasonably agree. If no written request is received, Provider shall dispose of or delete all Personally Identifiable Information contained in Student Data at the earliest of (a) when it is no longer needed for the purpose for which it was obtained and transfer/migrate said data to LEA or LEA’s designee within sixty (60b) days of the date of termination and according to a schedule and procedure as the Parties may reasonably agree in a readable and usable format. This copy of all Student Data will be provided in a standard format with standard delimiters and a matching data dictionary, mutually agreeable and sufficient to enable efficient transfer of the Student Data to a new system. It must include all Student Data which may have been re-disclosed to or held required by subprocessors or agents of the Providerapplicable law. Nothing in the DPA authorizes Provider to maintain personally identifiable data Personally Identifiable Information contained in Student Data obtained under any other writing beyond the time period reasonably needed to complete the disposition, unless a student, parent or legal guardian of a student chooses to establish and maintain a separate account with Provider for the purpose of storing Pupil- Generated Content. Disposition shall include (1) the shredding of any hard copies of any Pupil RecordsPersonally Identifiable Information contained in Student Data; (2) Erasingerasing any Personally Identifiable Information contained in Student Data; or (3) Otherwise otherwise modifying the personal information Personally Identifiable Information in those records Student Data to make it unreadable or indecipherable. Permanent destruction of this Confidential Data must be nonindecipherable or De-recoverable and meet DoD standard 5220.22-M and processes recommended by NIST Special Publication 800-88Identified. Provider shall provide written notification to LEA when the Student Data has been disposed within ninety (90) dayspursuant to LEA’s request for deletion. The duty to dispose of Student Data shall not extend to data Student Data that has been deDe-identified Identified or placed in a separate Student account, pursuant to the other terms of the DPA. The LEA may employ a “Request for Return or Deletion of Student Data” FORM, A Copy of which is attached hereto as Exhibit “D”). Upon receipt of a request from the LEA, the Provider will immediately provide the LEA with any specified portion of the Student Data within three (3) calendar days of receipt of said request. The Provider shall ensure that such transfer/migration uses facilities and methods that are compatible with the relevant systems of the LEA or its transferee, and to the extent technologically feasible, that the LEA will have reasonable access to Student Data during the transition.

Disposition of Data. Provider shall dispose or delete all personally identifiable data obtained under the DPA when it is no longer needed for the purpose for which it was obtained and transfer/migrate said data to LEA or LEA’s designee within sixty (60) days of the date of termination and according to a schedule and procedure as the Parties may reasonably agree in a readable and usable format. This copy of all Student Data will be provided in a standard format with standard delimiters and a matching data dictionary, mutually agreeable and sufficient to enable efficient transfer of the Student Data to a new system. It must include all Student Data which may have been re-disclosed to or held by subprocessors or agents of the Provider. Nothing in the DPA authorizes Provider to maintain personally identifiable data obtained under any other writing beyond the time period reasonably needed to complete the disposition. Disposition shall include (1) the shredding of any hard copies of any Pupil Records; (2) Erasing; or (3) Otherwise modifying the personal information in those records to make it unreadable or indecipherable. Permanent destruction of this Confidential Data must be non-recoverable and meet DoD standard 5220.22-M and processes recommended by NIST Special Publication 800-88. Provider shall provide written notification to LEA when the Data has been disposed within ninety (90) days. The duty to dispose of Student Data shall not extend to data that has been de-identified or placed in a separate Student account, pursuant to the other terms of the DPA. The LEA may employ a “Request for Return or Deletion of Student Data” FORM, A Copy of which is attached hereto as Exhibit “D”). Upon receipt of a request from the LEA, the Provider will immediately provide the LEA with any specified portion of the Student Data within three ten (310) calendar days of receipt of said request. The Provider shall ensure that such transfer/migration uses facilities and methods that are compatible with the relevant systems of the LEA or its transferee, and to the extent technologically feasible, that the LEA will have reasonable access to Student Data during the transition.

Disposition of Data. Provider shall dispose or delete all personally identifiable data obtained under the DPA when it is no longer needed for the purpose for which it was obtained and transfer/migrate said data to LEA or LEAXXX’s designee within sixty (60) days of the date of termination and according to a schedule and procedure as the Parties may reasonably agree in a readable and usable format. This copy of all Student Data will be provided in a standard format with standard delimiters and a matching data dictionary, mutually agreeable and sufficient to enable efficient transfer of the Student Data to a new system. It must include all Student Data which may have been re-disclosed to or held by subprocessors or agents of the Provider. Nothing in the DPA authorizes Provider to maintain personally identifiable data obtained under any other writing beyond the time period reasonably needed to complete the disposition. Disposition shall include (1) the shredding of any hard copies of any Pupil Records; (2) Erasing; or (3) Otherwise modifying the personal information in those records to make it unreadable or indecipherable. Permanent destruction of this Confidential Data must be non-recoverable and meet DoD standard 5220.22-M and processes recommended by NIST Special Publication 800-88. Provider shall provide written notification to LEA when the Data has been disposed within ninety (90) days. The duty to dispose of Student Data shall not extend to data that has been de-identified or placed in a separate Student account, pursuant to the other terms of the DPA. The LEA may employ a “Request for Return or Deletion of Student Data” FORM, A Copy of which is attached hereto as Exhibit “D”). Upon receipt of a request from the LEA, the Provider will immediately provide the LEA with any specified portion of the Student Data within three (3) calendar days of receipt of said request. The Provider shall ensure that such transfer/migration uses facilities and methods that are compatible with the relevant systems of the LEA or its transferee, and to the extent technologically feasible, that the LEA will have reasonable access to Student Data during the transition.