Privacy & Data Policy

We do not provide access to your data by any third party applications, nor is it shared or sold to anyone else. Student data is not mined or used by any other applications created by Interval Technology Partners, nor is it mined for any marketing purposes. Your data is your data. It will not be released without authorization. Your data is only accessible to users assigned to your private account and by the Enriching Students administrative team. It is also important for you to understand that your student data is accessible to anyone whom you give access to for your account. This includes teachers, para professionals and administrators. If you provide a person a user login they will have access to see every students schedule, grades (if you import them) and personal information (name, grade, email address, etc.). We DO NOT ask for, nor do we store a student’s social security number.

Security Features

We have established multiple security measures to ensure that your data remains secure. Here is an outline the steps we have taken:

  • All communication to the site is done via SSL, so all communication is encrypted
  • We follow OWASP (Open Web Application Security Project) recommendations regarding data input into the application. No data is sent directly to the database.
  • All data is parameterized first, preventing any type of SQL Injection Attacks.
  • Passwords stored on the site are stored using industry best practices.
  • All passwords are encrypted and each password is salted differently. This means that, even if two individuals enter the same password, it will be encrypted differently because each is salted differently, making it much harder to crack passwords.
  • An account is locked out after three unsuccessful login attempts.
  • There is a small use of cookies on the site. The site is configured so that the cookies are only available via HTTPS.

STUDENT DATA PRIVACY SPECIAL TERMS AND CONDITIONS

This Student Data Privacy Special Terms and Conditions (hereinafter “Agreement”) is by and between its customer, the School District (“School”) and Interval Technology Partners, LLC (“Company”), a contractor performing institutional services and functions that will require student data to perform those services and functions.

1. Company and School have contracted for the Company to provide scheduling software for personalized learning, RTI and enrichment for high schools (“the Services”), which are institutional services and functions, to School. In the course of performing the Services, Company will obtain confidential student records and/or confidential student record information that contain personally identifiable student records, data and/or personally identifiable information and other non-public information, including but not limited to student data, metadata and user content (“Data Files”). School and Company acknowledge and agree that this Agreement is for the purpose of sharing Data Files between the parties in a manner consistent with the Family Education Records Privacy Act of 1974 (“FERPA”) and New Hampshire student record laws and regulations, RSA 193-C, 193-E, and 189:67; Part Ed 1003, 1119.01 (“State Regulations”). The Data Files will be used by Company and its employees to populate student data only for the purpose of delivering these Services. Company further acknowledges and agrees that all copies of such Data Files, including any modifications or additions to Data Files or any portion thereof from any source, are subject to the provisions of this Agreement in the same manner as the original Data Files. The ability to access or maintain Data Files and/or any portion thereof under this Agreement shall not under any circumstance transfer from Company to any other party.

2. Company acknowledges and agrees that it is providing institutional services or functions for School and that it is under direct control of School with respect to the use and maintenance of Data Files in connection with these Services. Company additionally acknowledges and agrees that at no point in time is the Company the owner of the Data Files.

Ownership rights are maintained by School and School reserves the right to request the prompt return of any portion of the Data Files and/or all Data Files at any time for any reason whatsoever. Company further acknowledges and agrees that it shall adhere to the requirements set forth in both federal and state law regarding the use and redisclosure of the Data Files or any portion thereof, including without limitation, any student data, meta data, user content or other non-public information and/or personally identifiable information contained within the Data Files. Company also acknowledges and agrees that it shall not make any re-disclosure of any Data Files or any portion thereof, including without limitation, any student data, meta data, user content or other non-public information and/or personally identifiable information contained in the Data Files, without the express written consent of School. Additionally, Company agrees that only authorized employees of the Company directly involved in delivering the Services shall have access to the Data Files or any portion thereof, including without limitation, any student data, metadata, user content or other non-public information and/or personally identifiable information contained in the Data Files and that it and its employees shall protect the confidentiality of the Data Files or any portion thereof, including without limitation, any student data, meta data, user content or other non-public information and/or personally identifiable information contained in the Data Files in such a way that parties other than officials of School and their authorized agents cannot identify any students.

Company supports access by parents and students to data files and personal information held for review and/or correction on terms and conditions approved by School in writing to Company.

