Privacy Policy
Caissa K12 ("Company", "we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit any of our websites, use our services, or interact with us in any other way. Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the site or use our services.
Information We Collect
Personal Information
We may collect personal information that you voluntarily provide to us when you register on the website, subscribe to our newsletter, fill out a form, or otherwise enter information on our site. This information may include:
-
Name
-
Email address
-
Phone number
-
Mailing address
-
School or organization details
Non-Personal Information
We may also collect non-personal information about you automatically as you navigate through the site. This information may include:
-
Browser type
-
Operating system
-
Access times
-
Referring website addresses
-
Clickstream data
Cookies and Tracking Technologies
We may use cookies, web beacons, tracking pixels, and other tracking technologies to collect information about your interactions with our website. This helps us improve our website and provide a better user experience.
How We Use Your Information
We use the information we collect in the following ways:
-
To provide, operate, and maintain our services
-
To improve, personalize, and expand our services
-
To understand and analyze how you use our services
-
To communicate with you, either directly or through one of our partners, including for customer service, to provide you with updates and other information, and for marketing and promotional purposes
-
To find and prevent fraud
-
For compliance with legal obligations
How We Share Your Information
We may share your information in the following situations:
-
With Service Providers: We may share your information with third-party vendors, service providers, contractors, or agents who perform services for us or on our behalf and require access to such information to do that work.
-
For Business Transfers: We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
-
With Affiliates: We may share your information with our affiliates, in which case we will require those affiliates to honor this privacy policy.
-
With Business Partners: We may share your information with our business partners to offer you certain products, services, or promotions.
-
With Your Consent: We may disclose your personal information for any other purpose with your consent.
Security of Your Information
We use administrative, technical, and physical security measures to help protect your personal information. While we have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse.
SMS Privacy Policy
We respect your privacy and are committed to protecting your personal information. This section details how we handle information you provide through our SMS program:
Use of Information
-
Purpose: We use your information to send mobile messages and respond to your inquiries as necessary. This may involve sharing your information with platform providers, phone companies, and other vendors who assist in message delivery.
-
Protection of Information: We do not sell, rent, loan, trade, lease, or otherwise transfer for profit any phone numbers or customer information collected through the SMS program to any third party.
-
Disclosure: We may disclose your information if required by law, regulation, or governmental request, to avoid liability, or to protect our rights or property.
Choices and Controls
-
Consent: Consent to receive automated marketing text messages is not a condition of any purchase.
-
Opt-Out: You can opt out of receiving further text messages via the Messaging Service by responding to any of our text messages with any of the following replies: STOP, END, CANCEL, UNSUBSCRIBE, or QUIT.
Your Responsibilities
-
Accurate Information: Ensure that the information you provide is accurate, complete, and truthful. Do not use a false or misleading name or a name you are not authorized to use.
-
Consequences: If we believe the information provided is untrue, inaccurate, or incomplete, or if you have joined the program for ulterior motives, we may deny you access to the program and take appropriate legal actions.
This SMS Privacy Policy is strictly limited to our SMS program and does not affect any other privacy policies that may govern your relationship with us in other contexts.
Your Privacy Rights
Depending on your location, you may have the following rights regarding your personal information:
-
Access and Update: You have the right to access and update your personal information that we hold.
-
Deletion: You have the right to request that we delete your personal information, subject to certain exceptions.
-
Opt-Out of Marketing: You have the right to opt-out of marketing communications we send you at any time.
-
Data Portability: You have the right to request a copy of your personal information in a structured, commonly used, and machine-readable format.
To exercise any of these rights, please contact us using the contact information provided below.
Children's Privacy
Our services are not directed to children under the age of 18, and we do not knowingly collect personal information from children under 18. If we become aware that we have inadvertently received personal information from a child under the age of 18, we will delete such information from our records.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
Contact Us
If you have any questions about this Privacy Policy, please contact us at:
Caissa K12
Email: info@caissaps.com
Phone Number: (901) 522-1030
Data Security and Privacy Plan
This Data Sharing Agreement (the “Agreement’’) is made between Caissa Public Strategy LLC, d/b/a, Caissa K12, (“Provider”) and the “District”. The District and Provider will be collectively referred to as the “Parties.”
1. DEFINITION, USE, AND TREATMENT OF DATA.
A. Data shall include, but is not limited to, the following: student data, employee data, metadata, user content, course content, materials, and any and all data and information that the District (or any authorized end user(s)) uploads or enters through their use of the product. Data also includes all personally identifiable information in education records, directory data, and other non-public information. Student data specifically includes any information, in any format,
that is directly related to any identifiable current or former student that is maintained by the District, and may include “educational records” as defined by the Family Educational Rights and Privacy Act (“FERPA”).
