K12’s Commitments to Privacy
K12 Inc. seeks to maximize every child’s potential by transforming the educational experience, and making it accessible, engaging and individualized.
- What laws generally apply to student records?
- What non-personally identifiable information does K12 collect?
- How does K12 use non-personally identifiable information?
- When does K12 share non-personally identifiable information?
- How do K12’s Sites use “cookies”?
- Does K12 share information collected from cookies?
- What personally identifiable information does K12 collect?
- Does K12 share personally identifiable information?
- How does K12 use personally identifiable information?
- How does K12 treat personally identifiable information about children under 13?
- What are my California privacy rights?
- What information is collected or shared on message boards and chats?
- What happens when I link to other websites, chat rooms or resources from K12’s Sites?
- What is K12’s commitment to data security?
- What happens if K12’s corporate structure changes?
- Participation in the U.S.-E.U. and U.S.-Switzerland Safe Harbor Programs
“K12 Inc.” or “K12” means K12 Inc. and all of its subsidiaries and Affiliates. An “Affiliate” of K12 Inc. is an entity that controls, is controlled by, or under common control with K12, where “control” means the possession, directly or indirectly, of the power to direct or cause the direction of the management policies of an entity, whether through the ownership of securities, by contract or otherwise.
“K12 School Program” means a school (whether private or public) or school district that offers curriculum and services provided by K12 under a written agreement with K12.
“Local School” means a school district, individual public school, charter school or private school which contracts with K12 for a specific K12 School Program in which your child is or seeks to be enrolled.
“PII” means Personally Identifiable Information. PII is information that, alone or in combination, is linked or linkable to a specific person that would allow a reasonable person, who does not have personal knowledge of the relevant circumstances, to identify the person with reasonable certainty.
What laws generally apply to student records?
What non-personally identifiable information does K12 collect?
Each time you visit our Sites, non-personally identifiable information is automatically entered into an information system. Such information includes your IP address (that is, the unique string of numbers that identifies the device you are using to communicate over the Internet), the name of the Web page from which you accessed our Site, the page or pages you visit on our Site, and how much time you spend on each page.
How does K12 use non-personally identifiable information?
We use this information to monitor and improve our Site and for internal analysis. In particular, we use IP addresses to analyze traffic trends, administer the Site, and gather information for aggregate use. However, IP addresses, whether alone or in combination with other non-PII, are not linked to PII.
We will neither share (except with respect to “cookies”) nor sell non-PII to any third party, except that we may share non-PII i) if required to do so by law, such as by a court order, ii) if permitted to do so for law enforcement, health or safety purposes, iii) if collected within the OLS, to your child’s Local School, iv) to third parties that use it in connection with providing services related to the education of your child in the child’s Local School, or v) where permitted, to protect K12’s legal rights.
We may use third-party cookies of other vendors (such as, but not limited to, Google), to help provide you with relevant information as you use the Internet. These third-party cookies may record that you visited our Sites, as well as the websites that you visited prior to visiting our Sites. Such cookies can then be used to serve relevant messages to you on other websites. The third party cookies do not collect PII.
You also have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. You can use the “help” feature of your browser to determine how to modify it to decline cookies. If, however, you choose to decline cookies, you may not be able to fully experience the interactive features of our Sites or have some of our services on the Sites function properly.
You may choose to opt out of the use of third party cookies for marketing messages on other websites by visiting the Digital Advertising Alliance Consumer Choice Page and opting out with those companies that participate in those choices. On the effective date of this policy, that site was located at http://www.aboutads.info/choices. You may also opt-out of the use of third party cookies for marketing messages on other websites by visiting the Network Advertising Initiative opt out page and opting out with those companies that participate on that site. On the effective date of this policy, that site was located at http://www.networkadvertising.org/choices. Opting out will not prevent advertisements from being served to you on the Internet; it will only affect advertisements that utilize cookies to serve messaging on the specified networks. We are not responsible for the activities of other parties that may not comply with your opt-out requests.
