Your Data
• We believe that schools, acting with parent permission, should
determine whether any student data is collected and maintain control
over that data.
• The school account administrator can purge identifiable student data at
any time.
• We will never share identifiable data without your permission. We will
never sell student data to a third party.
GMetrix Is Safe
• GMetrix uses industry standard SSL to ensure that student data is
encrypted and transmitted securely from end to end.
• Teachers can monitor student accounts and student work.
• Students cannot privately communicate with other students outside their
school.
• Parents can access their child's account at any time by logging into their
student’s account.
Data Collection Improves Learning
• If a school chooses to use GMetrix, teachers will gain valuable data on
student performance and students will receive feedback on how to
improve.
• We also use anonymous, aggregated and de-identified data to improve
learning opportunities and continually make GMetrix more effective.
FERPA Compliance
• GMetrix makes every effort to ensure consistency with the Family
Educational Rights and Privacy Act (FERPA) policies. We also make
every effort to comply with Children's Online Privacy Protection Act
(COPPA).
• We provide prominent notice to users before making any material
change to our Privacy Policy that affects them.
Privacy Questions? If you have questions or complaints regarding our
privacy policy or practices, please contact us at [email protected].
Introduction
This Privacy Policy applies to all the GMetrix branded websites and our
mobile applications operated by GMetrix and its affiliates (“GMetrix”).
The privacy of those who use this website or app is extremely important to us.
We design and operate our technology and services with our users' protection
and privacy in mind, and make every effort to be transparent in our data
collection and use practices.
We comply with the FTC's Children's Online Privacy Protection Act (COPPA),
and support the goals and guidelines set forth by industry self-regulatory
bodies and experts to providing online safety and privacy for children,
households, parents and schools. We also support districts and schools that
are subject to compliance with the Family Educational Rights and Privacy Act
(FERPA).
This document explains what information we collect about users of this
product, how we use this information, who we share the information with and
other privacy and security issues. We encourage you to provide us feedback
about our privacy policy at [email protected].
A note to minors:
If you are under the age of 13, please get permission from
your parent/legal guardian before using this website or app or sending any e-
mail to us. You must be 18 or older to order a subscription to any of the
GMetrix websites or apps. We will not sell or market directly to minors and
always seek parental or legal guardian's authorization whenever we identify
that a minor attempts to purchase a GMetrix product or service.
A note to schools and districts:
Wherever we collect student identifiable
information, we do so in support of the educational purposes for which
GMetrix is designed. Such information is only collected in conjunction with the
use of GMetrix.
Definitions
For purposes of this Policy, we introduce the definitions of how we
characterize users' information:
"Personally Identifiable Information"
or
"PII"
is information that can identify
a user of this website, including e-mail and name.
"Anonymous Information"
is information that does not enable identification of an individual user.
"De-
Identified Information"
is information from which all personally identifiable
components have been removed. Unlike Anonymous Information, De-
Identified information is initially collected as Personally Identifiable
Information, after which we remove any identifying component to make the
information anonymous.
General
We collect the following types of information:
Information collected when subscribing:
In the registration process of any
of our subscription types, we ask our subscriber to provide us with first name,
last name and affiliation with a school or district (if applicable). Providing an
email is optional. We use this contact information to send users service-
related announcements on rare occasions when it is necessary or advisable
to do so. For instance, if we perform routine maintenance, we might send an
informational email. We may also use this contact information to request
feedback on the use of our products and services, to be used to improve the
products and services. We will always provide an option to opt out of such
communications.
Username and password:
Subscribers create a username and password in
the registration process, or, if they prefer, we or their school may assign these
for them. We use usernames and passwords of subscribers' accounts to
authenticate logins, allow access to the paid content and monitor subscription
compliance. The username is also used to authenticate users when
requesting technical support. The passwords are all encrypted when stored.
For more information on our security practices, see "How We Store and
Process Your Information" below.
Information collected automatically:
We automatically receive and record
information on our server logs from a user’s browser, including the user’s IP
address. We use IP addresses to maintain a user’s session and we do not
store them after the user’s session is over. We also use the IP address to
check if a user is located in some countries outside of the United States where
a country-wide log-in option is activated, and we do not store this information
after the initial page load. We do not otherwise combine this information with
other PII.
