SchoolMint is committed to the highest privacy standards.
SchoolMint’s Commitment to You
What is Personally Identifiable, De-Identified, & Aggregated Data?
PII, as typically defined in the education industry, is information that can be directly utilized to identify a specific individual, or linked data elements that when combined may be used to indirectly identify a specific individual (e.g., a student’s first and last name, email address, home address, phone number, social security number and certain other information to the extent they are linked and/or coupled with PII). De-identified information is information that does not identify a specific individual and cannot reasonably be used to identify a specific individual either alone or in combination with other de-identified data. Aggregate information is data combined into de-identified groups.
Who Owns Data & How is Data Used?
All data remains the property of and is solely owned, and thereby controlled, by you. You grant SchoolMint a non-exclusive, royalty free license, to use equipment, software, your data, or other material of yours solely for the purpose of providing, maintaining, and supporting you and other licensees with SchoolMint Products. SchoolMint may use and distribute your data for only lawful purposes outside the scope of the Agreement, provided always that such data must be de-identified and/or aggregated. State laws often utilize product development and analysis as lawful examples of de-identified and/or aggregated data being used as described here.
What Information Is Collected?
SchoolMint, in its role as a vendor to Educational Agencies, receives disclosures from the Educational Agencies, which include the PII contained in student records. Educational Agencies that contract with SchoolMint to provide products and/or services disclose, along with parents, legal guardians, and eligible students (“Constituents”), any and all data utilized in SchoolMint’s Products. These disclosures are explicitly authorized by FERPA.
What Information Do We Share, Disclose, & Retain?
Information collected through SchoolMint Products may, at your request, be supplied to SchoolMint’s partners, who perform work for us under contract or sell products or services that complement our products and services. Information is only supplied to other companies and organizations at your request (e.g., you request SchoolMint to assist in the transfer of data into your independent student information system). Upon completion of the terms of the contract (i.e., termination by you or SchoolMint), SchoolMint destroys any copy of your data that SchoolMint has in active production environments at the time of termination; however, any data you requested that we share with other companies and organizations would have to be destroyed by you contacting said companies and organizations directly.
Additionally, we may disclose PII in the following situations: (a) in response to a subpoena, court order or legal process, to the extent permitted and required by law; (b) to protect user security or the security of other persons, consistent with applicable laws; and/or (c) in connection with a sale, joint venture or other transfer of some or all of the assets of SchoolMint related to your agreement with SchoolMint. SchoolMint exercises commercially reasonable care to prevent unauthorized sharing or disclosure of the names of users or any PII with third parties, except with the prior approval of the user. This includes, but is not limited to, SchoolMint never selling your data to third-party marketing companies.
In the highly unlikely event that there is an unauthorized disclosure of PII data relating to a Constituent, notwithstanding the above exceptions, SchoolMint will promptly inform you of the following information, if reasonably available to SchoolMint: (1) what information was disclosed; (2) the student(s) affected by the disclosure; and (3) SchoolMint’s course of action to mitigate any further disclosure.
How Can You Access & Correct Erroneous Data?
Under FERPA, a school must provide a Constituent with an opportunity to inspect and review his or her child’s education records within 45 days following its receipt of a request, and some states, including California and Illinois, among others, mandate a shorter time period. A school is required to provide a parent with copies of education records, or make other arrangements, if a failure to do so would effectively prevent the Constituent from obtaining access to the records.
In furtherance of providing optimum data security, SchoolMint provides limited ability to amend data through the use of select SchoolMint Products, as the data is collected, generated, and disclosed by an Educational Agency to SchoolMint and/or proactively supplied by the Educational Agency’s Constituents. Most general data supplied during user registration and/or subsequently provided contact information can be amended by users through logging into their individual account and editing any erroneous data accordingly. In the event there is any erroneous data contained in the student record supplied by an Educational Agency, SchoolMint advises Constituents to contact you to update the erroneous data.
What Do We Do to Enforce Data Privacy?
SchoolMint develops and implements SchoolMint Products in a manner formulated to ensure SchoolMint Products can be utilized in compliance with FERPA and other potentially applicable state and federal laws. Additionally, as part of SchoolMint’s goal to provide secure products and services, SchoolMint employs industry leading technology, including, but not limited to, top cloud production environments that encrypt all data transfers. You shall make certain that your use of SchoolMint Products is governed by a best practices guideline in order to protect your data, as required by law (e.g., minimal password recommendations, proper notice and consent from Constituents, etc.).
SchoolMint trains its employees that access and/or provide support for your data to adhere to strict data access and destruction policies. To prevent unauthorized access from potentially harmful users, SchoolMint does not disclose internal security procedures to any third parties.
Incorporations by State
SchoolMint will provide notification of a security breach pursuant to requirements as mandated in the Florida Information Protection Act of 2014.
SchoolMint will not use Covered Information to engage in targeted advertising.
In accordance with New York Education Law § 2-d, SchoolMint will comply with and incorporate into your agreement the Parents’ Bill of Rights for Data Privacy and Security, as applicable.
SchoolMint will provide notification of a security breach pursuant to the requirements of Pennsylvania’s Breach of Personal Information Notification Act.
Any and all applicable data disclosures containing health information from an Educational Agency are exempt “educational records” as defined by Texas Medical Records Privacy Act, Chapter 181, § 181.058 of the Texas Health and Safety Code.