We will not disclose, share or sell non-aggregated information contained within cookies to any third party, except that we may do so if required by law, such as by a court order, or permitted to do so for law enforcement purposes. We may also share non-aggregated information contained within cookies in order to keep track of how you are using the Sites to tailor Web content to your interests.
You can use portions of our Sites without divulging any PII. Our Sites do not collect personal information about individuals except when such individuals specifically provide such information on a voluntary basis (for example, when registering with a Local School for a K12 School Program; requesting additional information by contacting us; signing up for a K12 in-person event; posting a message to a message board; requesting help; engaging in an online chat; or accessing, adding to, or changing the information on your account information page on the OLS). When you register your children for a K12 School Program or participate in a Local School, you are providing us with information regarding you and your children. This personal information may be collected on our Sites, or via telephone, facsimile or conventional mail. The types of information that you may be asked to provide, depending on what services you would like to receive, include but are not limited to: first and last name; postal address; telephone number; the names and ages of your children; the services you request; registration and enrollment information about your children; and an e-mail address where we can contact you. If you are enrolling in one of K12’s private schools or making a purchase from the K12 store, we may also collect credit card information from you.
Registration and enrollment information that you provide may be provided to your Local School or to third parties as required by state or federal law or requested by your Local School. Information provided by you or the child may be provided to state and federal agencies, including law enforcement as may be required or permitted by law.
To the extent that third party vendors assist K12 in the provision of online products or services, those vendors are provided the minimum amount of data required to perform the tasks for which they have been engaged, consistent with legal requirements, such as FERPA. They have no independent rights to such data and have agreed to maintain the confidentiality of the data, to use it solely for the purpose of performing the school-based tasks for which they have been engaged and to safeguard the data as required by law and by contract.
Only if permitted by state and federal law, K12 may share your information with companies that are not affiliated with K12 but that are interested in sending you information about their products and services. You can request that your personal information not be shared with third parties by making a request in writing to privacy@K12.com.
K12 may use the PII to provide educational services to your children who are enrolled in a Local School, and to otherwise support your children and you with regard to matters such as testing, academic progress, attendance, customer service, student affairs or for health or safety purposes. K12 may also use PII to protect its own legal rights.
K12 responds to customers who have requested information from us and to answer questions. Because we only call customers at the telephone numbers they leave for us to provide the requested information, K12 does not call people by generating random or sequential telephone numbers. K12 may use pre-recorded messages when allowed by law in order to ensure that customers receive the information they requested. Customers do not have to consent to receive calls in order to receive K12’s services.
Once you have registered your children in a Local School for a K12 School Program (whether you registered on our Sites, or through offline communications), there will be a personal information page on the OLS that contains some or all of your personal information. You may also be assigned a Member ID and password and may create, at your discretion, a Member ID for your children any time you are logged on to the OLS. If you designate someone other than yourself as a learning coach, that person will also be assigned a Member ID. The Member IDs will be used to recognize you, the learning coach and your children on the OLS. The Member IDs will allow K12 to recognize: your first and last name; registration ID; type of account, such as teacher, administrator, parent, learning coach or student (if you created a separate Member ID and password for your children or learning coach); your child’s Local School; integration number; the e-mail address you provided, and the education records of your child associated with the account. The Member IDs and the OLS will also allow you and the learning coach to track your children's attendance, school work, and testing, and to submit relevant portions of same to K12, and/or your Local School to track your children's progress and abide by state and/or federal standards and regulations.
K12 and/or your Local School may use PII provided by you in the OLS to contact you or your child’s learning coach about your child's progress, testing, attendance, or other school issues or for customer service, and quality control procedures. The PII is also used to deliver services to you or your child’s Local School or to carry out activities that you or your child’s Local School has requested. K12 also uses PII voluntarily supplied by you to fulfill requests for information, and to deliver requested services to you and your children.
K12 will use or share PII if required to do so by law, such as a court order, or permitted to do so for law enforcement, health or safety purposes or to protect K12’s legal rights.
If permitted by applicable state and federal law, K12 may use your information to provide you with information about new products and services available through K12 and may aggregate PII to improve the educational experience or to determine how K12’s educational products and services may interest other persons.