B. The District owns and retains all rights, title and interest to, or has appropriate possessory rights in, Data. Provider makes no claim of license, title or ownership to or in Data.
C. All Data accessed or used by the Provider shall at all times be treated as confidential by Provider and shall not be copied, used or disclosed by Provider for any purpose not related to providing services to the District. As outlined in more detail below, Provider recognizes that personally identifiable information is protected against disclosure by Federal and State Statutes and Regulations, and Provider agrees to comply with said restrictions.
2. PURPOSE, SCOPE AND DURATION.
A. For Provider to provide services to the District it may become necessary for the District to share certain Data related to the District’s students, employees, business practices, and/or intellectual property.
B. The Parties acknowledge that the District is subject to FERPA, which law and supporting regulations generally address certain obligations of an educational agency or institution that receives federal funds regarding disclosure of personally identifiable information in education records. As set forth in more detail below, the Parties agree that Provider is a “school official” under FERPA and has a legitimate educational interest in personally identifiable information from education records because Provider: (1) provides a service or function for which the District would otherwise use employees; (2) is under the direct control of the District with respect to the use and maintenance of education records; and (3) is subject to the requirements of FERPA governing the use and redisclosure of personally identifiable information from education records.
C. The parties expect and anticipate that Provider may receive personally identifiable information in education records from the District only as an incident of service or training that Provider provides to the District pursuant to this Agreement and the Services Agreement. Provider shall be permitted to use any such personally identifiable information in education records as a function of performing its duties and obligations. Provider represents that it shall not use or further disclose any personally identifiable information in education records other than as a function of performing its duties and obligations.
D. This Agreement becomes effective immediately upon the date of execution and shall remain in effect during the time that Provider provides services to the District. Provider agrees to use said Data solely for the purposes of providing services to the District.
E. At the conclusion of this Agreement, Provider agrees to destroy or transfer to the District under the direction of the District all Data relating to the District, its students, and its employees that Provider may have in its possession or in the possession of any subcontractors or agents to which the Provider may have transferred Data within five business days of the conclusion of this Agreement, unless otherwise agreed by the Parties in writing.
3. DATA COLLECTION.
A. Provider will only collect Data necessary to fulfill its duties as outlined in this Agreement and the Services Agreement.
4. DATA USE.
A. Provider will use Data only for the purpose of fulfilling its duties and providing services under this Agreement, and for improving services under this Agreement and the Services Agreement.
5. DATA DE-IDENTIFICATION.
A. Provider may use de-identified Data for product development, research, or other purposes. De-identified Data will have all direct and indirect personal identifiers removed. This includes, but is not limited to, name, identification numbers, dates of birth, demographic information, location information, and school identification.
Further, Provider agrees not to attempt to re-identify de-identified Data and not to transfer de-identified Data to any party authorized to receive such Data pursuant to this Agreement unless that party agrees not to attempt re-identification.
6. MARKETING AND ADVERTISING PROHIBITED.
A. Provider shall not use any Data to advertise or market to students, their parents, or District employees or officials except as otherwise provided in the contract.
7. DATA MINING.
A. Provider is prohibited from mining Data for any purposes other than those agreed in writing to by the Parties. Data mining or scanning of user content for the purpose of advertising or marketing to students or their parents is prohibited. Data mining is defined as the process of analyzing data from different perspectives and summarizing it into useful information by finding correlations or patterns among data fields in relational databases.
8. DATA SHARING.
A. Provider shall not share Data with any additional parties, including but not limited to an authorized subcontractor or non-employee agent, without prior written consent of the District or as authorized by the District pursuant to the Services Agreement.
B. In the event any person(s) seeks to access any Data beyond the access that is
provided to Provider’s employees for purposes of providing services to the District under this Agreement or beyond the access that is granted by the District under the Services Agreement, Provider will immediately inform the District of such request in writing unless expressly prohibited by law or judicial order. The District will respond to all requests for Data received by Provider; Provider will not respond in any way to such requests for Data unless required by law. Unless required by law, Provider shall only retrieve requested Data upon receipt of, and in accordance with, written directions by the District and shall only provide such Data to the District without express written consent from the District.
C. Should Provider receive a court order or lawfully issued subpoena seeking the release of such Data or information, Provider shall immediately provide notification in writing to the District of its receipt of such court order or lawfully issued subpoena and shall immediately provide the District with a copy of such court order or lawfully issued subpoena prior to releasing the requested Data or information.
