Updated: March 7, 2020
Learning Ally (referred to below “we” or “us”)’s mission is to promote personal achievement when access and reading are barriers to learning by advancing the use of accessible and effective educational solutions. Our websites, apps, and other services (collectively, the “Services”) are important tools in the pursuit of this mission.
We are committed to safeguarding and protecting the personally identifiable information
Personally Identifiable Information” or “PII”) that we gather from individuals like you (a “User” or “Users”) who utilize our Services or contact us.
Learning Ally’s privacy, data use, and data retention policies conform to the requirements of the Children’s Online Privacy Protection Act (COPPA, 15 U.S.C. § 6501-6505 and 16 CFR Part 312) and align with industry standards of best practices for protecting PII. Learning Ally is staunchly committed to protecting the PII of all Users, particularly children, and meeting the standards set forth in COPPA, even though tax exempt organizations such as Learning Ally are granted a waiver (15 U.S.C. § 6501 (2) (B)).
Users who provide us with information on behalf of other Users (e.g., parents, guardians) should be aware that this Policy also applies to the collection, storage, and use of those other Users’ PII. Users in this situation should ensure that they have such powers, duties, and consents as reasonably required from those other Users before contacting us on their behalf or using our Services on their behalf.
We comply with applicable laws that impose additional responsibilities on Learning Ally beyond those stated in this Policy in connection with the treatment of PII.
1. Collecting Personally Identifiable Information
We do not collect PII from a User unless they provide it to us voluntarily and knowingly. Users can do so by registering for our Services or requesting information from us, whether by website, smartphone app, phone, or otherwise. By doing any of the foregoing, Users are acknowledging that they are providing us with their PII voluntarily and in accordance with this Policy and applicable law..
We do not sell or rent any PII, such as names or other personal data, that we collect through our Services, nor do we store any credit card information.
(a) Contact and Other Account Information:
We collect PII directly from a User when they create an online account with us for our Services, or otherwise contact us with an information request. This type of information may include:
- email address;
- date of birth;
- telephone number;
- company or group of affiliation; and
- the reason for contact with us.
We collect this information in order to manage that User’s relationship with us, including in order to facilitate the use of our Services and facilitate communication with us.
We collect dates of birth, specifically, in order to make age-appropriate recommendations to Users when they use our Services, and otherwise to increase the functionality and relevance of our Services.
(b) Disability Verification Information:
We collect PII related to a User’s disability, as applicable, when they choose to use our Services and provide us with a Certificate of Eligibility or other proof of disability. This information is limited to one of the conditions qualifying for our Services under Marrakesh Treaty Implementation Act (17 U.S.C. §121 et seq.) and the Marrakesh Treaty to Facilitate Access to Published Works for Persons Who Are Blind, Visually Impaired or Otherwise Print Disabled (Marrakesh VIP) in the jurisdiction of residence. For more information about the Marrakesh VIP and our obligations thereunder, please email us at customercare@LearningAlly.org or call us at 800-221-4792. To comply with applicable law, we collect PII such as:
- the status of the disability, whether a reading or perceptual disability, specific learning disability, reading accommodation, visual disability and/or physical disability; and
- similar, related information as requested from time to time.
(collectively, “Disability Verification Information”).
A Qualified Educator or Qualified Evaluator with relevant professional experience to attest to a User’s Disability Verification Information must confirm the Disability Verification Information. Users can provide this confirmation in different formats, which will include at least some of the following PII about the Qualified Educator or Evaluator, which may be attributed to the User as part of their Disability Verification Information:
- title/professional specialty;
- licensing authority;
- license number;
- place of employment;
- telephone number; and/or
- email address.
(c) Providing Personally Identifiable Information on behalf of Another User:
Given the nature of our Services, a User may provide us with information on behalf of an individual who wishes to use our Services or act as a competent authority (see Section 1(b), “Disability Verification Information”).
If a User provides us with PII about another User in their capacity as a parent, a guardian, a school administrator, a public guardian, and/or a patient providing confirmation from a Qualified Educator or Evaluator regarding Disability Verification Information, this must only be done after the providing User has obtained consent from the other User to the collection, storage and use of their PII in accordance with this Policy and applicable law.
In the case of an educational institution contracting with Learning Ally to provide the Service to students, Learning Ally presumes the educational institution has received verifiable parental consent to provide a student’s PII to Learning Ally for the use of the Service. The educational institution is responsible for ensuring verifiable parental consent is received and proof thereof is maintained. In all cases—
Student PII is collected solely as required for the student to utilize the service.
Student PII is retained only to ensure the efficient operation of the Service.
Student PII is retained only to the extent necessary to make improvements in the Service and comply with audit and records maintenance requirements.
Student PII is never used for a commercial purpose.
Cookies may be used to enhance User experience when using our Services. Cookies are pieces of information that we transfer to a device’s storage through browser technologies to enable our systems to recognize that particular device and browser and to provide features such as remembering customized settings for using our Services and saving passwords.
(e) Internet Protocol Address:
We collect an internet protocol (“IP”) address from a User who accesses our Services. An IP address is a number that is automatically assigned to a device when it is connected to the Internet. We use IP addresses to help diagnose problems with our server, administer app, and to improve our Services.
(f) Non-Personal Electronic Information:
We use non-personal electronic information, such as log files that record and collect information about general site traffic, site usage, and length of stay. We may use this data to improve our Services’ performance or content. This data is used in aggregate and does not contain PII.
