Services – Privacy Policy
Network For Teaching Entrepreneurship (“NFTE,” “we,” or “us”) understands that privacy is tremendously important to school districts and schools who purchase or subscribe to our Services (defined below) (“Clients”) and to educators and students whose information we may access on behalf of a Client (“Educators” and “Students”). Among other products, NFTE provides instructional courses with respect to various subjects and ancillary training and support services with respect to its Clients’ use of such courses; such courses and content may be provided to Client (i) directly from NFTE in a digital format, for the Client to use on their learning management platform (“Local Courses”); or (ii) to Client via integration of NFTE’s hosted platform with Client’s existing learning management platform (“Hosted Courses”).
This privacy policy applies to all of our products and services (collectively, the “Services”) and will help you understand how we collect, use and safeguard the personal information provided to us in connection with the Services. This Privacy Policy (the “Policy”) is incorporated into the services agreement (or related terms of use) between NFTE and its Clients or their users of our Services (the “Services Agreement”). By using the Services, you acknowledge that you have read and agree to this Policy. If you do not agree with this Policy, you may not use or access the Services.
This privacy policy does not apply to our marketing website, nfte.com. Please visit https://nfte.com/privacy-policy/ to view the terms applicable to that website.
A Special Note for International Users of the Services: Much of our computer systems are currently based in the United States, so your personally identifiable information will be processed by us in the United States, where data protection and privacy regulations may be different than other parts of the world, such as the European Union. If you use the Services as a visitor from outside the United States, you are agreeing to the terms of this Policy and, if applicable, the end user terms of use posted in association with the Services, and you will have consented to the transfer and processing of all such information in the United States, which may not offer an equivalent level of protection of that in the European Union or certain other countries.
This Policy provides the following information:
- How We Collect and Use Information
- How We Share Information
- How We Protect Your Information
- Choices About Your Information
- Compliance with Student Data Privacy Laws
- Student Data Privacy Policies, Practices and Procedures
- Children’s Privacy
- Links to Other Websites and Services
- How to Contact Us
- Changes to This Policy
Transparency. We will always be transparent with the methods we use to collect data and describe exactly how we will use it to the benefit and strict direction of our Clients and their users.
- HOW WE COLLECT AND USE INFORMATION
We collect the following types of information:
Information about Clients and their Users: We ask for certain information when a Client administrator, Educator or other user registers with NFTE, or if the user corresponds with us online, which may include a name, school name, school district name, school email address and/or account name and password, phone number, and/or message content. We may also retain information provided by a Client if the Client sends us a message, posts content to one of our websites or through our Services, or responds to emails or surveys. Once a Client begins using the Services, we will keep records of activities related to the Services. For Clients utilizing Local Courses, we only collect and maintain the data provided to us by the Clients under the Services Agreement. For Clients utilizing Hosted Services, we collect data and information automatically via the Clients’ and their users’ access and use of the Services via the authorized integration. We use this information for the following purposes:
- To provide and maintain our Services, including to monitor the usage of our Services.
- To manage registered user accounts for the Services. The personal data you provide can give you access to different functionalities of the Services that are available to you as a registered user.
- For the performance of the Services Agreement.
- To contact Clients or their representatives by email, telephone calls, SMS, or other equivalent forms of electronic communication, regarding updates or informative communications related to the functionalities of the Services, including the security updates, when necessary or reasonable for their implementation.
- To provide Clients or their representatives with news, special offers and general information about other products and services we offer or that we believe may be of interest to you, unless you have opted not to receive such information. You always have the option to opt out of our internal marketing communications by contacting us at [email protected] or by following the opt-out procedure outlined in such communications. Please note that opting out of receiving these communications will not remove your personal information from our files and we will still contact you as necessary to provide and support products and services you have ordered or purchased from us at your request. We do not rent or sell Client or employee user contact information to third parties for marketing purposes. We do not use Student Data for marketing purposes, and we do not send marketing communications to students or parents.
- To manage our Clients’ requests to us.
- To evaluate or conduct a business transfer, which may be structured as a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal data held by us about our Services users is among the assets transferred.