We understand that children who are under 13 years of age need enhanced safeguards and privacy protection, as set forth in the Children's Online Privacy Protection Act (COPPA). COPPA protects the information privacy of children under the age of 13 by requiring web site operators and online services to post privacy policies and obtain verifiable parental consent before collecting information from those children.
K12 receives personal information about children who are under the age of 13 strictly from their parents or guardians at the time those children are enrolled into a Local School using a K12 School Program. The only information received directly from your children is the information they provide (such as test answers, electronic mail and class discussions) in the OLS as part of their education in a K12 School Program.
Other than through the OLS, the Sites do not solicit children to provide personal information. We also do not knowingly contact or collect PII from children under 13.
Nevertheless, we want to provide assurances that information about young children is safe. If you want to notify us that we have inadvertently received information for a child under the age of 13 as, for example, by fraud or deception by others, please email us at privacy@K12.com. Also, you can review certain personal information that K12 has regarding your children by making such a request in writing to privacy@K12.com.
For information on COPPA and the use of children's personal information, please contact:
K12 Legal Department
2300 Corporate Park Drive
Herndon, VA 20171
Under the California “Shine The Light” law, California residents may opt-out of K12’s disclosure of PII to third parties for their direct marketing purposes. You may choose to opt-out of the sharing of your personal information with third parties for marketing purposes at any time by emailing us at privacy@K12.com.
As of January 1, 2016, the Student Online Personal Information Protection Act becomes effective in California. K12 will protect “covered information” consistent with the new law.
We may offer message boards and chat rooms to you on our Sites. Please be aware that anyone may read your postings on a message board or in a chat room. Furthermore, all information which you submit to be posted to a message board or in a chat room will be available to all users of that message board or chat room, and is therefore no longer private. We cannot guarantee the security of such information that you disclose or communicate online in public areas such as message boards and chat rooms, and you do so at your own risk. We reserve the right, but not the obligation, to monitor the content of the message boards only and to republish your postings from message boards or chat rooms elsewhere on the Web or otherwise in any format.
To reduce the risk of unauthorized access, maintain data accuracy, and ensure the correct use of information, we have put in place commercially reasonable physical, electronic, and managerial procedures to safeguard and secure the information we collect. We also use Secure Sockets Layer (SSL) protocol on your account information and registration pages to protect sensitive personal information. We encrypt credit card numbers that you provide to us. As effective as our safeguards are, no security system for data is completely impenetrable. Therefore, K12 cannot guarantee that PII you supply will not be intercepted by others.
K12 is a participant in the U.S.-E.U. and U.S.-Switzerland Safe Harbor programs developed by the U.S. Department of Commerce and the European Union and Switzerland. We have certified that we adhere to the Safe Harbor Privacy Principles agreed upon by the U.S., the E.U. and Switzerland. For more information about the Safe Harbor and to view our certification, visit the U.S. Department of Commerce's Safe Harbor Website. If you would like to contact K12 directly about the Safe Harbor program, please send an e-mail to legal@K12.com.
(1) how his or her Personal Data (defined below) that is transferred to K12 in the United States is processed, disclosed and transferred;
(2) his or her choices with regard to how such Personal Data will be used or disclosed by K12; and
(3) his or her other rights with regard to that Personal Data.
This Policy complies with the Safe Harbor Principles as agreed upon by the United States Department of Commerce and the European Commission. Consistent with its commitment to protect personal privacy, K12 adheres to these Safe Harbor Principles, which can be found at http://www.export.gov/safeharbor.
All capitalized terms used in this Policy are defined at the end of this Policy.
This Policy applies only to the processing of Personal Data that K12 receives in the United States concerning its European Customers and Employees.
This Policy does not cover data from which individual persons cannot be identified, or situations in which pseudonyms are used (the use of pseudonyms involves the replacement of names or other identifiers with substitutes, so that identification of individual persons is not possible).
