Privacy Statement

West’s Education Group
SchoolMessenger Solutions
Privacy Statement

West’s Education group, part of West Interactive Services Corporation (in the U.S.) and West Unified Communication Services Canada (in Canada) and the provider of SchoolMessenger solutions, is committed to safeguarding the privacy and security of customer information. We believe the personal information of our service customers and users, and especially of students, is private, and we treat it confidentially. We have developed this privacy statement for our SchoolMessenger products and services, because we believe it is important for you to understand how we treat information you provide to us, or that we collect or maintain on your behalf.

In General, for our SchoolMessenger solutions:

  • • We will not ask for or collect personal information unless necessary to deliver our service or respond to a request;
  • • We will not use or share personal information with anyone except to deliver our services, comply with the law, protect our rights or the safety of our users, or as otherwise directed by our customers and users;
  • • We do not sell, trade, lease or loan student personal information to any third party for any reason, including for marketing or advertising; and
  • • We use industry standard measures to help protect personal information against unauthorized access and use.

This Privacy Statement is divided into two separate and distinct privacy statements for our SchoolMessenger solutions:

  • • Our Website Visitor Privacy Statement covers only those individuals visiting our marketing website www.SchoolMessenger.com; and
  • • Our School Platform & Services Privacy Statement applies to our educational agency and institution customers who have contracted with or otherwise agreed to license our products and services, and indirectly to users of those services about whom we collect or maintain personal information on our customer’s behalf.

This statement applies only to the SchoolMessenger branded family of products and services, and does not apply to other products or services of West Corporation. These policies do not supersede any additional or different terms of any agreements between West and its subsidiaries and any customer agency/institution. This statement applies in the case of any conflict with the privacy statement of West Corporation or any other of its subsidiaries.

West’s Education group’s SchoolMessenger solutions also are a signatory to the Student Privacy Pledge (www.studentprivacypledge.org), and its commitments and protections are reflected in our relevant School Platform & Services Privacy Policy.

If you have any questions about this privacy statement or our practices for handling personal information, please contact us as follows:

West’s Education Group
SchoolMessenger Solutions

100 Enterprise Way, Suite A-300
Scotts Valley, CA 95066
Phone: 800-920-3897
http://www.schoolmessenger.com/support

Website Visitor Privacy Statement

This Website Visitor Privacy Statement covers only individuals in their use of our marketing website www.SchoolMessenger.com. If you are using a SchoolMessenger product or service, please see below our School Platform & Services Privacy Policy.

In general, you can visit our SchoolMessenger website and learn about SchoolMessenger solutions without identifying or revealing any information about yourself. If you would like us to contact you to provide additional company or product information, you may choose to provide us with your personal information, including your name, telephone number and email address. We use this information only to correspond with you regarding your inquiry and our company/products, unless you further authorize us to use the information for additional purposes.

We may also use cookies to anonymously identify and track website visitors and to collect non-personal information such as website activity, referral website, and types of browsers and devices used to access our site. This data allows us to understand website usage patterns and make our website easier to use. If you submit your personal information via a web form, we may also utilize a persistent cookie to recognize when your computer visits our website. This allows us to provide personalized content. If you choose not to accept cookies, we may not be able to provide this same functionality and personalization.

We do not sell, trade, lease or loan the personal information we collect from our marketing website visitors to any third parties. Some of the information is maintained by data tools hosted by third party service providers, who do not have access to the information due to legal agreements and technology controls. We do not disclose any personal information about you, except as required or permitted by law. We do not send any unsolicited communications based on personal information we collect.

We maintain strict physical, electronic, and administrative safeguards to help protect your personal information from unauthorized or inappropriate access.

We reserve the right at our discretion to modify this Website Visitor Privacy Statement from time to time, and so you should review this Statement periodically. We will note any changes by updating the publication date of this Website Visitor Privacy Statement. In some cases, when required by law, we may ask you to agree to changes before they go into effect. Unless otherwise noted, any changes to this Website Visitor Privacy Statement will be effective when posted. Your continued use of this Site following the posting of any changes to the Website Visitor Privacy Statement constitutes your acceptance to those changes.

