Exclsis360.com Platform & Services Privacy Statement
Our Excelsis360.com School Platform & Services Privacy Statement applies to our Excelsis360.com products and services (“products”, “platform” or “services”) licensed by our educational agency and institution customers (“customers” or “schools”). These services include but are not limited to excelsis360.com ERP Solution and Excelsis360 Mobile apps. This Statement applies to information we collect from, or collect or maintain on behalf of, our school customers using these services, including the personal information of school employees, parents/guardians, students, etc. as well as school website and custom mobile app users.
While we do not provide information to third parties other than as described in this statement, our school customers may choose to do so. This Statement does not apply to information that schools provide to, or that is collected by, third parties through any of our services when that information sharing is determined by and controlled by our school customer. Schools should carefully read the privacy policies of such third party services before agreeing to share personal information with those parties through our services.
We do not determine what, if any, personal information that our school customers choose to make publicly available, such as on their school websites or apps. This Statement does not apply to such personal information that schools choose to make publicly available such as on their school websites (Presence) or their custom school apps. We will not sell, trade, lease or loan such publicly available student personal information we host or access through our services to any third party for any reason, including for marketing or advertising.
We operate as a school service provider, meaning that our customer agreement is with an educational agency or institution (“customer”) and not with an individual educator, parent, student or other individual (“user”) including not with visitors to our school websites or users of our school mobile applications. As such, we collect and maintain both customer and user personal information, including student personally identifiable information from education records, only acting as authorized by our customer agency/institution to deliver services to and on behalf of the agency/institution (e.g., in the United States, with regard to student personal information, as a “school official” as allowed under the federal Family Educational Rights and Privacy Act (FERPA)). In this role, we are deemed by the school to perform a service or function for which the school would otherwise use its employees.
By using our product(s) or service(s), you agree to the terms of this Privacy Statement.
We collect and maintain only the information that is necessary to provide the Services to and on behalf of our customer agency/institution, or as otherwise shared with us by the agency/institution or their users.
We use this personal information to verify and provide access to your account, to correspond with you, to deliver our products and services, to resolve problems in service delivery, and as otherwise requested or directed by the agency/institution. We may as necessary also use this personal information to ensure legal or regulatory compliance, to protect the safety of individuals or the security of the service, to take precautions against liability, and as otherwise required or permitted by law. We neither claim nor assert any other rights or licenses to use student personally identifiable information.
In general, we do not knowingly collect personal information directly from students, including children under 13, but only as shared with us by our customer agency/institution. Exceptions are a student username, password and related account login credential information that we collect directly from the student if necessary when they login to our services as authorized by their school. By default, students cannot create an account – to enable our direct collection of their personal information – without the school’s consent. When we do collect student personal information directly from students, including children under the age of 13, we do so only on behalf of and under the direct control of our customer agency/institution, and the agency/institution is responsible for obtaining any necessary prior parental consents. Should we learn that we collected personal information from a child under 13 and the school does not provide proof of consent within a reasonable time, we will delete all such personal information. We do not enable or encourage students to make their personal information publicly available.
More specifically, our services may collect, maintain and/or access the following types of personal information:
· • Parent and school staff contact information such as names, language preferences and contact data (e.g., phone number, email address, and device ID);
· • Student information such as name, unique identifier, email address, attendance, lunch account status, bus route, and class schedule;
· • Account login credentials and session information such as usernames, passwords, email address, IP addresses, device IDs, and/or session cookies to automate customized settings;
· • Notifications our school customers send to their constituents (e.g., staff, parents/guardians); and
· • Student or other personal information within files or web pages hosted on our platform or distributed through our services.
In addition, a few of our services may, as needed to deliver the service, also collect or maintain the following personal information:
· • Through Presence (school website hosting): student and school staff photos.
When you use our school and other mobile applications, you may also be prompted to grant the app access to certain information and functions on your device, including your device ID, geolocation information, and calendar. We do not access this information, which remains on your device. This information is necessary for your device to enable the app to remain updated with the latest school information such as receiving push notifications, importing calendar events, and identifying nearby schools.
We use aggregate or anonymous information for other purposes such as to evaluate, develop, improve and market our services.
We do not sell, trade, lease or loan the personal information we collect or maintain to any third party for any reason, including that we do not sell or otherwise share student personal information with direct marketers, advertisers, or data brokers.
We do not knowingly share or disclose student personal information with any other third parties other than as needed to deliver and improve the service, as permitted or required by law or government authorities such as for law enforcement or judicial purposes, as necessary to protect the rights or safety of individuals or the service, to ensure legal or regulatory compliance or take precautions against liability, or as otherwise expressly directed by our customers. Through our services, our customers may choose to disclose such information in their sole discretion, such as by displaying it on their school website operating on our platform, but we are not responsible for such disclosures.
