Data Privacy Policy
This Data Privacy Policy (“Policy”) applies to HILL for Literacy (“The HILL”)’s “HILL Online” Platform (“Platform”). The HILL respects your preferences concerning the treatment of Personal Data (further defined below) that we may collect from your use of the Platform, which includes our Continuum, Roadmap, and Expertise products. This Policy informs you of our practices regarding the collection, use, and disclosure of Personal Data when you use Platform and the choices you have associated with that data. Your use of this website constitutes acceptance by your of this Policy.
I. Types of Information We Collect and How We Collect It
A. Categories of data that we collect (collectively defined as “Personal Data”)
School District Information: For school districts and Local Education Agencies (“LEA”), this is administrative information that may include teacher and administrator’s names, job titles/roles, email addresses, phone numbers and the name of school/district. If you provide information about someone else, you confirm that you have the authority to act for them and to consent to the collection and use of their information as described in this Policy.
Student Information: For students, information collected is limited to first/last name, school, grade, teacher(s), literacy assessment data, literacy plan information, and relevant demographic information (“Student Information”). For the avoidance of doubt, while this Policy shall apply generally to Personal Data, Student Information shall also be subject to the privacy provisions that is afforded to the “Student Data” under the Data Privacy Agreement between the HILL and School District and/or LEA.
Electronic Communications Protocols: In addition to the information specified above, we may collect information about your use of the Platform through electronic communications protocols and cookies. As is true when you visit most websites, the HILL may automatically receive information from you as part of the communication connection, which often consists of network routing information (where you came from), equipment information (browser type), your IP address, and date and time. The HILL may also use cookies, embedded URLs, and embedded pixels to capture additional information for diagnostic purposes.
B. How we collect
Business/staff contact information is collected and/or transmitted encrypted using Secure Socket Layer (SSL) technology.
Student Information is collected from student rosters provided by District staff or directly from third-party roster management systems and uploaded into the Platform by secure connections to third-party systems. When this information is collected, it is collected and/or transmitted encrypted using Secure Socket Layer (SSL) technology.
II. Types of Information we do not Collect
Sensitive Data: The HILL does not collect or store Sensitive Personal Information (SPI), including date of birth, social security numbers, driver’s license numbers, state issued ID numbers, biometric data, financial data including debit/credit number or password, pin or access code for a financial account, or health or genetic information.
Minor Data: The HILL does not knowingly collect personally identifiable information from anyone under the age of 13. The HILL does not market or direct its site or services for purchase by individual students regardless of age. These services do not allow students to register directly with the HILL.
III. Ownership and Control of Personal Data/Consent
School Districts retain full ownership and control over the Personal Data transmitted to the HILL. School Districts are responsible for the accuracy of the Personal Data provided to us. School Districts can amend the Student Information directly in the website or by requesting the HILL. All intellectual property rights relating to Personal Data are retained by the School Districts as stipulated in the Data Privacy Agreement (DPA) between the HILL and School Districts.
With respect to Student Information, the HILL’s agreement with the School District requires School District to certify that the Student Information provided to us has parental consent. Procedures for parents, legal guardians, or eligible students to review, correct, or transfer pupil-generated content to a personal account are outlined in the DPA and are the responsibility of the School District.
IV. How Personal Data is used/shared
The HILL uses Personal Data to provide the functionality of the Platform. The HILL may use anonymized, aggregated data for research or analytics purposes. The HILL does not sell, rent, or market Personal Data to third-party companies or services.
In certain situations, the HILL may share Personal Data under specific conditions:
With Service Providers: We may share data with companies that provide services to us, such as data analysis or software support, under strict privacy agreements.
During Business Transition:
Legal Requirements: We may disclose Personal Data if required by law, such as in response to a court order, subpoena, or similar investigative demand, or to establish or exercise our legal rights or to defend against legal claims. We may also need to share Personal Data with a regulatory state agency that oversees our regulatory products and the profession.
To Protect the HILL and Others: In cases where it is necessary to protect the safety, rights, or property of the HILL, our users, or others, we may share Personal Data.
The HILL will request permission before using Personal Data for any purposes other than as agreed to by the School District.
V. Data Retention and Disposal
We retain Personal Data for as long as necessary to fulfill the purposes for which it was collected or as required by law. Upon the termination of the service agreement or at the request of the LEA, the HILL will securely delete or return all Personal Data [in accordance with its internal policies].
VI. Cookies and other tracking technologies
Cookies: The HILL servers may query your browser to see if there are “cookies” previously set by the Platform. Cookies are small text files placed on your computer to collect standard internet log information and visitor behavior information. The HILL uses cookies to enhance and personalize your experience on the HILL platform; gather insights into how you use our website and platform, helping us improve functionality and user experience; and collect standard internet log and visitor behavior information for statistical reports. When you use the Platform, we may automatically receive information, including network routing (where you came from), equipment information (browser type), IP address, and date and time, and cookies, embedded URLs, and embedded pixels to capture additional details.
