updated November 15, 2021 Attainment conducts activities in compliance with the laws and regulations applicable to the protection of personal data and data security and protects personal identifiable information (PII) against the highest educational industry standards. This policy establishes what data is collected by the Attainment HUB and how it is protected.
All student records in the Attainment HUB are password protected by the educational staff authorized to see student data. In addition, student login is password protected. It is the responsibility of the LEA and educational staff to protect student data from being seen by unauthorized individuals both on screen and with locally stored data.
The Attainment HUB Student Data Privacy Policy includes the following governing data privacy: FERPA, COPPA, PPRA, CIPA, IDEA and State Regulations.
FERPA is the federal law that protects the privacy of personally identifiable information (PII) in students’ education records. “Education records” are those records that are: (1) directly related to a student; and (2) maintained by an educational agency or institution or by a party acting for the agency or institution. FERPA defines PII to include, but is not limited to: (a) The student's name; (b) The name of the student's parent or other family members; (c) The address of the student or student's family; (d) A personal identifier, such as the student's social security number, student number, or biometric record; (e) Other indirect identifiers, such as the student's date of birth, place of birth, and mother's maiden name; (f) Other information that, alone or in combination, is linked or linkable to a specific student that would allow a reasonable person in the school community, who does not have personal knowledge of the relevant circumstances, to identify the student with reasonable certainty; or (g) Information requested by a person who the educational agency or institution reasonably believes knows the identity of the student to whom the education record relates. Attainment HUB does not collect: first and last name, address, personal identifiers such as the student's social security number, student number, biometric record, student's date of birth, place of birth, and mother's maiden name. However, a student name or nickname may be entered for student login, and in combination with other data, a student may be identified by someone familiar with a specific classroom by way of the student avatar or teacher’s name, for instance. Student PII such as student log in name, is both encrypted and stored in separate tables from student results in AWS (Amazon Web Services) tables, to prevent student records from being associated with a particular student as described below.
COPPA prohibits unfair or deceptive acts or practices in connection with the collection, use, and/or disclosure of personal information from and about children on the Internet. Specifically, COPPA prohibits the collection of PII from any child under the age of 13 without parental knowledge and consent. To comply with COPPA, home use for Attainment HUB is established by a parent or guardian for all Attainment HUB student users under the age of 13 and most Attainment HUB student users, regardless of age. Specific PII for COPPA includes PII under FERPA plus: online contact information, telephone number, a persistent identifier, geolocation information, a photograph video or audio file that contains a child’s image or voice. Attainment HUB does not collect any PII specifically addressed by COPPA, with the exception of login name, which could be any word or phrase but is typically the student’s own name. The highest possible industry standards are applied to protect all student data in order to prohibit the unintended breach of PII as outlined below.
While no specific PII as identified as FERPA or COPPA are required for HUB use, some of the information collected could be used to correlate a specific student with their educational records by someone familiar with the classroom. Therefore, the following pieces of information collected by the Attainment HUB software programs are protected by data encryption and stored in separate tables in order to separate student records from identifiers that could be used to identify a participant by a person familiar with the classroom. Any personally identifiable information (“Personal Information”) we collect from you will be strictly used for the sole purpose of improving our services and will not knowingly be distributed to any third parties without your knowledge and consent.
- Student name: A name is entered to identify the student on screen. While any name, word or phrase can be used, typically, it will be a name that classroom members would associate with that student. Therefore, the student name is not stored in the same AWS table with student results. A unique random number identifier for the student is stored with the student records in order to prevent association with the actual student. Attainment HUB student names are stored in a separate table in the database and are encrypted to prevent identification.
- Teacher name: The teacher name is not stored with student records. The teacher name is also stored as a unique random number identifier with the student records that cannot be associated with the actual student. Teacher names are stored in a separate table in the database protected from identification by encryption.
- Passwords are stored with encryption for data protection.
- Student avatar: The student avatar is stored as a preference, not as an image, but as a cryptic identifier, “Mouth6/BHair5/Eyes3”, etc.
- Any specific student information entered that could be used as a student identifier: In ELSB and ELSB FOS with the All About Me story, most questions are generic, e.g., “Do you have a cat?”, but some questions could, with additional information, be used to identify a student. Therefore, all entries that are unique to a student are stored with encryption.
- Email addresses: The school/teacher email address is stored with the teacher name and encrypted password. Home email is optionally entered by the teacher during home use setup, for convenience. It is encrypted when stored.
- Data communication is protected by transmission through a web request to an HTTPS (Hypertext Transfer Protocol Secure) and encrypted over a secure SSL (Secure Sockets Layer).
Student data is permanently deleted from the AWS database when: 1. An educator deletes Student Results (individual results or all results). 2. An educator deletes a student profile, or 3. A class is deleted by deleting the teacher, deleting all students and student results under that teacher/class. In this way, student data can be permanently deleted at any time by end users. If not deleted by end users, by default, student data is stored for two years. Unless specified otherwise, specific student data older than two years will be deleted on August 1st of each year. Educators or home users who have access to student results can extend data retention via the AWS database up to 5 years. Other arrangements for data retention and deletion are made on a district-by-district or individual basis. Refusal or withdrawal of consent may result in an inoperable product and, or certain features may not be available to the student and teacher. To request the deletion of a user from Attainment HUB, contact info@attainmentcompany.com. If you received an Attainment HUB product through your educational institution and have any questions relating to review, amendments and deletion, please direct all questions to them. Otherwise, please contact info@attainmentcompany.com.
