Commitments to Privacy
Columbia School™ and its affiliates (collectively, “CS”), respects your privacy and has established this privacy policy (“Privacy Policy”) to let you know how we collect, use, manage, share, and protect information that we may gather when you visit our website, the websites of our affiliated schools, or the websites for our student and education management systems (collectively, the “CS Sites”), or contact us by phone or other means. This Privacy Policy applies to the CS Sites where this Privacy Policy is posted and to information we gather from you over the phone, via conventional mail or in person.
This Privacy Policy has also been compiled to better serve those who are concerned with how their “Personally Identifiable Information” (“PII”) is being used online. PII, as described in US privacy law and information security, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Please read our privacy policy carefully to get a clear understanding of how we collect, use, protect or otherwise handle your Personally Identifiable Information in accordance with our website.
CS reserves the right to change this Privacy Policy at any time. If we make any material changes to this Privacy Policy, we will post any revised Privacy Policy on the CS Sites. The most current version is always available by clicking on the “Privacy Policy” link located at the bottom of the CS Sites home page. Any changes to our Privacy Policy will become effective upon posting of the revised Privacy Policy. BY USING ANY OF THE CS SITES, YOU AGREE TO THE TERMS OF THE PRIVACY POLICY IN EFFECT AT THE TIME OF USE. IF YOU DO NOT AGREE TO THE TERMS AND CONDITIONS OF THIS PRIVACY POLICY, PLEASE DO NOT USE ANY OF THE CS SITES.
What Laws Generally Apply to Student Records in the U.S.?
The Family Educational Rights and Privacy Act is a U.S. Federal law that protects the privacy of student educational records. Briefly, FERPA guarantees that students have the right to inspect and review their records, the right to request amendments, through informal and formal hearings, to their record if they believe the information is incorrect, misleading or in violation of their privacy rights and the right to have some control over the release of PII from their educational records. Students also have the right to file complaints with the Family Educational Rights and Privacy Act Office concerning alleged failures by the institution to comply with the Act.
Student’s education records will be protected by CS as required by FERPA and applicable state laws regarding the privacy of student records or PII. We will only disclose education records or provide access to them in compliance with FERPA and applicable state laws, and we will require third parties that contract with us and have access to education records to do the same. CS will not use PII to target a student for advertising, sell PII or use PII to create profiles about a student (other than for purposes of the student’s education in a CS course or program) when those activities are prohibited by law. CS will not use, or will seek permission to use, a student’s PII for purposes unrelated to providing or improving their education where required by law to do so. If any provision of this Privacy Policy conflicts with FERPA or other federal or state law, CS will comply with the more protective standard for the education records.
What is Not Covered by FERPA?
Under FERPA, schools may disclose directory information contained in an educational record that would not be considered harmful or an invasion of privacy if released.
Directory information at CS includes, but is not limited to:
• Name
• Address (City and State of Residence Only)
• Courses and programs
• Dates of attendance
How is Information Released?
CS requires written permission from the eligible student, parent or legal guardian to release any other information from a student’s education record, except under very limited conditions. FERPA allows CS to disclose those records, without consent, to the following parties or under the following conditions (34 CFR S 99.31):
• School officials with legitimate educational interest
• Other schools to which a student is transferring
• Specified officials for audit or evaluation purposes
• Accrediting organizations
• To comply with a judicial order or lawfully issued subpoena
• Appropriate officials in cases of health and safety emergencies
The following persons have access to student records: (i) CS’s CEO, administrative team, and professional staff; (ii) the appropriate administrative support staff members and other professionals who have a legitimate educational or legal interest in student records as designated by the CEO; (iii) educational institutions, organizations or home based education programs with access to the student’s educational records; or (iv) an agent representative of the student or family.
All CS students are provided a unique password to access online courses. It is the student’s responsibility to keep his/her password in confidence.
CS (or the educational institution, organization or homebased education program with access to the student’s educational records) provides an academic transcript upon the request of the student, parent or legal guardian.
Some schools assign a site facilitator to coordinate online programs, blended learning, or after school and/or supplemental programs, which may be provided to help students who use school labs to access CS courses. Facilitators will have access to students’ online work. Facilitators may have access to students’ demographics.
What Personally Identifiable Information Does CS Collect?