We also use a standard feature found in browser software, called a "cookie",
in order to establish and authenticate user sessions, enable access to paid
content and monitor potential misuse of the accounts. We do not use cookies
to collect Personally Identifiable Information nor do we combine such general
information with other PII to identify a user. Disabling our cookies will prevent
access to paid content and limit some of the features and functionalities of the
website or app. To learn more about browser cookies, including how to
manage or delete them, look in the Tools, Help or similar section of your Web
browser, or visit allaboutcookies.org.
We do not collect a user’s web search history across third party websites or
search engines. However, if a user navigates to our website via a web search,
their web browser may automatically provide us with the web search term they
used in order to find our website. Our website does not honor "do not track"
signals transmitted by users' web browsers, so we encourage you to visit
these links if you would like to opt out of certain tracking:
http://www.networkadvertising.org/choices or
http://www.aboutads.info/choices/. If you do want to opt out using these tools,
you need to opt out separately for each of your devices and for each web
browser you use (such as Internet Explorer®, Firefox® or Safari®) on each
device.
Third Parties:
We may use a variety of third-party service providers, such as
analytics companies, to understand usage of our services. We may allow
those providers to place and read their own cookies, electronic images known
as web beacons or single-pixel gifs and similar technologies, to help us
measure how users interact with our services. This technical information is
collected directly and automatically by these third parties. If you want to opt
out of third party cookies, you may do so through your browser, as mentioned
above in Information collected automatically.
Information collected when using GMetrix:
School and District licenses use
the individual accounts system, called GMetrix SMS, which allows students
and their teachers to keep track of learning. Student and teacher accounts are
organized by classrooms created by the teachers of the subscribing school.
For these accounts, we ask the teachers to enter the first and last name of
students and teachers, their username, the school they are associated with
and a security question for resetting their password. We also require the
teachers' email for password recovery and for contacting them on support and
service-related announcements. The only Personally Identifiable Information
collected about students is their first name, last name, email (optional), and
the students’ work under the account (student records). We store the data
created in each student account ("Student Records"), such as the history of
GMetrix tests and activities they've completed. We do so for the purpose of
enhancing teachers’ and students’ use of the website.rvices. We will always provide an option to opt out of such
communications.
Emails received from users:
We may retain certain information from users
when they send us messages through our system or by email. We only use
such information for providing the services or support requested.
Feedback:
Certain features we offer include an option to provide us with
feedback on your experience. The feedback feature does not identify the user
submitting it. The feedback option is voluntary and the information a user
submits to us will only be used for improving these features. If we receive
personally identifiable information through a feedback form we take steps to
immediately delete that information.
Information collected when using a GMetrix mobile app:
Your website
subscription may also provide access to the Full Access level of our mobile
apps. If you choose to download any such app and log into it with your
website subscription username and password, we collect limited usage
information in connection with user logins in order to monitor subscription
compliance. This information is maintained in accordance to this policy. We do
not collect Personally Identifiable Information from users of the various
GMetrix applications. If you subscribe to a GMetrix app with an in-app
purchase subscription, we do not collect any user information.
Push Notifications on mobile apps: We send you push notifications on GMetrix
mobile apps from time to time in order to update you about any events or
promotions that we may be running. If you no longer wish to receive these
types of communications, you may turn them off at the device level. To ensure
you receive proper notifications, we will need to collect certain information
about your device such as operating system and user identification
information. We also collect the user time zone as it’s set on the device to limit
the time we send push notifications within a reasonable time of day. We do
not combine this information with other PII.
Mobile Analytics on mobile apps: We use mobile analytics software to allow
us to better understand the functionality of our Mobile apps Software on your
phone. This software may record information such as how often you use the
apps, the events that occur within the apps, aggregated usage, performance
data, and where the apps were downloaded from. We do not link the
information we store within the analytics software to any PII you submit within
the mobile apps.
We Do NOT Collect Or Use Information As Follows:
• Other than in the places and for the purposes explicitly disclosed in this
Policy, we do not knowingly collect Personally Identifiable Information
directly from users under the age of 13. If we learn that we have
inadvertently collected any Personally Identifiable Information from a
user under 13, we will take steps to promptly delete it. Please contact us
at [email protected] if you believe we have inadvertently collected
Personally Identifiable Information from a user under 13.