III. Collection and Use of Personal Data
K12 may receive Personal Data concerning Customers and Employees: (1) directly from the Customer or Employee, (2) from a European Affiliate or (3) through other means.
K12 uses Employee Personal Data for business and employment purposes, including without limitation: (1) filling positions; (2) planning and implementing Employee transfers or assisting with Employee business-related travel; (3) managing employees from another country; (4) conducting performance evaluations and salary, bonus and equity reviews, and other Employee reviews; (5) administering payroll and benefits; (6) satisfying governmental reporting and tax requirements; (7) satisfying security, health and safety concerns; (8) planning and implementing potential acquisitions and mergers; (9) storing and processing data, including Personal Data, in computer databases and servers located in the United States; (10) implementing and maintaining K12's information technology; (11) legal compliance; and (12) for other employment-related and business-related purposes permitted and/or required under applicable local law and regulation. If K12 uses Employee Personal Data for any other purpose not listed in this Policy, K12 will seek consent from the applicable Employee(s).
K12 uses Customer Personal Data for business purposes, including without limitation: (1) order and service fulfillment; (2) Customer service, including information technology support; (3) providing notices regarding services a Customer has purchased or may want to purchase in the future; (4) product or service improvement;(5) tailoring websites to provide a personalized Customer experience; (6) maintaining Customer records; (7) storing and processing data, including Personal Data, in computer databases and servers located in the United States; (8) implementing and maintaining K12's information technology; (9) legal compliance; and (10) for other business-related purposes permitted and/or required under applicable local law and regulation. If K12 uses Customer Personal Data for any other purpose not listed in this Policy, K12 will seek consent from the applicable Customer(s).
IV. Disclosures/Onward Transfers of Personal Data
K12 discloses Employee and Customer Personal Data in limited circumstances and only to those who reasonably need to know such data for a legitimate business purpose and must abide by confidentiality obligations. Absent consent of the Data Subject, K12 will disclose Employee and Customer Personal Data only to third parties who perform tasks on K12's behalf, and their contractors, provided that such third parties or contractors either: (1) comply with the Safe Harbor principles or use another mechanism permitted by the EU Data Protection Directive; or (2) agree to provide adequate protections for the Data Subject's privacy interests that are no less protective than those set out in this Policy and to use the Data Subject's Personal Data only for the purposes for which the third party has been engaged by K12.
K12 may also disclose Employee and Customer Personal Data in response to a lawful legal process, as otherwise required by law, in the event of a sale of our company or assets of our company, and to protect or defend our rights or property.
V. Sensitive Data
K12 does not transfer Sensitive Data of Employees to the United States.
K12 transfers Sensitive Data of Customers to the United States in limited circumstances. This Sensitive Data is limited to information regarding religious beliefs and physical or mental health or treatment, which is collected only for accreditation and teaching purposes.
VI. Confidentiality and Security of Personal Data
K12 maintains reasonable physical, administrative, and technical safeguards designed to secure Customers' and Employees' Personal Data, and to prevent unauthorized access to or unauthorized disclosure, alteration or destruction of such information. For more information about how K12 protects its Customers' and Employees' Personal Data, please contact us via e-mail at: legal@K12.com.
VII. Right to Access, Change or Delete Personal Data
Upon reasonable request and to the extent the request does not compromise the protections set forth in this Policy, K12 allows Customers and Employees reasonable access to their Personal Data to correct, amend or delete such data. Employees should direct any such request to their local Human Resources representative.
If you are an Employee and you are unable to access, correct, amend or delete your Personal Data through your local Human Resources office, you may send a request to K12's Legal Department. All such requests must be sent by postal mail or by e-mail to the following address: Legal Department, K12 Inc., 2300 Corporate Park Drive, Herndon, VA 20171 or contact us via e-mail at: legal@K12.com.
Customers should direct any such requests to Legal Department, K12 Inc., 2300 Corporate Park Drive, Herndon, VA 20171 or legal@K12.com.
K12 will endeavor to respond in a timely manner to all reasonable written requests to view, modify or delete Personal Data.