School Platform & Services Privacy Statement

Our SchoolMessenger School Platform & Services Privacy Statement applies to our SchoolMessenger products and services (“products”, “platform” or “services”) licensed by our educational agency and institution customers (“customers” or “schools”). These services include but are not limited to Communicate and InfoCenter (notification), Presence (school website), CustomApp (school mobile app), Passport (single sign-on and account/data provisioning), SafeMail (email filtering), and SecureFile (document delivery). This Statement applies to information we collect from, or collect or maintain on behalf of, our school customers using these services, including the personal information of school employees, parents/guardians, students, etc. as well as school website and custom mobile app users.

While we do not provide information to third parties other than as described in this statement, our school customers may choose to do so. This Statement does not apply to information that schools provide to, or that is collected by, third parties through any of our services when that information sharing is determined by and controlled by our school customer. Schools should carefully read the privacy policies of such third party services before agreeing to share personal information with those parties through our services.

We do not determine what, if any, personal information that our school customers choose to make publicly available, such as on their school websites or apps. This Statement does not apply to such personal information that schools choose to make publicly available such as on their school websites (Presence) or school apps (CustomApp). We will not sell, trade, lease or loan such publicly available student personal information we host or access through our services to any third party for any reason, including for marketing or advertising.

In General

We operate as a school service provider, meaning that our customer agreement is with an educational agency or institution (“customer”) and not with an individual educator, parent, student or other individual (“user”) including not with visitors to our school websites or users of our school mobile applications. As such, we collect and maintain both customer and user personal information, including student personally identifiable information from education records, only acting as authorized by our customer agency/institution to deliver services to and on behalf of the agency/institution (i.e., with regard to student personal information, as a “school official” as allowed under the federal Family Educational Rights and Privacy Act (FERPA)). In this role, we are deemed by the school to perform a service or function for which the school would otherwise use its employees.

Student personally identifiable information we obtain from our customer educational agency/institution continues to be the property of, and maintained under the direct control of, the agency/institution. Consistent with FERPA, we enable our customer agency/institution to exercise direct control over this student personal information through our Terms of Use, Terms of Service, and other agreements as well as through our product functionality to support school compliance with FERPA and other applicable laws. We shall not be responsible for any agency/institution violations of FERPA.

By using our product(s) or service(s), you agree to the terms of this Privacy Statement.

Information Collection & Use

We collect and maintain only the information that is necessary to provide the Services to and on behalf of our customer agency/institution, or as otherwise shared with us by the agency/institution or their users.

We use this personal information to verify and provide access to your account, to correspond with you, to deliver our products and services, to resolve problems in service delivery, and as otherwise requested or directed by the agency/institution. We may as necessary also use this personal information to ensure legal or regulatory compliance, to protect the safety of individuals or the security of the service, to take precautions against liability, and as otherwise required or permitted by law. We neither claim nor assert any other rights or licenses to use student personally identifiable information.

We do not use or share student personal information to target advertising to students or other users. Please note that our customer agency/institution may independently choose to display advertising such as on their school website (Presence) or school mobile app (CustomApp), but we make no claims or warranties about that school-controlled practice.

In general, we do not knowingly collect personal information directly from students, including children under 13, but only as shared with us by our customer agency/institution. Exceptions are a student username, password and related account login credential information that we collect directly from the student if necessary when they login to our services as authorized by their school. By default, students cannot create an account – to enable our direct collection of their personal information – without the school’s consent. When we do collect student personal information directly from students, including children under the age of 13, we do so only on behalf of and under the direct control of our customer agency/institution, and the agency/institution is responsible for obtaining any necessary prior parental consents. Should we learn that we collected personal information from a child under 13 and the school does not provide proof of consent within a reasonable time, we will delete all such personal information. We do not enable or encourage students to make their personal information publicly available.

More specifically, our services may collect, maintain and/or access the following types of personal information:

  • • Parent and school staff contact information such as names, language preferences and contact data (e.g., phone number, email address, and device ID);
  • • Student information such as name, unique identifier, email address, attendance, lunch account status, bus route, and class schedule;
  • • Account login credentials and session information such as usernames, passwords, email address, IP addresses, device IDs, and/or session cookies to automate customized settings;
  • • Notifications our school customers send to their constituents (e.g., staff, parents/guardians); and
  • • Student or other personal information within files or web pages hosted on our platform or distributed through our services.