3. Company also acknowledges and agrees to:
(i) use Data Files shared under this Agreement for no purpose other than in connection with and through the provision of the Services provided under this Agreement with School.
(ii) use reasonable methods, including but not limited to, appropriate technical, physical and administrative safeguards, that reflects technology best practices and is consistent with industry standards, to protect the Data Files and/or any portion thereof from re-disclosure that is created, sent, received, stored, processed or transmitted in connection with the Services under this Agreement while the Data Files and/or any portion thereof contained therein is both at rest and in transit. Company further acknowledges and agrees to conduct periodic risk assessments and remediate any identified security and privacy vulnerabilities in a timely manner.
(iii) not share the Data Files and/or any portion thereof received under this Agreement with any other entity without prior written approval from School and the prior written approval of the parent/guardian of the student or eligible student.
(iv) not copy, reproduce or transmit the Data Files and/or any portion thereof ,except as necessary to fulfill the Services.
(v) not re-disclose, transfer or sell the Data Files and/or any portion thereof.
(vi) not to use the Data Files and/or any portion thereof to market or otherwise advertise directly to students and/or their parents/guardians.
(vii) not to use the Data Files and/or any portion thereof to inform, influence or guide marketing or advertising efforts or to develop a profile of a student or group of students for any commercial or other purposes.
(viii) not to use the Data Files and/or any portion thereof contained therein for the development of commercial products or services.
(ix) not to mine the Data Files and/or any portion thereof for any purposes other than those agreed to by the parties. Company further acknowledges that data mining or scanning of user content for the purpose of advertising or marketing to students or their parents/guardians is expressly prohibited.
(x) notify the School’s Designated Representative in writing within three (3) days of its determination that it has experienced a data breach, breach of security, privacy incident or unauthorized acquisition or use of any Data Files and/or any portion thereof contained therein. Company agrees that said notification shall include, to the extent feasible, the date or approximate dates of such incident and the nature thereof, the specific scope of said breach (i.e., what data was accessed, used, released or otherwise breached, including the names of individual students that were affected by said breach) and what actions or steps with respect to the incident that Company plans to take or has taken in response to said breach.
Additionally, Company agrees to adhere to all requirements in the New Hampshire Data Breach law and in federal law with respect to a data breach related to the Data Files, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach. Company further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Data Files of any portion thereof, including personally identifiable information and agrees to provide School, upon request, with a copy of said written incident response plan.
(xi) not provide any Data Files or any portion thereof to any party ineligible to receive student records and/or student record data and information protected by FERPA and State Regulations or prohibited from receiving the Data Files or any portion thereof and/or any personally identifiable information from any entity under 34 CFR 99.31(a)(6)(iii).
(xii) maintain backup copies, backed up at least daily, of Data Files in case of Company system failure or any other unforeseen event resulting in loss of Data Files or any portion thereof.
(xiii) upon receipt of a written request from School, immediately provide School with any specified portion of the Data Files within three (3) calendar days of receipt of said request.
(xiv) upon receipt of a written request from School, immediately begin the process of returning all Data Files to School and subsequently erasing and/or otherwise destroying any Data Files, be it digital, archival or physical form, including without limitation any copies of the Data Files or any portions thereof that may reside in system backups, temporary files or other storage media and or are otherwise still in Company’s possession and/or in the possession of any subcontractors, or agents to which the Company may have transferred Data Files or any portion thereof, in a manner consistent with technology best practices and industry standards for secure data disposal methods such that Company and/or any of its subcontractors or agents are no longer in possession of any student work belonging to School and to ensure that the Data Files cannot be recovered and are securely destroyed and to provide School with any and all Data Files in Company’s possession, custody or control within seven (7) calendar days of receipt of said request. Company also will provide School with written certification, including an inventory of its Data Files destruction, and with written certification, including an inventory of all Data Files returned to School, within fifteen (15) days of its receipt of School request for destruction of Data Files.
