Collection of your Personal Information
In general, we collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (“personal information”).
In particular, we have collected the following categories of personal information from our consumers within the last twelve (12) months:
- identifiers such as your username, password, Social Security number, tax identification number, student identification number, or government-issued identification;
- protected classification characteristics under California or federal law such as age, race, gender, ethnicity, color, date of birth, ancestry, national origin, citizenship, religion or creed, marital status;
- non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)), such as education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records;
- employment information such as occupation, experience or employer information;
- commercial information relating to your transactions;
- information in any emails, faxes or other communications you send to us;
- Internet or other similar network activity such as your browsing history, search history, information on your interaction with our Sites and Services;
- inferences drawn from other personal information to reflect your preferences, characteristics, trends or aptitudes;
- publicly available information available at social media platforms; and
- selected location information provided by social media platforms for localized advertising purposes.
We obtain the categories of personal information listed above from the following categories of sources:
- Directly from you. For example, from forms you complete or products and services you purchase.
- registering for an account on our Sites or Services;
- entering a sweepstakes or contest sponsored by us or one of our partners;
- signing up for special offers from selected third parties;
- sending us an email message;
- submitting your credit card or other payment information when ordering and purchasing products and services on our Sites or Services;
- communicating with you in relation to services and/or products you have requested from us.
- Indirectly from you. For example, from observing your actions on our Sites.
- by representatives authorized by the users (e.g. the school administration obtains data and then uploads it to our platform);
- through second-party systems, such “student information systems or human resource information systems” that are independently maintained and controlled by our customer schools; and
- through third-party systems, such as Google Analytics and Facebook advertisement network.
Use of your Personal Information
The data stored on our systems belongs directly to our customers, and only SFS support staff have access to personal information under strict confidentiality and security. We process personal information independently only if it is vital to the integrity or security of the service, or to analyze or evaluate the quality of the service provided.
Specifically, we may use, or disclose the personal information we collect for one or more of the following purposes:
- To fulfill or meet the reason you provided the information; for example, if you share your name and contact information to request a price quote or ask a question about our products or services, we will use that personal information to respond to your inquiry. When applicable, if you provide your personal information to purchase a product or service, we will use that information to process your payment and facilitate delivery. We may also save your information to facilitate new product orders or process returns.
- To provide, support, personalize, and develop our Sites, products, and Services.
- To create, maintain, customize, and secure your account with us.
- To process your requests, purchases, transactions, and payments and prevent transactional fraud.
- To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
- To personalize your experience and to deliver content and product and service offerings relevant to your interests, including targeted offers and ads through our Sites, third-party sites, and via email or text message (with your consent, where required by law).
- To help maintain the safety, security, and integrity of our Sites, products and services, databases and other technology assets, and business.
- For testing, research, analysis, and product development, including to develop and improve our Sites, products, and Services.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about our Sites’ users/consumers is among the assets transferred.
We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
Sharing Information with Third Parties
We share your personal information with the following categories of third parties:
- service providers, including web hosting or email marketing providers;
- business partners, including online advertising networks and companies that may we engage to co-sponsor our services; and
- our donors and supporters.
SFS may, from time to time, contact you on behalf of business partners about a particular offering that may be of interest to you. In those cases, your personal information (email, name, address, telephone number) is not transferred to the third party. SFS may share data with trusted partners to help perform statistical analysis, send you email or postal mail, provide customer support, or arrange for deliveries. All such third parties are prohibited from using your personal information except to provide these services to SFS, and they are required to maintain the confidentiality of your information.
SFS may disclose your personal information, without notice, if required to do so by law or in the good faith belief that such action is necessary to:
- conform to the edicts of the law or comply with legal process served on SFS or the Sites;
- protect and defend the rights or property of SFS; and/or
- act under exigent circumstances to protect the personal safety of users of SFS, or the public.
Tracking User Behavior
SFS may keep track of the Sites and pages our users visit within SFS, in order to determine what SFS services are the most popular. This data is used to deliver customized content and advertising within SFS to customers whose behavior indicates that they are interested in a particular subject area.
Automatically Collected Information
Information about your computer hardware and software may be automatically collected by SFS. This information can include your IP address, browser type, domain names, access times and referring website addresses. This information is used for the operation of the service, to maintain quality of the service, and to provide general statistics regarding use of the Sites.