- For other purposes such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our products, services, marketing and user experience.
Student Data: NFTE may have access to personally identifiable information about Students (“Student Data”) in the course of providing the Services to a Client. We consider Student Data to be confidential and do not use such data for any purpose other than to provide the Services on the Client’s behalf as agreed in the Services Agreement. Depending on the type of Services selected by the Client, such Student Data may come directly from the Client, or the Client may allow Students to access the Services to provide data as authorized and directed by the Client. In that instance, the Client provides each Student with login credentials and confirms that it has obtained appropriate parental consents, as needed, before the Student is permitted to access the Service. NFTE has access to Student Data only as requested by the Client and only for the purposes of performing Services on the Client’s behalf.
Student privacy is very important to us. Student Data is used only for educational purposes at the discretion of the applicable Client.
Information Collected through Technology: We automatically collect certain types of usage information when visitors use the Services. We may send one or more cookies — a small text file containing a string of alphanumeric characters — to your computer that uniquely identifies your browser and lets NFTE help you log in faster and enhance your navigation through the Services. A cookie may also convey information to us about how you use the Services (e.g., the pages you view, the links you click and other actions you take on the Services), and allow us to track your usage of the Services over time. We may collect log file information from your browser or mobile device each time you access the Services. Log file information may include anonymous information such as your web request, Internet Protocol (“IP”) address, browser type, information about your mobile device, number of clicks and how you interact with links on the Service, pages viewed, features used, and other such information. We may employ clear gifs (also known as web beacons), which are used to anonymously track the online usage patterns of our Users. The information allows for more accurate reporting and improvement of the Services. We may also collect analytics data, or use third-party analytics tools, to help us measure traffic and usage trends for the Services. We do not allow third party advertising networks to collect information about the users of our Services.
We use or may use the data collected through cookies, log files, device identifiers, clear gifs information and other similar data (collectively, “Cookies”) to: (a) remember information so that a user will not have to re-enter it during subsequent visits; (b) provide custom, personalized content and information; (c) to provide and monitor the effectiveness of our Services; (d) monitor aggregate metrics such as total number of visitors, traffic, and usage on our website and our Services; (e) diagnose or fix technology problems; and (f) help users efficiently access information after signing in. We may also disclose such data and information to our third party partners whose services or applications interact or interface with our Services, but only as described in this Policy.
Other non-public information or data received from Clients that constitutes “confidential information” under the terms of the applicable Services Agreement will be subject to the confidentiality terms outlined in that Services Agreement.
- HOW WE SHARE INFORMATION
NFTE only shares personal information in a few limited circumstances, described below. We do not rent or sell information for marketing purposes.
- With third-party providers whose software or services interface with or otherwise may receive information from, or provide information to, the Services, but only as directed or approved by our Clients. We do not release Student Data to any third party without the prior written consent of the Client or the affected Student (if he or she 18 years of age or older) or his or her parent or legal guardian, as applicable.
- With third-party providers that provide us with technology services (e.g. web hosting and analytics services), but strictly for the purpose of carrying out their work for us. We will use reasonable efforts to identify these providers in this Policy, but reserve the right to change these providers from time to time with or without notice to you.
- With our affiliates, in which case we will require those affiliates to honor this Policy. Affiliates include any companies that control, are controlled by or are under common control with NFTE.
- With other users with whom users share information or otherwise interact with via interactive features of our Services; any information shared in such forums may be viewed by all users with appropriate access permissions.
- With law enforcement or other third parties when compelled to do so by court order or other legal process, to comply with statutes or regulations, to enforce our Terms, or if we believe in good faith that the disclosure is necessary to protect the rights, property or personal safety of our users or our company, or otherwise to protect against a legal liability or to comply with a legal obligation.
- In the event of a change of control (e.g., if we sell, divest or transfer the business or a portion of our business), we may transfer information to the new owner of the business.
We may disclose aggregated information about our users, and information that does not identify any individual, without restriction.
