In order to reaffirm the commitments, we’ve made to schools, Radix℠ LMS has signed the Student Privacy Pledge. This pledge, introduced by the Future of Privacy Forum (FPF) and The Software & Information Industry Association (SIIA), is intended to reflect our commitment to safeguard student personal information in our services designed for use in K-12 schools.
Radix℠ LMS’s mission is to give students, parents, teachers, and school leaders the power to manage, organize and monitor all learning activities in one platform. We’re dedicated to maintaining your trust at Radix℠ LMS to provide these services every day. It is extremely important for us to retain this trust through the users’ privacy and safety.
Radix℠ Learning Management System (“ Radix℠ ”, “ Radix℠ LMS”, “we”, “us”, “our”) provides Software as a service (SaaS) to educational institutions and schools (EIs), receives disclosures from the EIs of personally identifiable information (PII) contained in student, teacher and parent records. Only information that is needed for Radix℠ LMS to perform services outsourced to it by the EI is disclosed to Radix℠ LMS. These disclosures are authorized under the Family Educational Rights and Privacy Act (FERPA), a federal statute that regulates the privacy of student records by EIs that receive financial assistance from the U.S. Department of Education. We, as a contractor to the EI, receive the disclosures on the same basis as school officials employed by the EI, consistent with FERPA regulations, 34 CFR §99.31(a)(1)(i)(B). Consistent with those regulations, we have a legitimate educational interest in the information to which it is given access because the information is needed to perform the outsourced service, and Radix℠ LMS is under the direct control of the EI in using and maintaining the disclosed education records, consistent with the terms of its contract.
We are subject to the same conditions on use and re-disclosure of education records that govern all school officials, as provided in 34 CFR §99.33. In particular, we must ensure that only individuals that we employ or that are employed by our contractor, with legitimate educational interests – consistent with the purposes for which we obtained the information — obtain access to PII from education records it maintains on behalf of the EIs.
To enhance the functionality and delivery of our LMS, we may engage third-party service providers (“Service Providers” or “Contractors”) to assist us with specific services, such as email/SMS notifications. In this context, we may provide these Service Providers access to email addresses and phone numbers for the sole purpose of delivering notifications and communications to the users of Radix LMS. No other personal or covered information will be shared with Service Providers, and they are bound by contractual obligations to maintain the privacy and security of this information, in compliance with the applicable laws.
In accordance with 34 CFR §99.33(a) and (b), we may not re-disclose PII without consent of a parent or an eligible student who is 18 years old or above or is enrolled in postsecondary education unless the agency or institution has authorized the re-disclosure under a FERPA exception and the agency or institution records the subsequent disclosure. An example of such a disclosure is when we are requested by EIs to assist them in the transfer of the student records from our system to another system.
We will not sell or otherwise use or re-disclose education records for targeted advertising or marketing purposes. We do not allow advertising within its products, and therefore there is no advertising of any kind. We use data within our products only to deliver the services contracted by the educational institution. We may use anonymized, non-PII data internally to improve the products and services we deliver to EIs.
We employ technological and operational measures to ensure data security and privacy, including security systems technology, physical access controls. All data is housed within the United States.
All employees of Radix℠ LMS are required to sign an Acknowledgement and Agreement of Policies that commits the employees to comply with our data privacy and security policies and receive required security and privacy training, including commitments and training regarding the prohibition on disclosure of student data.
We do not own any of the student data or school-created data within its products. These data within the products are property of, and under the control of the educational institution. The collection, input, use, retention, disposal, and disclosure of any information in our software applications are controlled solely by the EIs which license our products. We cannot delete, change, or disclose any information from Radix℠ LMS controlled by the EI.
In the event any third party (including the eligible student or parent/guardian of the eligible student) seeks to access education records, we will immediately inform the EI of such request. We shall not provide access to such data or information or respond to such requests unless compelled to do so by court order or lawfully issued subpoena from any court of competent jurisdiction or directed to do so by the EI. Should we receive a court order or lawfully issued subpoena seeking the release of such data or information, we shall provide immediate notification, along with a copy thereof, to the EI prior to releasing the requested data or information, unless such notification is prohibited by law or judicial and/or administrative order or subpoena.
If the EI is unable to fulfil a request of an eligible student or parent/guardian to review the student’s records, we can assist at the direction and expense of the EI. In such an event where a parent, legal guardian, or eligible student seeks to make changes to the data within our products parents, legal guardians, or eligible students shall follow the procedures established by the EI in accordance with FERPA. Generally these procedures establish the right to request an amendment of the student’s education records that the parent or eligible student believes is inaccurate, misleading, or otherwise in violation of the student’s privacy rights under FERPA. Parents or eligible students who wish to ask the EI to amend their child’s or their education record should write an EI official (often a Principal or Superintendent), clearly identify the part of the record they want changed, and specify why it should be changed. If the EI decides not to amend the record as requested by the parent or eligible student, the EI will notify the parent or eligible student of the decision and of their right to a hearing regarding the request for amendment. Additional information regarding the hearing procedures would be provided to the parent or eligible student when notified of the right to a hearing.
In the event we become aware of a data breach or inadvertent disclosure of PII, we shall take immediate steps to limit and mitigate such security breach to the extent possible. We will notify a senior member of the affected EIs leadership team, ideally the Principal, Chief Executive or similar. This typically will occur within 24 hours of confirmation of the event and would include the known relevant details. The EI and we will work cooperatively in determining an action plan, including any required notification of affected persons. Additionally, we will comply with all applicable state and federal laws regarding data breach notification and cooperate fully with authorities and the affected EI in determining an appropriate action plan, including any required notification of affected persons.
In the event of termination of contract to use our products, we work with the EI, in accordance of the terms of the EIs contract, to destroy all student records contained in our systems and then will permanently delete all archival or backup copies of the agency’s or institution’s data. We shall not knowingly retain copies of any data or information received from EI once EI has directed us as to how such information shall be returned and/or destroyed. Furthermore, we shall ensure that it disposes of any and all data or information received from EI in a commercially reasonable manner that maintains the confidentiality of the contents of such records (e.g. shredding paper records, erasing hard drives, erasing any portable electronic devices). At the request of the EI, we will provide a written certification of destruction.
To the extent parents, guardians or students have questions regarding the content of, or privacy associated with, any applications used by the educational institution, please contact that agency or institution.
We may, from time to time, update this policy to be in compliance with evolving state and federal laws and regulations. We will not materially change our policies and practices to make them less protective of your privacy without the written consent of the EI and the EI may rely upon any and enforce any current or prior version of this policy unless otherwise agreed to in writing.