• We do not collect, use or share Personally Identifiable Information other
than as described in our privacy policy, or with the consent of a parent
or legal guardian as authorized by law, or otherwise as directed by an
applicable district or school or required by contract or by law.
• In no event shall we use, share or sell any Personally Identifiable
Information for advertising or marketing purposes.
COPPA Compliance
Parents and legal guardians of children under 13 who use any of the GMetrix
products have certain rights under the Children's Online Privacy Protection
Act (COPPA), and GMetrix recognizes those rights. Parents/guardians can
consent to collection and use of a child's personally-identifying information
without consenting to the disclosure of information to third parties.
A child's participation or access to an activity on GMetrix cannot be
conditioned on him or her providing more information than is reasonably
necessary for that activity, or any personally-identifying information. GMetrix
does not collect personally-identifying information from children under 13,
without a parent or guardian's consent or school if applicable.
Schools or districts using GMetrix maintain ownership of their Student
Records.
Each school or district has access to a user-friendly administrator dashboard
that allows direct control over the Student Records at all times. The
administrator can create, update, review, modify and deactivate individual
accounts, and monitor logins in the individual accounts. "Administrators" are
only those individuals explicitly designated by the school or the district.
Schools and districts are required to appoint an administrator that will be
responsible for the Student Records. Districts and schools are urged to
safeguard the administrator's access information and keep it in strict
confidence, and notify us of any unauthorized use of password or account
registered under their subscription.
The teachers using GMetrix will only be able to access or use GMetrix with an
administrator login provided by their school or GMetrix. Students will only be
able to create or access their teacher's class with an Access Code provided
by their teachers. Students will be able to store their activities, tests, and
results with their teachers on their individual accounts. Students can only
interact with teachers who created the GMetrix class.
We encourage schools and districts using GMetrix to notify parents that the
product is used in their school. Parents can log into their children's accounts
and access their records. If you are a parent or guardian of a student using
GMetrix with his or her school, you can request the login information from your
child or their teacher. You are encouraged to use the student's login
information and view all their activities and progress on the account at any
time. Parents have a right to request the student's Personally Identifiable
Information be deleted or request changes in his or her records if it is
inaccurate or misleading by contacting the school or teacher or GMetrix
at [email protected]. Parents may also refuse to allow GMetrix to collect
further information from their children by contacting us at [email protected].
FERPA Compliance
We understand the obligation educational agencies, districts and school
systems have to comply with the Family Educational Rights and Privacy Act
(FERPA) and we support schools in their compliance efforts and facilitate their
alignment with FERPA.
Under the terms of our contracts with schools, we agree to act as a "School
Official" as defined by FERPA, meaning that we:
• Perform an institutional service or function for which the school or
district would otherwise use its own employees;
• Have been determined to meet the criteria set forth in the school's or
district's annual notification of FERPA rights for being a School Official
with a legitimate educational interest in the education records;
• Are under the direct control of the school or district with regard to the
use and maintenance of education records;
• Use education records only for authorized purposes and will not re-
disclose Personally Identifiable Information from education records to
other parties (unless we have specific authorization from the school or
district to do so and it is otherwise permitted by FERPA).
How Long We Retain Student Data Information
Districts and schools are able to delete student identifiable information at any
time using the Administrator Dashboard as mentioned above. Once
information is deleted, we do not retain any copies.
We may provide Personally Identifiable Information to our partners, business
affiliates and third party service providers who work for GMetrix and operate
some of its functionalities, such as hosting services, streaming services and
credit card processing. These third parties are well-known, established service
providers, who are bound contractually to practice adequate security
measures and only use your information for the sole purpose of providing the
services. These third parties do not have an independent right to share your
Personally Identifiable Information. We share Anonymous Information or De-
Identified Information about our users for tracking analytical information when
using third party web analytical tools. We may use or share Anonymous
Information or De-Identified Information for educational research purposes, to
evaluate the educational benefit of using our services or to improve our
services.
We will NOT share any information for marketing or advertising
purposes.