We currently use the following tools to provide services to our users; certain tools may be enabled or used only with Client authorization as set out in the Services Agreement. User data may be shared with these providers and will be governed by the privacy policy of such providers:
- Canvas, https://www.instructure.com/policies/privacy
- Alchemer, https://www.alchemer.com/privacy/
- Qualtrics, https://www.qualtrics.com/privacy-statement/
- HOW WE PROTECT YOUR INFORMATION
We store our data in the United States and we take reasonable measures to keep data safe and secure.
Storage and Processing: Any information collected through the Service is stored and processed in the United States. If you use our Service outside of the United States, you consent to have your data transferred to the United States.
Keeping Your Information Safe: NFTE maintains industry standard administrative, technical and physical procedures to protect information stored in the servers we utilize, which are located in the United States. While no service provider can guarantee absolute security when communicating over the internet or wireless networks, we are committed to taking steps to help secure any personal information that may be in our possession. Access to information is limited (through user/password credentials and optional two factor authentication) to those employees and agents who require it to perform their job functions. We use industry-standard Secure Socket Layer (SSL) encryption technology to safeguard the account registration process and sign-up information. Other security safeguards include, but are not limited to, data encryption, firewalls and restricted access protocols.
You are solely responsible for maintaining the secrecy of any password used to log in to your account on the Services, if any, and you should always be mindful and responsible whenever disclosing information online that the information is potentially accessible to the public, and consequently, could be collected and used by others without your consent.
- CHOICES ABOUT YOUR INFORMATION
Account Information and Settings: Clients may update account information by contacting us at [email protected]. Clients can opt-out of receiving promotional email from us by contacting us at [email protected]or by following the opt-out procedure outlined in such communications. You cannot unsubscribe from Service-related messaging.
If you have any questions about reviewing or modifying account information, contact us directly at [email protected].
Access to Student Data: Student Data is provided and controlled by our Clients or the applicable end user. If you have any questions about reviewing, modifying, or deleting personal information of a Student, please contact your school district directly.
Deleting or Disabling Cookies: : Certain parts of our Services require Cookies on your browser to work. If you disable cookies, such features of the Services may not work properly. You can instruct your browser to refuse all browser Cookies or to indicate when a browser Cookie is being sent. For more information on how you can delete flash Cookies (i.e., local stored objects), please read “Where can I change the settings for disabling, or deleting local shared objects?” available at https://helpx.adobe.com/flash-player/kb/disable-local-shared-objects-flash.html#main_Where_can_I_change_the_settings_for_disabling__or_deleting_local_shared_objects_
If you have any questions about data retention or deletion, please contact us at [email protected].
- COMPLIANCE WITH STUDENT DATA PRIVACY LAWS
All interactions with Student Data are handled with attention to accuracy and protecting Student privacy. Once Student Data is provided to us, we treat it as if it were our own children’s information.
Protecting the confidentiality, integrity, and availability of our Clients’ systems and data is of the utmost importance to us, as is maintaining Client trust and confidence. To that end, we ensure that our staff is trained and systems are in place to provide required security and confidentiality of Student Data. We have implemented training on the federal and state laws, regulations and policies governing confidentiality of Student Data and any PII (defined below) included in such Student Data for any NFTE officers and employees who will have access to Student Data and PII under the Client’s Services Agreement. We also conduct background checks for our employees and agents.
NFTE has implemented practices and procedures designed to comply with applicable requirements in federal and state laws and regulations, school district policies, as well as private industry prevailing practices, regarding the proper handling and security of student information; these practices and procedures are described in further detail below. Our use and maintenance of PII from Student Data is subject to the direct provision and control of our Clients. Third parties and contractors that work with NFTE are subject to the same policies, requirements and security protocols as the internal NFTE team.
Different levels of access to different content available via the Hosted Courses require different permissions, and we look to the Client to designate such permissions. System administrators assigned by the Client will have the ability (independently of NFTE) to enable or disable access by any given Client user to various portions of the Hosted Courses, and if a Client desires to have us disable access by any previously-authorized Client user, an authorized official of the Client must notify us in writing, and we will take reasonably prompt measures to disable access for that user as requested.
