1. Confidentiality Please note that if you are a natural person who is using the Services under the auspices of an agreement entered into with SchoolPass, or a member of the workforce of an organization who is using the Services under the auspices of an agreement entered into with SchoolPass (a “SchoolPass User” or “User”), the SchoolPass Service enables you to share your name, contact information, and profile photograph within the contracted school or school district. If you choose to do so, such PD will become available to the school community only. Except as described in this Policy, we maintain the PD processed in the SchoolPass Service in confidence.
2. Categories of PD The categories of PD processed by the Services, and their purposes of use, depend on how each SchoolPass User configures their respective Services. Generally, the SchoolPass Servi
4. Lawful Basis of Processing If you are an Account Holder, we process your PD based on your consent and based on the need to perform the obligations of our contract with the school or school district. If you are a member of the workforce of an organization that is a SchoolPass Account Holder, or if you are not a User of the Services and you, a User, or an Account Holder submits your PD to the Services, we will process such PD based on the documented instructions of the data controller.
5. Purposes of Processing We maintain and use PD for the purposes of providing the Services to our Users and Account Holders at their instruction, processing PD on behalf of Users and Account Holders, communicating within the school or school district about arrival and dismissal schedules, providing information on the Services to prospective SchoolPass Account Holders, improving the Services, and conducting related tasks for legitimate school purposes.
6. Sharing PD with Third Parties We send some basic PD elements to our data subprocessors, who further process such PD on behalf of, and under the instruction of, SchoolPass. Such data subprocessors include: • infrastructure service provider (AWS); • SMS notification service provider (Twilio); and • email service provider (SendGrid). We require those data subprocessors to maintain at least the same level of confidentiality, integrity, and availability that we maintain for such PD. SchoolPass remains liable for the protection of your PD that we transfer to our subprocessors. We may also disclose PD (i) to other third parties for the purposes for which we receive the PD (e.g., performance of contractual obligations and rights); (ii) to the extent required by law or if we have a good-faith belief that such disclosure is necessary in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, or private parties, including but not limited to: in response to subpoenas, search warrants, or court orders; (iii) if we sell or transfer all or a portion of our company’s business interests, assets, or both, or in connection with a corporate merger, consolidation, restructuring or other company change; and (iv) to our subsidiaries, only if necessary for business and operational purposes. If we must disclose your PD in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, we may not be able to ensure that such recipients of your PD will maintain the privacy or security of your PD.
7. Data Integrity & Security SchoolPass has implemented and will maintain technical, administrative, and physical measures that are reasonably designed to help protect PD from unauthorized processing such as unauthorized access, disclosure, alteration, or destruction.
8. Data Retention PD that you submit to the SchoolPass Service is retained for as long as is necessary for us to perform our obligations under the contract that is entered into between the SchoolPass Account Holder and us. Note that we keep backup copies of our databases for a limited period of time as part of our disaster recovery/business continuity plans, and it may not be reasonably possible for us to delete data from such backups.
9. Access and Review If you are a data subject of PD that was submitted to the Services by a User or a SchoolPass Account Holder, you may have a right to request access to, and the opportunity to update, correct, or delete, such PD. To submit such requests or raise any other questions, please contact the User or Account Holder that provided your PD to us.
10. Privacy of Children The Services are not directed at, or intended for use by, children under the age of 16. If you believe that PD pertaining to your under-16-year-old child has been submitted to the Services, and you would like to exercise your rights with regards to such PD, please contact the User whose Services the PD is processed in.
11. Changes to This Policy We may update this Policy from time to time by posting a new version on our website. When we make a material change to the Policy, we will update the Last Updated date above to reflect the effective date of the most recent version of the Policy.
12. Contact If you have any questions or complaints about how we process your PD, please contact us via our contact form or using the information below. MHR Technologies, Inc. Security and Compliance Manager 267 Kentlands Blvd, #2034 Gaithersburg, MD 20878 Email: email@example.com We will respond to your inquiry within four weeks of receipt.
13. Binding Arbitration With regards to PD processed in the SchoolPass Service, if your dispute or compliant can’t be resolved by us, you may have the right to require that we enter into binding arbitration with you.
14. Regulatory Oversight SchoolPass is subject to the investigatory and enforcement powers of the United States Federal Trade Commission.