(xv) in the event of the Company’s cessation of operations, Company will promptly return all Data Files to School in an organized, manageable manner and Subsequently erasing and/or otherwise destroying any Data Files, be it digital, archival or physical form, including without limitation any copies of the Data Files or any portions thereof that may reside in system backups, temporary files or other storage media which are otherwise still in Company’s possession and/or in the possession of any subcontractors, or agents to which the Company may have transferred Data Files or any portion thereof, in a manner consistent with technology best practice and industry standards for secure data disposal methods such that Company and/or any of its subcontractors or agents are no longer in possession of any student work belonging to School and to ensure that the Data Files cannot be recovered and are securely destroyed. Company also will provide School with written certification, including an inventory of its Data Files destruction, and with written certification, including an inventory of all Data Files returned to School, within fifteen (15) days of Company’s cessation of operations.
(xvi) not use, disclose, compile, transfer, sell the Data Files and/or any portion thereof to any third party or other entity or allow any other third party or other entity to use, disclose, compile, transfer, sell or use for the purpose of behaviorally targeted marketing the Data Files and/or any portion thereof; not keep or use such data files for non-educational purposes (other than the work and fees agreed-upon between the School and Company.
(xvii) provide School with written certification, including an inventory of its Data Files destruction, within fifteen (15) days of an event in which the Company, or any of its subcontractors or agents to which the Company may have transferred Data Files or any portion thereof, has technology or storage media failure which must be replaced or serviced, to ensure that all Data Files or any portions thereof that are contained therein are sanitized, erased and/or otherwise destroyed.
(xviii) delete School Data Files that it collects or receives under this Agreement once the Services referenced in this Agreement lapse or are terminated within 60 days of termination, request, or after a student has separated from the School (graduated or otherwise left school) provided School notifies Company that such student has separated from the School.
(xix) upon receipt of a litigation hold request from School, immediately implement a litigation hold and preserve all documents and data identified by School and suspend deletion, overwriting, or any other possible destruction of documentation and data identified in, related to, arising out of and/or relevant to the litigation hold.
(xx) upon receipt of a request from School, allow School to audit the security and privacy measures that are in place to ensure protection of the Data Files or any portion thereof.
(xxi) cooperate fully with School and any local, state, or federal agency with oversight authority/jurisdiction in connection with any audit or investigation of the Company and/or delivery of Services to students and/or School, and shall provide full access to Company’s facilities, staff, agents and School Data Files and all records pertaining to the Company, School Data Files and delivery of services to School. Failure to cooperate shall be deemed a material breach of the Contract.
(xxii) not assign, subcontract or in any way transfer any interest in this Agreement without the prior written consent of School.
Notwithstanding any other provision of this Privacy Agreement, Company may use any de-identified School Data Files for internal product development and improvement and/or research provided Company obtains written consent of School’s Designated Representative. Company acknowledges and agrees that de-identified School Data Files is defined as data files that have all direct and indirect personal identifiers removed, including any data that could be analyzed and linked to other data to identify the student or the student’s family members, including without limitation parents/guardians. This includes, but is not limited to, name, ID numbers, date of birth, demographic information, location data, and federal, state and/or local school identification numbers. Company also acknowledges and agrees not to attempt to re-identify de-identified School Data Files and not to transfer de-identified School Data Files to any party unless (a) that party agrees in writing not to attempt re-identification, and (b) prior written notice has been given to School who has provided prior written consent for such transfer.

