Last Modified: September 15, 2021
Effective Date: September 15, 2021
This policy explains:
1. WHAT THIS POLICY COVERS.
Teachstone offers a wide variety of products and services, and we refer to all of our products, services, events, and the Teachstone Websites collectively as our “Services.” Our Services include the following:
2. WHAT INFORMATION WE COLLECT ABOUT YOU.
We rely on various legal reasons and permissions (each, a “legal basis”) to process your personal data, including your consent, when given, a balancing of legitimate interests, necessity to enter into and perform contracts, and compliance with legal obligations, for a variety of purposes described below.
You have choices when it comes to the Services and features that you use and the data you share. When you are asked to provide personal data, you can decline. Many of our Services require some personal data to operate and provide the Services or features to you. If you choose not to provide data necessary to operate and provide certain Services or features, then you cannot use those Services or features. Likewise, when were are required by law to collect personal data or when we need to collect personal data to enter into or carry out a contract with you, and you do not provide the data, we will not be able to enter into the contract; or if this relates to existing Services you are using, we may have to suspend or terminate your access to those Services. We will notify you if that is the case at that time. Where providing the data is optional, and you choose not to share personal data, certain features like personalization that use the data will not work for you.
In order to use some of our Services, you are required to activate and use a Teachstone User Account (a “Teachstone User Account”). In some cases, you can create a Teachstone User Account yourself, and in other cases a Teachstone User Account may have been created for you by, or on behalf of, an organization that you are affiliated with (such as your employer).
The information we collect depends on the context of your interactions with us and the choices you make (including your privacy settings), the Services and features you use, your location, and applicable law. The information we collect can include the following:
3. HOW WE COLLECT INFORMATION.
We use different methods to collect information from and about you, including through:
4. HOW WE USE PERSONAL INFORMATION.
4.1. Overview of how we use personal information.
How we use the information we collected depends, in part, on the Services and features you use, how you use them, any preferences you have communicated to us, and whether your Teachstone User Account is an Organization End User Account (as described in Section 6.3 below). We use data to:
When we process personal data about you, we only do so with your consent and/or as necessary to provide the Services to you, operate our business, meet our contractual and legal obligations, protecting the security of our systems, users, customers, and third parties, or to fulfill other legitimate interests of Teachstone as described in this Section 4 and in Section 5 below. When we transfer personal data from the European Economic Area, we do so based on a variety of legal mechanisms, as described in Section 4.3 below.
4.2. More details on the purposes of processing.
Below are additional details about the purposes for which we process information:
5. HOW WE SHARE PERSONAL INFORMATION.
We share information we collect about you in the ways discussed below, including in connection with possible business transfers.
5.1. Sharing with other users. When you use our Services, we share certain information about you with other users of our Services.
At the request of your organization, we may also act on your organization’s behalf to share information about you with third parties.
5.1.2. For Collaboration. When you use our Services, you can create and upload content, which may contain information about you, and grant others permission to view, edit, copy, download, or share that content based on the settings selected by you or your administrator (if you access our Services through an Organization End User Account).
5.1.3. Coaches and Observers. As part of our Observation Data Services, we may share coaching and observation data related to classroom instruction and feedback from coaching and observers between the relevant teachers, coaches, observers.
5.1.4. Social Features and CLASS Learning Community. When you use social features in our Services (such as the CLASS Learning Community), other users may see some of your activity. You should be aware that any information you provide through shared or publicly available portions of our Services (including profile information associated with your Teachstone User Account) may be viewed by other Teachstone users. Your posts and certain profile information may remain even after your Teachstone User Account is closed. To request removal of your information from shared or publicly accessible websites operated by Teachstone, please contact us as provided below. In some cases, we may not be able to remove your information, in which case we will let you know if we are unable to and why. To learn more about the social features and other functionality, please review documentation or help content specific to the applicable Teachstone Services.
5.2. Sharing with third parties. We share information with third parties that help us operate, provide, improve, integrate, customize, support, and market our Services. If you access our Services through an Organization End User Account, we also share information as directed by your employer or other organization.
5.2.1. Service Providers. We use various third-party service providers to provide website and application development, hosting, maintenance, backup, storage, virtual infrastructure, billing and payment processing, technical support and services, database management, contact management, analysis, and other services for us, which may require us to store information about you on their systems or may require them to access or use information about you. Before providing our service providers with access to information about you to perform services on our behalf, we require such service providers to enter into binding contracts with us that require them to comply with policies and procedures designed to protect your information.
