Kidaptive Personal Data Policy

INTRODUCTION AND DEFINITION OF KEY TERMS
To do our job, we need to collect, store, analyze, and report on data about learners. Learners we support (and their families) deserve to know about our practices with respect to safeguarding those data, so we've tried to write a Personal Data Policy that is clear and concise.
Let’s start by defining some key terms:
  • “We”/”our” refer to Kidaptive, Inc.
  • “Partner(s)” refers to companies on whose behalf Kidaptive processes personal data.
  • “End user(s)” refers to people (learners, teachers, parents, etc.) who use our partners’ learning products.
  • “Personal data” is used as defined by the European Union’s General Data Protection Regulation (GDPR): https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-personal-data_en
    (We chose this definition because is at least as broad as those used in other relevant laws, regulations, etc.)
FROM WHOM WE COLLECT PERSONAL DATA
As of January 2019, Kidaptive works only with providers of learning products rather than directly with end users, so all personal data that Kidaptive processes have been obtained through end users’ interactions with our partners. We rely on our partners to have followed all applicable laws and best practices when obtaining personal data.
THE TYPES OF PERSONAL DATA WE COLLECT
The personal data we collect about end users from partners may include any of the following:
  • [ROUTINELY] Data about interactions with educational products (e.g., starting a lesson, responding to a question, watching a video)
  • [OFTEN] Evaluation data: test scores, proficiency estimates, teacher observations
  • [SOMETIMES] Demographic data: age group, gender, state of residence
  • [RARELY] Specific identifying information: given name, surname, date of birth
HOW WE USE PERSONAL DATA
We process personal data only to improve learning experiences. We do this in three ways:
  • Analytics: We may help our partners understand how their educational products are working (or not) to support learner progress.
  • Insights: We may generate personalized insights for end users about how best to support learner progress.
  • Recommendations: We may provide personalized recommendations about optimal next steps for learners (e.g., best next question to ask or instructional resource to present within an educational product).
HOW WE (DON’T) SHARE PERSONAL DATA
Kidaptive will never sell, rent, give away, or otherwise distribute personal data except when doing so is required by law. We may, however, sometimes share data in completely de-identified form (so that it’s no longer “personal data”) as part of collaborations with researchers to advance the science of learning. (We are, after all, a company full of learning scientists.)
Required legalese: Even though Kidaptive will not participate in any onward transfer of personal data to any third party (unless compelled by a lawful governmental order), Kidaptive will remain liable for any third-party processing of personal data unless Kidaptive can prove that it is not responsible for the event giving rise to the damage.
HOW WE SECURE PERSONAL DATA
We process and store personal data securely. Our technology runs on Amazon Web Services (AWS), which is certified on the following standards from the International Organization for Standardization (ISO): Our technology also uses state-of-the-art technical, administrative, and physical security protocols. For example, data are encrypted both while stored in our Adaptive Learning Platform (ALP) and while traveling back and forth to partners; data access is granularized so that people, tools, and services can only access data that are relevant for their current task; and our infrastructure is constantly monitored through Amazon CloudWatch.
YOUR RIGHTS REGARDING YOUR PERSONAL DATA
We will honor all relevant rights of anyone whose personal data we process. In most cases, the personal data we process are pseudonymized by our partners before we receive them, which means that we cannot identify the person whose data they are except by an arbitrary numeric ID. In the rare cases where we can identify an individual whose personal data we process, those individuals can assert all of their rights directly with us. In particular, if we can identify your personal data:
  • You can access whatever personal data we have about you and correct, amend, or delete those data.
  • You can tell us whether or not to share your data. We do not share any personal data with anyone—see HOW WE (DON’T) SHARE PERSONAL DATA above—and even if one day we were to change that, we would make a public announcement and offer end users the choice to opt in or out before we engaged in any third-party data sharing.
In all other cases, we will help individuals connect with the appropriate partner to assert their rights, and we will then work with the partner as needed. (For example, if you ask us to take some action regarding your personal data, we may need a partner’s help to determine which data are yours so that we can comply with your request.)
PRIVACY SHIELD PARTICIPATION
We comply with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. We have certified to the Department of Commerce that we adhere to the Privacy Shield Principles. If there is any conflict between the terms in this policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
CHANGES TO THIS POLICY
If we ever make a substantial (i.e., “material”) change to this Personal Data Policy, we will announce it on our website and via social media. And if someday some other company acquires us, we will require that all data collected under this Personal Data Policy remain protected by it.
QUESTIONS, COMMENTS, CONCERNS, OR COMPLAINTS
If you have any questions, comments, concerns, or complaints about anything in this Personal Data Policy, please send an email to our Data Protection Officer at dataprotectionofficer@kidaptive.com. Any remaining complaints can be referred to JAMS, an alternative dispute resolution (ADR) provider who can address your complaint with us at no cost to you. Please visit https://www.jamsadr.com/eu-us-privacy-shield to learn more JAMS. And under certain conditions more fully described on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted. Finally, for purposes of enforcing compliance with the Privacy Shield program, we are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).