In addition, a few of our services may, as needed to deliver the service, also collect or maintain the following personal information:

  • • Through SafeMail (email and document filtering): Email sent to/from/within the agency/institution-provided student and staff email accounts, including name, email address, message text, and message attachments; as well as other files shared with us by the agency/institution; and
  • • Through Presence (school website hosting): student and school staff photos.

When you use our school and other mobile applications, you may also be prompted to grant the app access to certain information and functions on your device, including your device ID, geolocation information, and calendar. We do not access this information, which remains on your device. This information is necessary for your device to enable the app to remain updated with the latest school information such as receiving push notifications, importing calendar events, and identifying nearby schools.

Some of our services may as needed also use cookies and other technologies to collect non-identifiable information about service usage such as language preference, Internet Protocol (IP) address, session time and length, and types of platforms used to access our services. This data allows us to simplify login, personalize service delivery, understand usage, and improve service delivery. Visitors can set their browsers to refuse cookies, but certain features may not function properly as a result.

We use aggregate or anonymous information for other purposes such as to evaluate, develop, improve and market our services.

Information Sharing

We do not sell, trade, lease or loan the personal information we collect or maintain to any third party for any reason, including that we do not sell or otherwise share student personal information with direct marketers, advertisers, or data brokers.

We do not knowingly share or disclose student personal information with any other third parties other than as needed to deliver and improve the service, as permitted or required by law or government authorities such as for law enforcement or judicial purposes, as necessary to protect the rights or safety of individuals or the service, to ensure legal or regulatory compliance or take precautions against liability, or as otherwise expressly directed by our customers. Through our services, our customers may choose to disclose such information in their sole discretion, such as by displaying it on their school website operating on our platform, but we are not responsible for such disclosures.

Access to personal information is limited to our employees and our service providers as needed to deliver the service, to the school customer, and to other third party organizations if enabled by, and as determined by, the school.

We do not share student personal information with third parties, though a few of our service providers may have limited access to such information within our data systems in the course of their providing us with data analytics, software programming and related services to support our service delivery, evaluation or improvement. In some instances, we store student personal information with a third party data hosting provider, though student personal information is secured through access controls and electronic protection methods to prevent provider access. We have agreements in place with all third parties with access to student personal information to ensure they only use the information for purposes necessary to deliver the authorized service to us and to ensure they maintain the confidentiality and security of the information.

Data Security and Data Breach

We maintain a comprehensive set of security practices that are reasonably designed in accordance with commercial best practices to protect the security, privacy, confidentiality, and integrity of student personal information against risks – such as unauthorized access or use, or unintended or inappropriate disclosure – through the use of administrative, technological, and physical safeguards appropriate to the sensitivity of the information.

All student personal information is protected according to industry standard security protocols. Data is located in datacenter facilities using industry standard access control protections.

Our services include role-based authorization control functionality to enable our customer school’s account administrator to configure and limit access to student personal information.

We limit internal access to student personal information to only those SchoolMessenger employees and contractors with a need to access the information to deliver the service.

We maintain a comprehensive hiring, training, and retraining process which includes rigorous pre-employment screening. All company employees with access to student personal information receive annual training on privacy laws and best practices for maintaining confidentiality of student personal information. SafeMail staff with access to student email and related confidential information must also pass a police record check for working with vulnerable persons.

If we know of a systems security breach by an unauthorized party or that any student personal information was used for an unauthorized purpose, we will comply with relevant state and other data breach laws. We will notify our customer agency/institution of any breach resulting in unauthorized release of data in the most expedient way possible and without unreasonable delay so that you can take appropriate steps.

We use reasonable efforts to assist our customers in identifying any known security breach in their systems or processes, but we make no claims or warranties to our customer or to any user for any inability, failure or mistake in connection with such assistance.