NFTE has a designated Privacy Officer who ensures policies, practices, and procedures are followed with fidelity. Our current Privacy Officer, Ronald Jacobs, can be reached at [email protected].
Family Educational Rights and Privacy Act: NFTE understands and is compliant with all applicable aspects of the federal Family Educational Rights and Privacy Act, 20 USC § 1232(g) et seq. (“FERPA”), and associated regulations regarding “personally identifiable information” (“PII”), as such term is defined in FERPA, and NFTE follows federal guidelines in regard to the collection, production, and distribution of PII included in Student Data we receive. For more information regarding FERPA, see http://www2.ed.gov/policy/gen/guid/fpco/ferpa/index.html . We agree that we will manage and use such PII in accordance with FERPA and applicable state statutes, regulations, and policies. We rely on our Clients’ proper compliance with FERPA provisions regarding the release of PII from education records by (a) Clients’ obtaining parental consent to share PII with appropriately approved or contracted third parties such as NFTE, or (b) Clients’ use of the “School Official” exception under FERPA (See http://ptac.ed.gov/sites/default/files/FERPA%20Exceptions_HANDOUT_horizontal_0.pdf and 34 CFR §§ 99.31(a)(1) and 99.7(a)(3)(iii)).
Compliance with State Student Data Privacy Laws: Our Services comply with specific state statutes, regulations, and policies regarding student data privacy and security. To the extent a state has requirements not otherwise covered by these policies, please contact our Privacy Officer, Ronald Jacobs, at [email protected].
- STUDENT DATA PRIVACY POLICIES, PRACTICES AND PROCEDURES.
NFTE has implemented the following specific policies, practices and procedures with respect to Student Data:
- Prohibition against using Personally Identifiable Information (PII) in student records to engage in targeted advertising. We do not sell, trade, or rent PII in Student Data to anyone outside the organization. We strictly limit internal access to Student Data and PII to those individuals who have a legitimate need for such access in order for us to perform our obligations under the Services Agreement with our Client. We do not use any PII for our own purposes and do not use any PII for the purposes of selling or marketing any product to any person or third party, whether such person or party is the subject of the applicable PII or otherwise.
- Prohibition against using any PII in the student record for any purpose other than those required or specifically permitted by the contract. NFTE prohibits using any PII in Student Data for any purpose outside those required or permitted by the Services Agreement with the applicable Client. Any PII in Student Data to which we have possession or access will be used by us solely for the purposes of providing the Services to the Client, and for providing such information through the Services to those persons or parties to whom the Client has provided access to the applicable portion of the Services. We hold Client data in strictest confidence and do not disclose it to any third parties, unless such third parties are required to fulfill the contract, nor make use of such data for our own benefit or for the benefit of another, or for any use other than the purpose(s) agreed upon in the services Agreement. If third parties have access to Student Data as required by the Services Agreement with the Client, such access is only allowed through NFTE systems and process.
- Collection of data and information from student records. NFTE does not collect any information separately from that which is provided by or through an educational institution that is within the scope of an approved and legally binding contract.
- Description of the procedures by which a parent, legal guardian, or eligible student may review personally identifiable information in the student’s records and correct erroneous information. In general, the Client has the capability to provide any such person with access to the applicable data by means of the Services without the involvement of NFTE, and if deemed appropriate, the Client has the capability to revise such Student Data to address any inaccuracy without the involvement of NFTE. However, in the event our participation is necessary or useful to enabling access or addressing any inaccuracy that the Client or an adjudicatory body deems to be required, we will provide cooperation to enable such access or to address such inaccuracy. Importantly, only parents or guardians with FERPA rights may review or correct PII; Client must make such determination and communicate the same to us in the event our cooperation is needed. However, since all Student Data is provided to NFTE by the Client, any parent or Student request to correct data must come directly from the Client through regular Student Data updates or by utilizing specific management tools of the Services.