VIII. Data Integrity
Customers and Employees are responsible for the accuracy of the data they provide to K12. K12 will use reasonable efforts to maintain the accuracy and integrity of Personal Data and update it as appropriate. K12 will not maintain Personal Data any longer than necessary for the purposes stated or as required by any applicable laws, unless otherwise agreed to by the Customer or Employee.
IX. Changes to this Policy
This Policy is current as of the effective date set forth above. K12 reserves the right to change this Policy from time to time, consistent with applicable data protection and privacy laws and principles. Unless such changes afford greater protections to the privacy interests of Customers or Employees, or the affected Customers or Employees otherwise consent, such changes will apply only to Personal Data received after the effective date of such change. K12 will notify Customers and Employees about material changes to the way it treats Personal Data by placing a prominent public notice on its website, www.K12.com.
X. Questions or Complaints
Customers and Employees may contact K12 with questions or complaints concerning this Policy at:
2300 Corporate Park Drive
Herndon, VA 20171
XI. Enforcement and Dispute Resolution
As part of K12's annual certification process, K12 will review K12's compliance with this Policy.
If you are an Employee and have any questions, complaints, or disputes regarding the manner in which K12 handles or protects your Personal Data, please bring it to the attention of your local Human Resources representative. Complaints or disputes that cannot be remedied by your local Human Resources representative should be forwarded to the K12 Legal Department at the address above.
If you are a Customer and have any questions, complaints, or disputes regarding the manner in which K12 handles or protects your Personal Data, please bring it to the attention of the K12 Legal Department at the address above.
With respect to any complaints regarding this Policy received from any Employee concerning EU Employee Personal Data that cannot be resolved through K12's internal processes, K12 agrees to cooperate and comply with the primary EU data protection authority for the data controller in question, and, where required, to take appropriate steps to address any adverse effects and assure future compliance.
With respect to any complaints regarding this Policy received from any Customer that cannot be resolved through K12's internal process, K12 agrees to participate in the dispute resolution procedures set forth by Judicial Arbitration and Mediation Services. In the event that K12 or Judicial Arbitration and Mediation Services conclude that K12 did not comply with the Policy, K12 will take appropriate steps to address any adverse effects and assure future compliance.
K12 retains sole and absolute discretionary authority to resolve all questions relating to the administration, interpretation and application of this Policy. This authority includes construing the terms of this Policy, including any disputed or doubtful terms.
Failure to comply with this Policy, undergo related training, and abide by all applicable privacy, data protection, and data security laws will amount to a serious disciplinary offence, subject to disciplinary measures which may include termination of employment.
Any questions about the applicability or administration of this Policy should be immediately brought to the attention of K12's Legal Department.
XIII. Defined Terms
Capitalized terms in this Policy have the following meanings:
"Customer" means any parent, legal guardian or student that is a prospective, current, or past Customer of K12 that stores personal data on equipment in the EU, the EEA, or Switzerland.
"Data Subject" means an identified or identifiable natural living person, and includes K12 Customers and Employees. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, psychological, mental, economic, cultural or social identity.
"European Affiliate" means a K12 affiliate located in the EU, elsewhere in the EEA, or in Switzerland.
"Employee" means an employee (whether temporary, permanent, part-time or contract), former employee, independent contractor, or job applicant of K12 or any of its affiliates, who is also a resident of the EU, another EEA member country, or Switzerland.
"Personal Data" means data that personally identifies a Data Subject or that may be used to personally identify a Data Subject (such as an identification number that identifies a Data Subject). Personal Data includes data such as an individual's name, address, phone number, e-mail address, user ID and password, and any other information that is combined with Personal Data (such as country of birth, marital status, emergency contact, salary information, performance information, terms of employment, and job qualifications (such as educational degrees earned). Personal Data does not include data that is unreadable or anonymized, or publicly available information that has not been combined with non-public Personal Data.
"Sensitive Data" means Personal Data that discloses a Data Subject's medical or health condition; race or ethnicity; criminal convictions; political, religious, or philosophical affiliations or opinions; sexual orientation; or trade union membership.