As you navigate through and interact with our Sites, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:
- Details of your visits to our Sites, including traffic data, location data, logs, and other communication data and the resources that you access and use on the Sites.
- Information about your computer and internet connection, including your IP address, operating system, and browser type.
The information we collect automatically may include personal information, but we may maintain it or associate it with personal information we collect in other ways or receive from third parties. It helps us to improve our Sites and to deliver a better and more personalized experience, including by enabling us to:
- Estimate our audience size and usage patterns.
- Store information about your preferences, allowing us to customize our Sites according to your individual interests.
- Speed up your searches.
- Recognize you when you return to our Sites.
We utilize the following types of cookies:
Strictly Necessary Cookies. These cookies are essential as they enable you to move around our Sites and Services. For example, strictly necessary cookies allow you to access password-protected areas of the Sites. Without these cookies, some of the features of our Sites or Services may not be available.
Performance/Analytics Cookies. These cookies collect information about how you use the Sites and Services. For example, a performance/analytics cookie will collect information about which pages you visit most often, how much time you spend on that page, or if you get error messages from certain pages. These cookies do not gather information that identifies you. The information these cookies collect is anonymous and is used to improve how our Sites and Services work.
Functionality Cookies. These cookies allow us to remember the choices you make and to tailor our Sites and Services so we can provide relevant content to you. For example, a functionality cookie can remember your preferences (e.g., country or language selection), or your username.
Session Cookies. We use session cookies when you access our Sites and content. Session cookies expire and no longer have any effect when you log out of your account or close your browser.
This Site contains links to other sites. Please be aware that we are not responsible for the content or privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of any other site that collects personal information.
Security of your Personal Information
We are careful not to provide explicit detail about our security measures, but our standard protocols include:
- Application security: End-to-end traffic encryption, strongly hashed passwords, safeguards against vulnerabilities such as cross site scripting, SQL injections, phishing and others.
- Network security: firewalls and systems to detect suspicious behavior, stop malicious attempts to gain access, or compromise the resilience of the service (e.g. DDOS attacks).
- Organizational security: access policies, audit logs and confidentiality agreements.
- Physical security: preventing unauthorized access to infrastructure and devices processing personal information.
- Procedural security: IT management processes to minimize the risk of human errors or testing regimes to identify software weaknesses before releasing new features to our cloud services, or policies to ensure data is only processed in instruction from our customers.
- SFS and its employees are agents for the district with respect to the district’s student and employee data and other related information hosted by SFS or provided to SFS by the district. As such agents of the district, SFS and its employees and are bound by the confidentiality provisions of Family Educational Rights and Privacy Act and its regulations, (20 U.S.C. § 1232g; 34 CFR Part 99) in the provision of the services hereunder.
We strive to take appropriate security measures to protect against unauthorized access to or alteration of your personal information. Unfortunately, no data transmission over the Internet or any wireless network can be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, you acknowledge that: (a) there are security and privacy limitations inherent to the Internet which are beyond our control; and (b) security, integrity, and privacy of any and all information and data exchanged between you and us through these Sites cannot be guaranteed.
Your Rights As a California Resident
Effective on January 1, 2020, the California Consumer Privacy Act (CCPA) provides consumers (California residents) with specific rights regarding their personal information. If you reside in California, you may exercise the following rights:
- A right to disclosure of the categories of personal information collected by us
- A right to disclosure of the specific pieces of personal information collected by us
- A right to deletion of personal information by us (subject to certain Exceptions outlined below)
- A right to receive personal information in a format that will allow its transfer to third parties by you
- A right to opt-out of the “sale” of personal information, where a “sale” under the CCPA means “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information to another business or a third party for monetary or other valuable consideration.”
- We sell or otherwise disclose your personal information to some of our business partners. To opt-out of the sale of your personal information, please contact us firstname.lastname@example.org or 844-737-3825 x 718 to may submit a request.
- A right to sue for security breaches of personal information.
- Access to specific information and data portability rights
You have the right to request that we disclose to you your personal information we have collected about you over the past 12 months from the day of your request. Once we receive and confirm your request, we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business and commercial purposes for collecting or selling that personal information.