You can set your browser not to accept cookies and the websites listed below tell you how to remove cookies from your browser.
The length of time that a cookie remains on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. The HILL uses both session and persistent cookies to improve your experience on the platform. Session cookies last until you stop browsing and expire when you close the browser. Persistent cookies last until they expire or are deleted, and will generally expire between 30 days and one year from the date they are downloaded to your device. There may also be third-party cookies, which are cookies set by domains other than the HILL for various purposes, like analytics or advertising.
You can control and manage cookies in various ways. You can typically remove or reject cookies via your browser settings. To do this, follow the instructions provided by your browser (usually located under “settings,” “help”, “tools,” or “edit”). Many browsers are set to accept cookies until you change your settings.
Please keep in mind that removing or blocking cookies may prevent you from accessing certain features of the HILL platform and can negatively impact your user experience.
For further information, visit www.aboutcookies.org or www.allaboutcookies.org.
Do-not-track Signals: This Site does not respond to your browser’s (or app’s) “do-not-track” signals or comparable signals or mechanisms. Please check our Privacy Statement frequently as this may change in the future.
VII. How do we keep your information safe
The security of your Personal Data is a priority to the HILL. The HILL maintains strict data security measures in line with industry standards and compliance with data privacy regulations to protect Personal Data from unauthorized access, disclosure, alteration, or destruction. Access to Personal Data is limited to authorized users and is protected by robust authentication and authorization mechanisms.
The HILL has also adopted a security policy that addresses physical, administrative, and technical safeguards reasonably designed to protect Personal Data, including encryption and regular security assessments to protect your Personal Data from unauthorized access. If your Personal Data is acquired or is reasonably believed to have been acquired by an unauthorized person the HILL will notify you in accordance with law.
To ensure the effective implementation of this Policy and adherence to data privacy regulations, the HILL mandates regular training for all employees and contractors who have access to Personal Data. Training is conducted annually or whenever there is a significant change in the law or our operational practices. The training encompasses legal requirements, our data handling practices, and security protocols. Records of training attendance and materials are maintained to demonstrate compliance.
VII. Third Parties
Third-Party Sharing: The HILL does not share Personal Data with third parties unless explicitly authorized by the School District or required by law.
Review of Third-party Processors: The HILL employs a rigorous selection process to vet third-party processors, ensuring alignment with our data protection standards and compliance with applicable laws. This process includes
Compliance Verification: Verifying the third-party processor’s adherence to privacy laws, regulations, and industry standards.
Data Security Assessment: Evaluating the processor’s data security measures to ensure they meet or exceed the HILL’s standards.
Contractual Agreements: Establishing written agreements that outline the obligations of the third-party processor regarding data protection and privacy.
Ongoing Monitoring: Regularly reviewing the processor’s practices and conducting audits to ensure continued compliance.
Incident Response Coordination: Ensuring coordinated incident response procedures are in place, including notification and remediation processes.
Subprocessors: The HILL engages certain subprocessors, such as Amazon Web Services (AWS), to assist in providing the Platform. These subprocessors have limited access to Personal Data solely for the purpose of providing the contracted services. They are contractually bound to adhere to confidentiality and security obligations consistent with this Data Privacy Policy. The HILL remains responsible for the privacy and security of Personal Data processed by our subprocessors.
Links to Other Websites and Services: The HILL website may include links to other websites we think may be of interest to you and others who visit our website. These other websites are not owned or operated by the HILL and we do not have any control over them. The responsibility for these websites and how your information may be collected, used or shared when you access them belongs to the companies that own and operate them. We encourage you to read the privacy policies of these websites prior to interacting with such sites.
IX. Updates to this Notice
This Policy, without waiving or otherwise releasing any right or obligation under any prior privacy policy or similar document or agreement of the HILL, hereby amends and restates any such prior privacy policy as of the revision date at the end of this Policy.
We reserve the right to modify this Policy at any time and from time to time. We will notify you of changes by posting changes here, or by other appropriate means. Any changes to the Policy will become effective when the updated Policy is posted on this web page (or as otherwise indicated at the time of posting). In addition, this page will indicate the date that our Policy was last changed. Your continued use of our website and services after a revised version becomes effective indicates that you accept the revised version. Therefore, it is important that you read this page regularly to ensure you are familiar with the most updated Policy.
X. Contact Us
If you have any questions about data privacy, you can reach out to our Data Protection Officer at dpo@HILLforliteracy.org. For anything else, contact us at info@HILLforliteracy.org.
You may also write or call us at: 867 Boylston Street, 5th Floor, #1866, Boston, MA 02116 or call 888.860.0190
This Policy was last revised on: 2/21/2024.