4. Company certifies under the penalties of perjury that it complies with all federal and state laws, regulations and rules as such laws may apply to the receipt, storage, maintenance or access to personal information, including without limitation, all standards for the protection of personal information of residents of the State and maintaining safeguards for personal information.

Company hereby further certifies it has a written comprehensive information security program. Further, the Company hereby certifies it shall fully comply with the provisions of the federal Family Educational Rights Privacy Act, 20 U.S.C. §1232g and regulations promulgated thereunder and New Hampshire student records law and regulations (RSA 193-C, 193-E, and 189:67; Part Ed 1003, 1119.01), and to fully protect the confidentiality of any student data, metadata, user content or other non-public information and/or personally identifiable information provided to it or its representatives. Company further represents and warrants that it has reviewed and complied with all information security programs, plans, guidelines, standards and policies that apply to the work it will be performing, that it will communicate these provisions to and enforce them against its subcontractors and will implement and maintain any other reasonable and appropriate security procedures and practices necessary to protect personal information and/or student record information from unauthorized access, destruction, use, modification, disclosure or loss.

Company also represents and warrants that if the Data Files or any portion thereof, including without limitation, any student data, meta data, user content or other non-public information and/or personally identifiable information, is to be stored on a laptop or other mobile electronic device, that such electronic devices are encrypted and that all such devices will be scanned at the completion of any contract or service agreement and/or research study or project to ensure that no personal information and/or student record information is stored on such electronic devices. Furthermore, Company represents and warrants that it has in place a service that will allow it to wipe the hard drive on any stolen laptop or mobile electronic device remotely and have purchased locks for all laptops and mobile electronic devices and have a protocol in place to ensure use by employees.

Company shall incorporate privacy and security when developing or improving its educational products, tools and services, and comply with applicable laws.

5. Company represents, warrants and agrees that its terms of service/terms and conditions of use, license agreement and/or privacy policies dated January 1, 2017 shall be amended as it relates to the Services as follows:
(i) Any provision contained in the Company’s terms of service, terms and conditions of use, license agreement and/or privacy policies regarding the School, as a user, to indemnify the Company are hereby deleted in their entirety.
(ii) Any provision in the Company’s terms of service, terms and conditions of use, license agreement and/or privacy policies that require that the School, as a user, to carry insurance coverage are hereby deleted in their entirety.
(iii) Any provision in the Company’s terms of service, terms and conditions of use, license agreement and/or privacy policies which specifically disclaim all implied warranties or merchantability, non-infringement and fitness for a particular purpose, the implied conditions of satisfactory quality and acceptance as well as any local jurisdictional analogues to the above and other implied or statutory warranties are hereby deleted in its entirety.
(iv) Any provision in the Company’s terms of service, terms and conditions of use, license agreement and/or privacy policies by which the School is specifically releasing the Company from liability are hereby deleted in their entirety.
(v) Any changes that the Company may make, from time to time, to its terms of service, terms and conditions of use, license agreement and/or privacy policies, shall be posted to the Company’s website with notice to School’s Designated Representative via email.
(vi) The laws of the State of New Hampshire shall govern this Agreement and the parties agree to be bound by the laws of the State of New Hampshire in the resolution of any dispute concerning any of the terms and conditions of this Agreement and consent to the exclusive jurisdiction of the United States Court for the District of New Hampshire and/or the trial courts of New Hampshire for any actions arising out of or related to this Agreement and any governing law and or choice of law provisions in the Company’s terms of service, terms and conditions of use, and license agreement and/or privacy policies which are to the contrary are hereby deleted in their entirety.
(vii) All Data File rights, including intellectual property rights, shall remain the exclusive property of School and/or the student, as applicable, and Company is a limited, nonexclusive licensee solely for the purpose of performing its obligations as outlined in this Agreement. This Agreement does not give the Company any rights, implied or otherwise, to Data Files or any portion thereof, content or intellectual property, except as expressly stated in this Agreement. This includes, without limitation, the right to sell or trade the Data Files or any portion thereof. Any provisions to the contrary in the Company’s privacy policy, terms of service, terms and conditions of use and/or license agreement are hereby deleted in their entirety.

6. The designated representative for the Company for this Agreement is:
and
The designated representative for School for this Agreement is:

7. No delay or omission of either party to exercise any right hereunder shall be construed as a waiver of any such right and School reserves the right to exercise any such right from time to time, as often as may be deemed expedient.

8. Any successor entities to School or Company shall be bound by this Privacy Policy in its entirety. Any violation of this Privacy Policy by any successor entity shall be deemed a material breach of the Contract.

9. Company represents that it is authorized to bind all related or associated institutions, individuals, employees or contractors who may have access to the Data Files and/or any portion thereof, or may own, lease or control equipment or facilities of any kind where the Data Files and portion thereof stored, maintained or used in any way, to the terms of this Agreement, including confidentiality and destruction of Data Files and any portion thereof contained therein,.

10. The terms and conditions of this Agreement may only be modified if posted to the Company’s website with notice to the School’s Designated Representative via email.

IN WITNESS WHEREOF, and in consideration of the mutual covenants set forth herein and for other good and valuable consideration, and intending to be legally bound, each party has caused this Agreement to be duly executed under seal as of the day and year first written above.