9. DATA TRANSFER OR DESTRUCTION.
A. Provider will ensure that all Data in its possession and in the possession of any subcontractors or agents to which the Provider may have transferred Data are destroyed or transferred to the District under the direction of the District when the Data is no longer needed for the specified purpose.
10. RIGHTS AND LICENSE IN AND TO DATA.
A. Parties agree that all rights, including all intellectual property rights, to Data shall remain the exclusive property of the District, and Provider has a limited, nonexclusive license solely for the purpose of performing its obligations as outlined in the Agreement and the Services Agreement. This Agreement does not give Provider any rights, implied or otherwise, to Data, content, or intellectual property, except as expressly stated in the Agreement or the Services Agreement. This includes the right to sell or trade Data.
11. ACCESS.
A. Any Data held by the Provider will be made available to the District immediately upon request by the District.
12. SECURITY CONTROLS.
A. Provider shall store and process Data in accordance with industry best practices.
This includes appropriate administrative, physical, and technical safeguards to secure Data from unauthorized access, disclosure and use.
B. Provider shall conduct periodic risk assessments and remediate any identified security vulnerabilities in a timely manner.
C. Provider shall also have a written incident response plan, which shall include but is not limited to, prompt notification to the District in the event of a security or privacy incident, as well as procedures for responding to a breach of any of the District’s Data in Provider’s possession. Provider agrees to share its incident response plan upon request.
13. NOTIFICATION OF AMENDMENTS TO POLICIES.
A. Provider shall not change how Data is collected, used, or shared under the terms of this Agreement in any way without advance notice to and consent from the District.
B. Provider shall provide notice to the District of any proposed change to its Terms of Use, Privacy Policy, and/or any similar policies/procedures thirty (30) days prior to the implementation of any such change. The District may terminate the Agreement with Provider upon notification of amendment to such terms.
14. NOTIFICATION OF DATA BREACH.
A. When Provider becomes aware of a disclosure or security breach concerning any Data covered by this Agreement, Provider shall immediately notify the District and take immediate steps to limit and mitigate the damage of such security breach to the greatest extent possible.
B. The Parties agree that any breach of the privacy and/or confidentiality obligation set forth in the Agreement may, at the District’s discretion, result in the District immediately terminating this Agreement and refusing to enter into a contract with Provider or otherwise allow Provider access to any District Data for a period of
not less than five (5) years.
C. In addition to and notwithstanding any termination provision set forth in the underlying agreement(s), in which the District shares Data with Provider, this Agreement and such underlying agreement(s) may be terminated by the District if Provider fails to cure such breach within thirty (30) days of receiving written notice from the District of such breach provided that the breach was directly caused by the Provider’s actions or omissions (or such longer time necessary to cure such breach if the breach cannot be cured in 30 days). The Party in breach shall identify to the non-breaching Party all steps taken to cure such breach and the estimated timeframe for such cure.
15. INDEMNIFICATION.
A. Provider shall indemnify and hold harmless the District and its officers, agents, subcontractors, and employees, from any and all claims, losses, suits or liability, including reasonable attorneys’ fees for damages or costs directly resulting from the acts or omissions of Provider that directly cause a breach of personally identifiable information or data, or its officers, agents, subcontractors, or employees while performing under this Agreement.
16. TERMINATION.
A. The District may terminate this agreement at any time at its discretion upon written notification to Provider. If the District terminates the Agreement, or if Provider ceases to perform services for the District that requires access to Data, Provider shall return to the District all Data delivered to it or collected during the course of the Agreement. Further, Provider shall certify to the District in writing within five (5) business days that all copies of the Data stored in any manner by Provider have been returned to the District and permanently erased or destroyed using industry best practices to assure complete and permanent erasure or destruction. These industry best practices include, but are not limited to, ensuring that all files are completely overwritten and are unrecoverable. Industry best practices do not include simple file deletions or media high level formatting operations.
17. SEVERABILITY.
A. The provisions of this Agreement are severable. If a court of competent jurisdiction determines that any portion of this Agreement is invalid or unenforceable, the court’s ruling will not affect the validity or enforceability of the other provisions of the Agreement.
18. ENTIRE AGREEMENT.
A. This document states the entire agreement between Provider and the District with respect to its subject matter and supersedes any previous and contemporaneous or oral representations, statements, negotiations, or agreements. For avoidance of doubt, the limitation of liability provision set forth in the Services Agreement will apply to this Agreement