2. Storing Information
All information provided to us is transmitted using Secure Sockets Layer (“SSL”) encryption. SSL is a proven coding system that lets a browser automatically encrypt, or scramble, data before it is sent to us. We also protect account information by placing it on a secure portion of our website that is only accessible by Learning Ally employees who need access to PII to perform a specific job. Voluntarily submitted data we collect through our website is stored on a secure, password protected server. Vendors we use to store data (see Section 3, “Sharing Information”) use industry-standard encryption technologies in the receipt and transfer of voluntarily submitted data. Unfortunately, no data transmission over the Internet is 100% secure. While we strive to protect Users’ information, we cannot ensure or warrant the security of such information.
(a) Location of Information:
We store information, including PII, in the U.S. We will not store it in Canada or elsewhere. This means that Users’ information may be accessible to U.S. courts, law enforcement and national security authorities.
(b) Data Breach Response:
Learning Ally shall promptly and without unreasonable delay notify affected parties upon learning of any actual or suspected misappropriation or unauthorized access to, or disclosure or use of PII (a “Data Breach”). We shall promptly investigate each Data Breach that we become aware of or have reason to suspect may have occurred and, in the case of an actual Data Breach, shall reasonably cooperate with affected parties, relevant regulators, and local, state and federal law enforcement as appropriate in connection with any investigation of the suspected or actual Data Breach as required. We shall reasonably cooperate with relevant authorities and contracted data security experts in identifying any reasonable steps that should be implemented to limit, stop or otherwise remedy any actual or suspected Data Breach.
3. Sharing Information
We limit the use of PII and other information as follows: providing our Services, informing Users about Learning Ally and its programs and improving our Services and content. We do not use PII from education records to market to students
Adult User PII (educators and parents) may be used to send notices on Service related special events, news, and program updates. We do not sell or rent PII. We may send adult Users periodic emails on a variety of topics. A User may start or stop receiving such emails at any time by sending an email to customercare@LearningAlly.org, or by following unsubscribe or mail preferences links in those emails.
There are circumstances where we may share information without notice or consent when required by law or lawful authority. For example, from time to time, we may be compelled by legal action to release information (e.g., statutory reporting obligation, search warrant, court order, bankruptcy or insolvency proceedings etc.).
We may also share information with consultants and affiliates for internal business purposes or to properly offer the Services as set out in Section 3(a).
(a) Third Party Service Providers:
There are certain services supplied to us by third parties, such as email platform hosts or server hosts. These third parties are authorized to use a User’s PII only as necessary to provide these services to us, and in a manner consistent with this Policy. We have selected third party service providers who will only use User information in compliance with this Policy, but they may have their own specific policies regarding the collection, storage and use of PII. Please note that third parties may store a User’s PII anywhere in the world, and it may be accessible to foreign courts, law enforcement and national security authorities in the jurisdiction(s) where it is transferred or stored.
In regards to Users under 13 years old their PII may be shared with the following third-party providers in order to deliver the Service:
Amazon Web Services – database hosting
Amazon Simple Notification Service – Service-related notifications through applications
Both can be contacted at https://aws.amazon.com/contact-us/?nc1=f_m
(b) Other Websites
Our Services may contain links or otherwise rely on other sites, services, platforms or apps (“Other Services”), which have information and services that may be helpful. These Other Services may have their own privacy policies and practices. When a User transacts with these Other Services by clicking on a link or starting a process involving those Other Services, we cannot control what happens with their PII. We assume no responsibility for the privacy policies or information collection practices of Other Services. Users should read the privacy policies on all such Other Services as their policies may be different than ours.
4. Access to Information; Retention
(a) Review and Correction:
A User may, upon request, review and correct the PII that we have collected from them or from another User on their behalf (see Section 1(c), “Providing Personally Identifiable Information on behalf of Another User”). Such procedures may not, however, compromise the security, integrity and privacy of our proprietary databases or databases licensed from third party companies.
A parent, guardian, school administrator, or public guardian can review or have deleted the child's PII, and refuse to permit further collection or use of the child's PII by contacting us per the contact details below. We will take steps to verify the identity of anyone requesting PII about a child and to ensure that the person is in fact the child's parent, legal guardian, or school administrator.
We will retain a User’s PII for only so long as reasonably necessary for us to properly provide the Services to the User for which that PII was collected. In all cases—
Student User PII is collected solely as required for the student to utilize the service.
Student User PII is retained only to ensure the efficient operation of the Service.
Student User PII is retained only to the extent necessary to make improvements in the Service and comply with audit and records maintenance requirements.
Student User PII is never used for a commercial purpose.
5. Do Not Track Disclosure
We do not support “Do Not Track”. Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser. For further details, visit https://www.eff.org/issues/do-not-track.
6. Changes to Policy
This Policy, as well as policies specific to the various operating departments within Learning Ally, will be periodically assessed against new technologies, business practices and our members’ changing needs. We may, from time to time, modify this Policy to reflect legal, technological and other developments.
We reserve the right at any time and without notice to change this Policy by posting such changes. Any such change will be effective immediately upon posting.
Learning Ally, Inc.
20 Roszel Rd
Princeton, NJ 08540
Attention: Privacy Officer
We can also be reached via e-mail at customercare@LearningAlly.org , and if your subject line includes Attention: Privacy Officer, we will route it accordingly.