You can use portions of the CS Sites without divulging any PII. Our site does not collect personal information about students, parents or legal guardians except when such students, parents or legal guardians specifically provide such information on a voluntary basis (for example, when enrolling for a CS course or program; requesting additional information by contacting us; signing up for a CS in-person event; posting a message to a message board; requesting help; engaging in an online chat; or accessing, adding to, or changing the information on your account information page on the Student Information System (“SIS”).
When a student is registered for a CS course or program, we are provided with information regarding the student, parent and/or legal guardian. This personal information may be collected on the CS Sites, or via telephone, facsimile or conventional mail. The types of information that you may be asked to provide include, but are not limited to first and last name; postal address; telephone number; the student’s names and age; student registration and enrollment information; and an e-mail address where we can contact the student, parent and/ or legal guardian. If the student is enrolling in one of CS’s courses or programs, we may also collect debit or credit card information.
Does CS Share Personally Identifiable Information?
Registration and enrollment information that is provided by the student, parent and/or legal guardian may be provided to third parties as required by state or federal law.
To the extent that third party vendors assist CS in the provision of online products or services, those vendors are provided the minimum amount of data required to perform the tasks for which they have been engaged, consistent with legal requirements, such as FERPA. They have no independent rights to such data and have agreed to maintain the confidentiality of the data, to use it solely for the purpose of performing the school-based tasks for which they have been engaged and to safeguard the data as required by law and by contract.
Only if permitted by applicable state and federal law, CS may share PII your information with other companies in order to improve the academic performance of CS courses or programs or so that CS may offer products and services to you. You can request that your personal information not be shared with third parties by making a request in writing to [email protected].
How Does CS Use Personally Identifiable Information?
CS may use the PII to provide educational services to the student enrolled in a course or program, and to otherwise support the student with regard to matters such as testing, academic progress, attendance, customer service, student affairs or for health or safety purposes. The PII is also used to deliver services to the student or to carry out activities that the student has requested. CS may also use PII to protect its own legal rights.
CS will use or share PII if required to do so by law, such as a court order, or permitted to do so for law enforcement, health or safety purposes or to protect CS’s legal rights. If permitted by applicable state and federal law, CS may aggregate PII to improve the educational experience for the student.
What Non-Personally Identifiable Information Does CS Collect?
Each time you visit our website, non-personally identifiable information is automatically entered into an information system. Such information includes your IP address (that is, the unique string of numbers that identifies the device you are using to communicate over the Internet), the name of the Web page from which you accessed the CS Sites, the page or pages you visit on the CS Sites, and how much time you spend on each page.
How Does CS Use Non-Personally Identifiable Information?
We use this information to monitor and improve the CS Sites and for internal analysis. In particular, we use IP addresses to analyze traffic trends, administer the CS Sites, and gather information for aggregate use. However, IP addresses, whether alone or in combination with other non-PII, are not linked to PII.
When Does CS Share Non-Personally Identifiable Information?
We will neither share nor sell non-PII to any third party, except that we may share non-PII: (i) if required to do so by law, such as by a court order, (ii) if permitted to do so for law enforcement, health or safety purposes, (iii) to third parties that use it in connection with providing services related to the education of your student, or (iv) where permitted, to protect CS’s legal rights.
Do CS Sites Use “Cookies”?
Cookies are pieces of information that a website places on the hard drive of your computer when you visit the website. Cookies may involve the transmission of information from us to you and from you directly to us, to another party on our behalf, or to another party in accordance with its privacy policy. CS Sites may use cookies to bring together information we collect about you. You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser settings. Each browser is a little different, so look at your browser Help menu to learn the correct way to modify your cookies. If you turn cookies off, you won’t have access to many features that make your guest experience more efficient and some of our services may not function properly.
How Does CS Treat Information About Children Under 13 Years Old?
We understand that children who are under age 13 need enhanced safeguards and privacy protection, as set forth in the Children’s Online Privacy Protection Act (“COPPA”). COPPA protects the information privacy of children under the age of 13 by requiring web site operators and online services to post privacy policies and obtain verifiable parental consent before collecting information from those children.