Information Access, Correction, Retention and Deletion

We attempt to keep your information complete, current and accurate. The agency/institution on behalf of whom we are collecting or maintaining student personal information has the right to review, correct, have deleted, and/or refuse to permit further collection or use of the information. In cases where such actions are not otherwise provided for by directly available product functionality, we will provide direct assistance within a reasonable time in response to a written request from the agency/institution.

We will also assist the agency/institution in its response to requests from parents/guardians/students to review and/or correct a student’s personally identifiable information, including as required of agencies/institutions under FERPA. As needed, we will provide direct assistance to the agency/institution in its response to the parent/guardian within a reasonable time following the agency/institution written request to us for such assistance. If we receive such requests directly from parents/guardians/students, we will refer those requests to our customer agency/institution and will not otherwise directly respond to those requests.

In general, we will retain personal information only as necessary to support the authorized purpose, comply with our legal obligations and agreements, resolve disputes, or as otherwise directed by our school customers. Any student personal information will remain subject to the restrictions and requirements described in this privacy policy for as long as we retain it. If and when personal information has been de-identified, that information is no longer personal information and no longer treated as such according to the terms of this privacy policy. We will use reasonable de-identification methods to ensure the privacy and security of personal information entrusted to us.

To support our school customers in their compliance with, and any audits related to, the federal Telephone Consumer Protection Act (TCPA), we often archive and retain Communicate call log and recipient number call preference data for up to four (4) years or longer if specified. This includes only limited personal information – the telephone number contacted – and does not include student names or other student personally identifiable information.

To support school compliance with the Children’s Internet Protection Act (CIPA), all emails, email attachments and other files shared by the school to be put through our SafeMail technology filtering and human monitoring process are archived for seven (7) years before being permanently deleted.

We will permanently delete student personally identifiable information at any time within fourteen (14) business days of a request from the customer agency/institution and within 24 months after the agency/institution account is expired, terminated or otherwise inactive, unless otherwise requested except for the regulatory compliance noted above for Communicate and SafeMail, and to comply with other legal obligations. Our school customers are provided regular opportunities to update their data, including marking personal information for deletion.

Bankruptcy, Sale or Merger

If we are involved in a merger, acquisition, or sale of all or a portion of our assets, including in the case of our bankruptcy, you will be notified via email of any change in ownership. In such a case, a successor entity will adhere to the terms of this privacy statement with regard to the previously collected student personal information.

Links and Other Parties

Please note that our products and services may contain links to third party websites or services. In many cases, those links are instituted, enabled or directed by our customer agency/institution without our knowledge or control. In other cases, we direct the link such as to our partners in technology or education. In either case, while we try to link only to sites that share our high standards and respect for privacy, we are not responsible for the content, security, or privacy practices employed by other such parties and their websites and services. Unless otherwise noted, those third party resources are not covered by this Privacy Statement or any other of our policies or terms. You are encouraged to carefully review the separate and distinct privacy policy and terms of use of any such third party service before using it.

Changes to Privacy Statement

We reserve the right at our discretion to change, modify, add or remove portions of this Privacy Statement from time to time. We will note any such changes by updating the publication date of this Privacy Statement. If we make significant changes, we will also provide notice to our customer agency/institution by sending an email to the account administrator. If we make any material changes to this privacy statement impacting student personal information that lessen protections previously noted herein, we will provide our customer agency/institution with thirty (30) days notice prior to implementing those changes and provide choice for termination of services and deletion or return of such information. In some cases, when required by law, we may ask you to agree to changes before they go into effect. By continuing to use our product(s) or service(s) after we provide notice of any changes to our privacy statement, you agree to the terms of this privacy statement.

Questions and Concerns

If you are the administrator of an educational agency/institution customer account and have any questions about this statement or if you believe we are not handling your information in accordance with our privacy statement, please contact us per the information below.

If you are otherwise a user of one of our school services, we encourage you to first contact your educational agency/institution with any questions or concerns regarding this privacy statement or our handling of personal information.

West’s Education Group
SchoolMessenger Solutions

Privacy Manager
100 Enterprise Way, Suite A-300
Scotts Valley, CA 95066
Phone: 800-920-3897
http://www.schoolmessenger.com/support

This policy was last updated on June 8, 2016.