Access to personal information is limited to our employees and our service providers as needed to deliver the service, to the school customer, and to other third party organizations if enabled by, and as determined by, the school.
We do not share student personal information with third parties, though a few of our service providers may have limited access to such information within our data systems in the course of their providing us with data analytics, software programming and related services to support our service delivery, evaluation or improvement. In some instances, we store student personal information with a third party data hosting provider, though student personal information is secured through access controls and electronic protection methods to prevent provider access. We have agreements in place with all third parties with access to student personal information to ensure they only use the information for purposes necessary to deliver the authorized service to us and to ensure they maintain the confidentiality and security of the information.
We maintain a comprehensive set of security practices that are reasonably designed in accordance with commercial best practices to protect the security, privacy, confidentiality, and integrity of student personal information against risks – such as unauthorized access or use, or unintended or inappropriate disclosure – through the use of administrative, technological, and physical safeguards appropriate to the sensitivity of the information.
All student personal information is protected according to industry standard security protocols. Data is located in datacenter facilities using industry standard access control protections.
Our services include role-based authorization control functionality to enable our customer school’s account administrator to configure and limit access to student personal information.
We limit internal access to student personal information to only those Excellerate employees and contractors with a need to access the information to deliver the service.
We maintain a comprehensive hiring, training, and retraining process which includes rigorous pre-employment screening. All company employees with access to student personal information receive annual training on privacy laws and best practices for maintaining confidentiality of student personal information.
If we know of a systems security breach by an unauthorized party or that any student personal information was used for an unauthorized purpose, we will comply with relevant state and other data breach laws. We will notify our customer agency/institution of any breach resulting in unauthorized release of data in the most expedient way possible and without unreasonable delay so that you can take appropriate steps.
We use reasonable efforts to assist our customers in identifying any known security breach in their systems or processes, but we make no claims or warranties to our customer or to any user for any inability, failure or mistake in connection with such assistance.
We attempt to keep your information complete, current and accurate. The agency/institution on behalf of whom we are collecting or maintaining student personal information has the right to review, correct, have deleted, and/or refuse to permit further collection or use of the information. In cases where such actions are not otherwise provided for by directly available product functionality, we will provide direct assistance within a reasonable time in response to a written request from the agency/institution.
We will also assist the agency/institution in its response to requests from parents/guardians/students to review and/or correct a student’s personally identifiable information, including as required of agencies/institutions under applicable laws (including FERPA in the United States). As needed, we will provide direct assistance to the agency/institution in its response to the parent/guardian within a reasonable time following the agency/institution written request to us for such assistance. If we receive such requests directly from parents/guardians/students, we will refer those requests to our customer agency/institution and will not otherwise directly respond to those requests.
We will permanently delete student personally identifiable information at any time within fourteen (14) business days of a request from the customer agency/institution and within 24 months after the agency/institution account is expired, terminated or otherwise inactive, unless otherwise requested except for the regulatory compliance. Our school customers are provided regular opportunities to update their data, including marking personal information for deletion.
If we are involved in a merger, acquisition, or sale of all or a portion of our assets, including in the case of our bankruptcy, you will be notified via email of any change in ownership. In such a case, a successor entity will adhere to the terms of this privacy statement with regard to the previously collected student personal information.
We reserve the right at our discretion to change, modify, add or remove portions of this Privacy Statement from time to time. We will note any such changes by updating the publication date of this Privacy Statement. If we make significant changes, we will also provide notice to our customer agency/institution by sending an email to the account administrator. If we make any material changes to this privacy statement impacting student personal information that lessen protections previously noted herein, we will provide our customer agency/institution with thirty (30) days notice prior to implementing those changes and provide choice for termination of services and deletion or return of such information. In some cases, when required by law, we may ask you to agree to changes before they go into effect. By continuing to use our product(s) or service(s) after we provide notice of any changes to our privacy statement, you agree to the terms of this privacy statement.
If you are the administrator of an educational agency/institution customer account and have any questions about this statement or if you believe we are not handling your information in accordance with our privacy statement, please contact us per the information below.
If you are otherwise a user of one of our school services, we encourage you to first contact your educational agency/institution with any questions or concerns regarding this privacy statement or our handling of personal information.
Excellerate Education Solutions
1040 Dundee Ave #202, East Dunde, Il, 60118.
This policy was last updated on July 1st , 2020.