- The categories of third parties with whom we shared that personal information.
- The specific pieces of personal information we collected about you.
- If we “sold” or disclosed your personal information for a business purpose, up to two separate lists disclosing:
- if we “sold” your personal information, “sales”, identifying the personal information categories that each category of recipient “purchased”; and
- if we disclosed your personal information, disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
- Deletion request rights
You have the right to request that we delete any of personal information data that we collected from you and retained, subject to certain Exceptions (as listed below). Once we receive and confirm your request, we will delete your personal information from our records unless an Exception applies.
We may deny your deletion request if retaining the information is necessary for us or our Provider(s):
- to complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
- to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
- to debug products to identify and repair errors that impair existing intended functionality;
- to exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law;
- to comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.);
- to engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent;
- to enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
- to comply with a legal obligation; or
- to make other internal and lawful uses of that information that are compatible with the context in which you provided it (each an “Exception” and collectively, “Exceptions”).
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- deny you goods or services.
- charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- provide you a different level or quality of goods or services.
- suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
However, we may still offer you certain financial incentives that can result in different prices, rates or service quality levels as permitted by the CCPA. We do not at this time provide any such financial incentives.
- Exercising Access, Data Portability and Deletion Rights
To exercise your rights described above, please submit a request to us by either:
- 844-737-3825 x 718
Only you, or someone legally authorized to act on your behalf, may make a request related to your personal information. You may also make a request on behalf of your minor child. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
You may only make a request for access or data portability twice within a 12-month period. The request must:
- provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative; and
- describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
Making a request does not require you to create an account with us. Also, we will only use personal information provided in a request to verify the requestor’s identity or authority to make the request.
- Your Authorized Agent
You have the right to designate an authorized agent to make a request under the CCPA on your behalf.
- Response Timing and Format
We will confirm that we received your request within ten (10) days and will respond within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period in writing.
We will deliver our written response electronically or, at your option, by mail.
Any disclosures we provide will only cover the 12-month period preceding our receipt of the request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Your Rights As a EU Resident
Under certain circumstances, you have rights under the applicable data protection laws in relation to your personal information, including:
- Request access to your personal information. This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of your personal information. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal information to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons, which will be notified to you, if applicable, at the time of your request.
- Object to processing of your personal information. This enables you to ask us to delete or remove personal information where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information, which overrides your rights and freedoms.
- Request restriction of processing your personal information of your personal information. This enables you to ask us to suspend the processing of your personal information in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of your personal information to you or to a third party. This enables you to ask us to provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information, which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent at any time where we are relying on consent to process your personal information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
No Fee Usually Required
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What We May Need From You
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time Limit To Respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
We are headquartered in the United States, and we have operations, entities, and service providers in the United States and throughout the world. Many of our external third parties are based outside the European Economic Area (“EEA”), so their processing of your personal information might involve a transfer of data outside the EEA.
We will take steps to ensure that your personal information receives an adequate level of protection in the jurisdictions in which we process it. Where we use certain service providers, we may use specific contracts approved by the European Commission, which give personal information the same protection it has in Europe.
Please contact us at email@example.com or 844-737-3825 x 718 if you want further information on the specific mechanism used by us when transferring your personal information out of the EEA.
Children Under Thirteen
SFS does not knowingly collect personal information from users of the Sites or the Services under the age of thirteen. If you are under the age of thirteen, you must ask your parent or guardian for permission to use the Site or the Services.
From time to time, SFS may contact you via email for the purpose of providing announcements, promotional offers, alerts, confirmations, surveys, and/or other general communication. In order to improve our services, we may receive a notification when you open an email from SFS or click on a link therein.
If you would like to stop receiving daily email updates or promotional communications via email from SFS, you may opt out of such communications of daily emails from within the application. To stop receiving promotional communications via email from SFS, you can opt-out of the marketing emails via the “unsubscribe” link.
External Data Storage Sites
We may store your data on servers provided by third party hosting vendors with whom we have contracted.
Standard For Success, LLC
Chief Technology Officer
10741 S County Road 850 E
Cloverdale, Indiana 46120
844-737-3825 x 718
Effective as of May 15, 2020