- Description of the procedures for notifying the affected parent, legal guardian, or eligible student in the event of an unauthorized disclosure of the student’s records. In the unlikely case of an unauthorized disclosure of Student Data, we will make every effort to assist the Client in notifying the affected parents or legal guardian. We will notify the Client within 24 hours of becoming aware of any breach of our security system that reasonably could compromise any Student Data or PII.
- Certification that a student’s records shall not be retained upon completion of the terms of the contract and a description of how that certification will be enforced. NFTE certifies that, within a reasonable period of time after termination of the applicable Services Agreement and expiration of any post-termination access period requested by the Client, we will remove all PII from the Hosted Services and deactivate the Hosted Services account associated with Client’s subscription. NFTE may, however, retain copies of any PII in its offline data archives for backup, archive or legal recordkeeping purposes, and may subsequently destroy or erase such retained archive data, all in accordance with its data retention policies; provided that the terms of this Privacy Policy apply for so long as NFTE maintains any Student Data. We may maintain anonymized or aggregated data, including usage data, for analytics purposes.
- Student records continue to be the property of and under the control of the school district. NFTE ensures that Student Data is the property of and under the control of our Client. The Services only contains Student Data provided to it from the Client either through direct secure data transfer from Client servers or via Client controlled data gathering methods. We may be required to disclose PII to comply with a court order, law or legal process (including a government or regulatory request). However, in advance of such agency request, we will provide the Client with notice of the requirement so that the Client may seek a protective order or other remedy if it so chooses. If, after providing such notice, IO must disclose the required PII, IO will only disclose that portion of the PII which, on the advice of our legal counsel, the order, law or process specifically requires us to disclose.
Different levels of access to different content available via the Hosted Courses require different permissions, and we look to the Client to designate such permissions. System administrators assigned by the Client will have the ability (independently of NFTE) to enable or disable access by any given Client user to various portions of the Hosted Courses, and if a Client desires to have us disable access by any previously-authorized Client user, an authorized official of the Client must notify us in writing, and we will take reasonably prompt measures to disable access for that user as requested.
- De-identified personally identifiable information. The above outlines NFTE’s treatment of PII, but it is also very important to be clear what type of information is not PII. Once PII has been de-identified, that information is no longer PII. PII may be de-identified through aggregation or other appropriate means. The U.S. Department of Education has issued guidance on de-identifying PII in education records, available at http://ptac.ed.gov/sites/default/files/data_deidentification_terms.pdf. In order to allow NFTE to proactively address client needs, we anticipate using de-identified information to improve NFTE products and services generally. This does not mean we will market to you, necessarily, but that we may use de-identified data for general marketing to our Clients and prospective Clients. IO uses reasonable de-identification methods that avoid compromising the privacy or security of the PII provided to us.
- CHILDREN’S PRIVACY
The intent of the Children’s Online Privacy Protection Act (“COPPA”) is to give parents control over commercial websites’ and online services’ collection, use and disclosure of information from children under the age of 13. COPPA does not apply to all internet-based services; when Services are used as intended and as contracted by the Client, such use may involve data from students under 13, but the student is not the end user, and COPPA does not apply.
- LINKS TO OTHER WEB SITES AND SERVICES
Please remember that this Policy applies to the NFTE Services only, and not other websites or third party applications with which our Services may integrate or that may be linked in our Services, all of which may have their own privacy policies. You should carefully read the privacy practices of each third party application before agreeing to engage with the application through the Services. We assume no responsibility or liability for the privacy practices of any vendor or operator of third party sites or applications.
- HOW TO CONTACT US
If you have any questions about this Policy or the Services, please contact us at [[email protected]]. You may also contact our Privacy Officer, Ronald Jacobs, at [email protected].
- CHANGES TO THIS POLICY
We reserve the right to change this Policy at any time by posting revised Policy on this webpage, and we may also (but are not required to) notify Clients of such posting via the most recent Client email address on file with us. We encourage you to review this webpage periodically. The changes will be effective immediately upon notice or posting, and we will update the effective date of this Policy upon such posting. Your use or continued use of the Services following the posting or email notification (as applicable) of any changes to the Policy will be deemed to be your acceptance of the changed Policy.