5.2.2. With your consent. We share information about you with third parties when you give us consent to do so. We will not knowingly disclose your personal information to a third party if we know or have reason to believe that the third party will use your personal information for direct marketing purposes, unless you opt-in or otherwise expressly consent for such sharing.
5.2.3. Pursuant to your organization’s directions. If you access our Services through an Organization End User Account, we also share information as directed by your employer or other organization. For example, if your organization decides to integrate observation scores from our Services with a third-party system for tracking observation scores, we may share information about your observation scores with that third-party system as requested by your organization.
5.2.4. Compliance with Applicable Laws, Enforcement Requests, and Protecting Rights and People. We may share information about you with a third party if we have a good faith belief that sharing that information is reasonably necessary: (i) to comply with any applicable law, regulation, legal process, subpoena, or governmental request; (ii) to enforce our agreements, policies, and terms of service; (iii) to protect the integrity and security of our Services; (iv) to protect Teachstone, our customers and users, children, or the public from harm or illegal activities; or (v) to respond to an emergency which we believe requires us to disclose information to assist in preventing the death or serious bodily injury of any person.
6. HOW TO ACCESS AND CONTROL YOUR PERSONAL INFORMATION.
6.2. Your communication preferences. You can choose whether you wish to receive marketing or promotional communications from Teachstone by e-mail, physical mail, and telephone. If you receive promotional e-mail messages from us and would like to opt-out, you can do so by following the directions contained in those messages. Through the settings available when you login to your Teachstone User Account, you can elect whether or not to receive periodic updates from the system about your activity in the Learning Resources and Observation Data Services. You may also unsubscribe from Teachstone e-mails by clicking the unsubscribe link we include at the bottom of every e-mail we send.
6.3. Organization End User Accounts. Many of our Services are intended for use by organizations, such as schools and school systems. If your employer or other organization provides you with access to our Services and/or you access our Services through an Organization End User Account, your use of our Services is subject to your organization’s policies, if any. In that case, your choices may be limited, and you should direct your privacy inquiries, including any requests to exercise your data protection rights, to your organization’s administrator. When we provide Services through an Organization End User Account, your organization is the “data controller” and we are the “data processor.” We are not responsible for the privacy or security practices of our customers, including any organization you are affiliated with, which may differ from those set forth in this privacy statement. In addition, you may lose access to your Teachstone User Account and to the Services, content, and materials associated with that account, if your affiliation with that organization ends.
6.4. European Economic Area Users. If you are an individual in the European Economic Area (EEA), you have the following rights under data protection laws in relation to your personal data, which you may exercise by contacting us using any of the methods described in Section 10 below:
6.4.1. What we may need from you. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
6.4.2. Response time. We try to respond to all legitimate requests within 30 days. Occasionally it could take us longer than 30 days if your request is particularly complex or you have made multiple requests. In that situation, we will notify you and keep you updated.
6.4.3. No fee usually required. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
7. WHERE WE STORE AND PROCESS PERSONAL INFORMATION.
7.1. International transfer of information we collect.
We collect information globally and primarily store and process that information in the United States. We may transfer, process, and store your information outside of your country of residence to wherever we, or our third party service providers, operate for the purpose of providing our Services. Whenever we transfer your personal information, we take appropriate measures to protect it.
We transfer personal data from the European Economic Area and Switzerland to other countries, such as the United States, some of which have not yet been determined by the European Commission to have an adequate level of data protection. When we engage in such transfers, we use a variety of legal mechanisms, including contracts, to help ensure your rights and protections travel with your data. To learn more about the European Commission’s decisions on the adequacy of the protection of personal data in the countries where Teachstone processes personal data, we suggest that you review this article on the European Commission website.
7.2. Privacy Shield Notice.
Under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, we are responsible for the processing of information about you we receive from the European Union, the European Economic Area, the United Kingdom, and Switzerland and onward transfers to a third party acting as an agent on our behalf. We comply with the Privacy Shield Principles for such onward transfers and remain liable in accordance with the Privacy Shield Principles if third-party agents that we engage to process such information about you on our behalf do so in a manner inconsistent with the Privacy Shield Principles, unless we prove that we are not responsible for the event giving rise to the damage.