Data destruction follows the U.S. Department of Education, Protecting Student Privacy Best Practice for Data Destruction. When student data is deleted from the AWS database, the data is removed from all user-addressable storage locations to protect against simple non-invasive data recovery techniques. Student data is backed up for an additional 30 days after being deleted from primary resources. After the 30 days, the information is then purged from our AWS resources completely, preventing the data from being recovered.
We use the personal information we collect from students (or about students from teachers) to provide and improve the Service, for educational, security, and safety purposes, or as required by law. We will not require children to provide more personal information than is reasonably necessary in order to participate in the Service.
No method of transmission over the Internet, or method of electronic storage, is 100% secure. While we strive to use the highest standards of commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security. If Attainment HUB becomes aware of a systems security breach by an unauthorized party or that any user data was used for an unauthorized purpose, we will comply with relevant state and other data breach laws. We will notify users of any breach resulting in unauthorized release of data electronically, at minimum, and without unreasonable delay so that you can take appropriate steps. The notification will include: date of the breach, the types of information that were subject to the breach, general description of what occurred, and steps Attainment Company is taking to address the breach.
Protecting Children’s and student’s privacy is especially important to Us. We participate in the iKeepSafe Safe Harbor program. We have been granted the iKeepSafe COPPA Safe Harbor seal signifying that Our Site and The Attainment Hub Web APP as well as the software that runs the Site have been reviewed and approved for having policies and practices surrounding the collection, use, maintenance and disclosure of personal information from Children consistent with the iKeepSafe COPPA Safe Harbor program guidelines. COPPA protects the online privacy of Children under the age of 13; below is an email and phone number for IKeepSafe Safe Harbor program.: Email: privacy@ikeepsafe.org
Attainment provides a variety of software applications for students with disabilities. Some of the applications are installed locally and, therefore, no PII is accessible to Attainment – only to the end user. Some applications are web-based- in these cases there is information considered PII that Attainment will be hosting in a secure, cloud-hosted database. All of the data is secure, meeting the education industry standards of security. Question or Comments About This Policy:
Attn: Privacy Director
Attainment Company, Inc
504 Commerce Pkwy
Verona, WI 53593
United States
Phone: 800-327-4269
Fax: 608-845-8040
info@attainmentcompany.com
We may revise our Privacy Policy from time to time. You can see when the last update was by looking at the "Last Updated" date at the top of this page. We won't reduce your rights under this Privacy Policy without your explicit consent. If we make any significant changes, we'll provide prominent notice by posting a notice on the Service or the Attainment HUB Website and notifying you by email (using the email address you provided), so you can review and make sure you know about them. In addition, if we ever make significant changes to the types of personal information we collect from children, or how we use it, we will notify parents in order to obtain parental consent or notice for those new practices, and provide schools with the necessary information about these changes where they have obtained permission by choosing to act as an agent of the parent and consented on parents behalf using school consent. We encourage you to review this Privacy Policy from time to time, to stay informed about our collection, use, and disclosure of personal information through the Service and Attainment HUB Website. If you don't agree with any changes to the Privacy Policy, you may terminate your account. By continuing to use the Service or the Attainment HUB Website after the revised Privacy Policy has become effective, you acknowledge that you accept and agree to the current version of the Privacy Policy.
Over time, Attainment Company may grow and reorganize. We may share your information, including personal information with affiliates such as a parent company, subsidiaries, joint venture partners or other companies that we control or that are under common control with us, in which case we will require those companies to agree to use your personal information in a way that is consistent with this Privacy Policy. In the event of a change to our organizations such that all or a portion of Attainment Company or its assets are acquired by or merged with a third-party, or in any other situation where personal information that we have collected from users would be one of the assets transferred to or acquired by that third-party, this Privacy Policy will continue to apply to your information, and any acquirer would only be able to handle your personal information as per this policy (unless you give consent to a new policy). We will provide you with notice of an acquisition within thirty (30) days following the completion of such a transaction, by posting on our homepage and by email to your email address that you provided to us. If you do not consent to the use of your personal information by such a successor company, subject to applicable law, you may request its deletion from the company. In the unlikely event that Attainment Company goes out of business, or files for bankruptcy, we will protect your personal information, and will not sell it to any third-party.
It's important to us that we keep your information safe and secure. In order to help Attainment HUB provide, maintain, protect and improve our services, Attainment HUB shares information with other partners and trusted organizations to store it on our behalf in accordance with our instructions, Privacy Policy, and any other appropriate confidentiality, security or other
requirements we deem appropriate. These companies will only have access to the information they need to provide the Attainment HUB service. You can find information on these partners and service providers we work with below, including what data we share with them or they provide to us, the service they provide for Attainment HUB and links to their respective privacy
policies. This list may change over time, and we’ll work hard to keep it up-to-date. If you have any questions, please get in touch here.
Amazon Web Services (AWS) for providing servers, databases and network infrastructure for storage, service delivery and other related services. Specific services include, Amazon S3, EC2 and RDS Info shared: Customer details (name, email, phone)
Clever for single sign-on services
Classlink for single sign-on services
Schoology for single sign-on services
CloudFlare for hosting our domain names