The CS Sites are not intended to solicit information of any kind from children under age 13, and we do not and will not knowingly contact or collect personally identifiable information from children under 13. The only personal information we receive about children under the age of 13 is information provided by the parent or legal guardian or information provided by the child as part of that child’s participation in a course as part of that child’s education program. By enrolling a child in such course, a parent or legal guardian consents to the collection of that information.
It is possible that by fraud or deception by others we may receive information pertaining to children under age 13. If we are notified of the receipt of information under such circumstances, once verified, we will promptly obtain parental or legal guardian consent, and in the absence of such consent, will delete the information. If you want to notify us that we have inadvertently received information for a child under the age of 13, please do so by emailing us at [email protected].
What are the Student’s California Privacy Rights?
California Online Privacy Protection Act (“CalOPPA”) is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law’s reach stretches well beyond California to require any person or company in the United States (and conceivably the world) that operates websites collecting PII from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals or companies with whom it is being shared. Students, parents and/or legal guardians can visit our site anonymously.
What Information is Collected or Shared on Message Boards and Chats?
We may offer message boards and chat rooms to you on the CS Sites. Please be aware that anyone may read your postings on a message board or in a chat room. Furthermore, all information which you submit to be posted to a message board or in a chat room will be available to all users of that message board or chat room, and is therefore no longer private. We cannot guarantee the security of such information that you disclose or communicate online in public areas such as message boards and chat rooms, and you do so at your own risk. We reserve the right, but not the obligation, to monitor the content of the message boards only and to republish your postings from message boards or chat rooms elsewhere on the Web or otherwise in any format.
What Happens When I Link to Other Websites, Chat Rooms, or Resources From CS Sites?
The CS Sites may contain links to other websites, chat rooms, or other resources that we provide for your convenience (“Linked Sites”). These Linked Sites are not under the control of CS, and CS is not responsible for the content available on any Linked Site or the actions of any Linked Site. Such links do not imply CS’s endorsement of material on any Linked Site, and CS expressly disclaims all liability with regard to your access to such Linked Sites. Access to any other websites linked to the CS Sites is at your own risk. You should review the Privacy Policy that may be set forth on the Linked Sites as those websites are not covered by this Privacy Policy.
What is CS’s Commitment to Data Security?
To reduce the risk of unauthorized access, maintain data accuracy, and ensure the correct use of information, we have put in place commercially reasonable physical, electronic, and managerial procedures to safeguard and secure the information we collect. We also use Secure Sockets Layer (“SSL”) protocol on the student account information and registration pages to protect sensitive personal information. As effective as our safeguards are, no security system for data is completely impenetrable. Therefore, CS cannot guarantee that the PII supplied by the student, parent or legal guardian will not be intercepted by others.
Student information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. All transactions are processed through a gateway provider and are not stored or processed on our servers. Our website is scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to our site as safe as possible.
Fair Information Practices
The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information. In order to be in compliance with the Fair Information Practices, in the event of a data breach, we will notify the student, parent and/or legal guardian via email within seven business days.
CAN-SPAM Act
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations. We collect the student, parent and/or legal guardian’s email address in order to send information, respond to inquiries, and/or other requests or questions. In compliance with the CAN-SPAM Act, we will:
• Not use false or misleading subjects or email addresses.
• Identify the message as an advertisement in some reasonable way.
• Include the physical address of our business or site headquarters.
• Monitor third-party email marketing services for compliance, if one is used.
• Honor opt-out/unsubscribe requests quickly.
• Allow users to unsubscribe by using the link at the bottom of each email.
If at any time you would like to unsubscribe from receiving future emails from CS, please email us at [email protected] and we will promptly remove the student, parent and/or legal guardian from future correspondence.
Will This Privacy Policy Change?
We will occasionally amend this Privacy Policy to reflect company and customer feedback or changes in the law. We reserve the right to change, modify, add, or remove portions of this policy at any time. If CS materially changes its use of your personal information, we will announce such a change on our CS sites, and will also note it in this Privacy Policy. If we make any changes to this Privacy Policy, we will post the revised policy. The effective date of this Privacy Policy is documented below.
Contact Information
If you have any questions regarding this Privacy Policy, please contact us by email at [email protected]. Please note that email communications will not necessarily be secure. Accordingly, you should not include sensitive information in your email correspondence with us.
Language Control. This document may be translated into other languages; however, the English language version shall control.