We are committed to resolving complaints about our collection and use of your personal information, and we encourage you to contact us as provided below should you have a Privacy Shield-related (or general privacy-related) complaint. We have further committed to refer unresolved Privacy Shield complaints to the JAMS Privacy Shield Program, an alternative dispute resolution provider in the United States. Please visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you. We will cooperate with JAMS pursuant to the JAMS International Mediation Rules, which are accessible on the JAMS website at: http://www.jamsadr.com. Through this third-party dispute resolution provider, we have also committed to cooperating and complying with the information and advice provided by an informal panel of data protection authorities in the European Economic Area, the United Kingdom, and/or the Swiss Federal Data Protection and Information Commissioner (as applicable) in relation to unresolved complaints (as further described in the Privacy Shield Principles). You may also contact your local data protection authority within the European Economic Area, the United Kingdom, or Switzerland (as applicable) for unresolved complaints. Under certain conditions, more fully described on the Privacy Shield website, including when other dispute resolution procedures have been exhausted, you may invoke binding arbitration. We are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
8. COOKIES AND SIMILAR TECHNOLOGIES.
8.2.1. Essential Processes and Security: To enable essential functions of the Teachstone Services, such as to facilitate logging you in to the Teachstone Services, facilitating payments, protecting your security, and helping us fight spam, abuse, and violations of the agreements governing your use of the Services.
8.2.2. Preferences: To remember information about your browser and your preferences.
8.2.3. Performance, Analytics, and Research: To help us understand and measure how you use our Services and to improve our Services.
9. OTHER IMPORTANT PRIVACY INFORMATION.
9.3. Children Under Age 16. We are committed to protecting the privacy of children under the age of sixteen (16) years (each a “Child” and collectively, “Children”). Access to and use of the Teachstone Services by Children is prohibited. The Teachstone Services are not designed for or marketed to Children, and we do not knowingly collect personal information from Children. If we learn we have collected or received personal information from a Child, we will delete that information. If you believe we might have any information from or about a Child, please contact us.
9.5. Google API Data Usage. Some of our Services utilize or link to TORSH applications. TORSH applications offer an optional integration with Google Calendar through the Google API. When this integration is enabled and authorized by the user it will use the Google Calendar integration for the purposes of scheduling events. Events scheduled within TORSH applications can be added to the user’s Google calendar by the TORSH application. The TORSH application can also use the user’s schedule on Google Calendar to determine if they have availability for an event. TORSH will only use information from Google Calendar for the purpose of scheduling events and will not share any data from Google APIs with anyone and will not store that information longer than is necessary to schedule the event. TORSH applications access this information through the Google API which requires authorization from the user.
9.6. Do Not Track Policy. California law requires that operators of websites and online services disclose how they respond to a Do Not Track signal. Some browsers have incorporated “Do Not Track” features. Most of these features, when turned on, send a signal or preference to the website or online service that a user visits, indicating that the user does not wish to be tracked. Because there is not yet a common understanding of how to interpret Do Not Track signals, we do not currently respond to Do Not Track signal.
9.8. Our retention of personal information. We retain personal data for as long as necessary to provide our Services and fulfill the transactions you have requested, or for other legitimate purposes, such as complying with our legal obligations, resolving disputes, and enforcing our agreements. Because these needs can vary for different types of information, the context of your use of our Services or our other interactions with you, the actual retention periods can vary significantly. After the applicable retention period, we will either delete or anonymize your personal information or, if that is not reasonably feasible (for example, because the information has been stored in a backup archive), then we will securely store your personal information and isolate it from any further use. If we anonymize your personal data (so that it can no longer be associated with you), we may use that information indefinitely without further notice to you.
9.8.1. Personal information in backups. After personal data is deleted or anonymized in our production (primary) systems, copies of the personal data may remain in our backups for a limited period of time until it is overwritten, replaced with subsequent backups, or otherwise deleted pursuant to our backup retention schedule. Personal data that was previously deleted or anonymized based on your request or the expiration of the applicable retention periods, but which remains in our backups, will be put beyond use, and we will:
If we ever access or restore data from our backups, we will take appropriate technical and organizational measures to ensure that personal data that was previously deleted or anonymized pursuant to your request is not processed again after the restoration and is promptly deleted or anonymized again.
9.9. Security. We have implemented appropriate security measures so safeguard your personal data from accidental loss or deletion and from unauthorized access, use, alteration, and disclosure. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to access that information. We require all such persons to process your personal data only pursuant to our instructions, and all such persons are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach, and we will notify you and any applicable governmental authority of a breach when we legally required to do so. The safety and security of your information also depends on you. You are responsible for safeguarding your Login Credentials associated with your Teachstone User Account and notifying us immediately if you suspect your Login Credentials for your Teachstone User Account have been compromised. We urge you to be careful about giving out information in public areas of the Teachstone Services. The information you share in public areas may be accessed by any of our users. You are strongly cautioned to never share sensitive information with other users through the Teachstone Services.
10. HOW TO CONTACT US.