We reserve the right to disclose Personally Identifiable Information if we are
required to do so by law or if we believe that disclosure is necessary to protect
our rights, protect your safety or the safety or others, investigate fraud and/or
comply with a judicial proceeding, court order, subpoena or legal process.
We also reserve the right to transfer your Personally Identifiable Information in
case of a corporate restructuring (such as a merger or acquisition), as long as
the receiving entity adopts this privacy policy that applies to your information.
We strive to maintain security policies and procedures that are designed to
protect your information.
Our servers are located in a secured, locked and monitored environment to
prevent unauthorized entry or theft, and are protected by a firewall. The
servers are located in a data center in the United States and backed up daily
to a secure, "US-based," offsite data center.
We take extra measures to ensure the safety of PII and Student Records and
apply a Secure Sockets Layer (SSL or HTTPS) encrypting technology to
establish and ensure that all data passed between the server and the browser
remains encrypted.
Governance policies and access controls are in place to ensure that the
information of each district or school or other subscriber is separated and they
are only able to access their own data.
Only limited GMetrix personnel have access to the database, and they only
access the database when necessary to provide services. Personnel with
access to Student Records pass criminal background checks and periodic
privacy training.
While we strive to maintain best industry-standard privacy and security
practices, it should be noted that no industry system is fail proof. In the event
we learn of an actual data breach, loss or disaster, we have established a
Disaster Recovery Plan, which includes notifying the affected subscriber, and
as appropriate, coordinating with the subscriber to support its notification of
affected individuals, students and families when there is a substantial risk of
harm from the breach or a legal duty to provide notification.
We carefully choose our business partners and associate only with reliable
partners who demonstrate a commitment to users' privacy and who share our
commitment to education.
If you are using this website or app outside the United States, you consent to
having your information and data stored in the United States. If you are from
any jurisdiction with laws or regulations governing the use of the Internet,
including collection, use and disclosure of personal data, different from those
of the United States, you may only use this website or app in a manner lawful
in your jurisdiction. If your use of this website or app may be unlawful in your
jurisdiction, please do not use this website or app. If your use of GMetrix may
be unlawful in your jurisdiction, please do not use GMetrix.
EU-US Privacy Shield
GMetrix is committed to subjecting all personal data received from European
Union (EU) member countries, in reliance on the Privacy Shield Framework,
to the Framework’s applicable Principles. To learn more about the Privacy
Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield
List. https://www.privacyshield.gov/list
GMetrix is responsible for the processing of personal data it receives, under
the Privacy Shield Framework, and subsequently transfers to a third party
acting as an agent on its behalf. GMetrix complies with the Privacy Shield
Principles for all onward transfers of personal data from the EU, including the
onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy
Shield Framework, GMetrix is subject to the regulatory enforcement powers of
the U.S. Federal Trade Commission. In certain situations, GMetrix may be
required to disclose personal data in response to lawful requests by public
authorities, including to meet national security or law enforcement
requirements.
Under certain conditions, more fully described on the Privacy Shield
website https://www.privacyshield.gov, you may invoke binding arbitration
when other dispute resolution procedures have been exhausted.
Access
Upon request GMetrix will provide you with information about whether we hold
any of your personal information. You may access, correct, or request deletion
of your personal information by contacting us at [email protected]. We will
respond to your request within a reasonable timeframe.
We constantly strive to provide the best services. Changes to this policy may
be required to keep pace with changing technology and threats, and as new
or changed services are released. We expect most such changes to be minor,
but there may be cases where changes may be more significant. In such
cases we will first provide prominent notice to users who are affected.
Posting the modified Privacy Policy on this website or app and providing
notice as stated above will give effect to the revised terms. Your continued
use of this website or app indicates your acceptance of any revised terms. If
you do not agree to the revised policy, please refrain from using this website
or app and/or leave this website or app.
If we make material changes to how we collect and use personal information
from children under age 13, we will notify the school or the parents, as
applicable, by email in order to obtain verifiable parental consent for the new
uses of the child's Personal Information.
If you have any questions or concerns about this Privacy Policy, please
contact us at [email protected] or at GMetrix, 105 S. State Street, Orem, UT
84058.
If you wish to report a security breach, please contact us at
[email protected].
This policy was last updated on December 15th, 2017.
