Privacy Policy

PRIVACY POLICY

Hapara, Inc.

Last Updated: May 24, 2018

Hapara, Inc. (“Hapara”, “we,” “us,” “our”) provides this Privacy Policy because we know that you care about how your information is collected, used, shared and retained. This privacy policy applies only to information collected when you access our website located at https://hapara.com/ (“Website,” “site”), or use our any of our services (“Services”). By visiting the Website or using the Services, you consent to this Privacy Policy.

Our Services enable educational institutions (“Schools” or “Customers”) to make better use of their chosen Cloud platform — Google’s G Suite or Microsoft Office 365. Our Website serves as a channel for us to share information about our Services with current and potential Customers.

What Information We Collect; the Purpose of Collection and Use

We collect information for several purposes, including to provide services our Customers and to communicate with and market to prospective customers.  The specific information and the purposes for collection are discussed below.

Service Information

In the course of performing our Services, we collect several categories of information (collectively, “Service Information”).  Our Customers authorize the collection, processing and transfer of Service Information, and have the responsibility for providing notification to parents and guardians of students and for obtaining all consents as required under applicable laws and regulations.  Service Information is retained only as long as it’s necessary to provide the Services and support the particular Customer.

School Information: Educational institutions who are Customers provide the following information about their schools: billing and IT contacts, timezone, class rosters – this includes class codes and titles, and teacher school email addresses. We track and collect the total number of student accounts processed for billing purposes.

School Information is only used to provide Services and support in a manner consistent with this privacy policy; to improve our Services; and to provide our Customers with additional information about our Services.

Student Information:  Schools provide student school email addresses for students using Hapara Services.  For Customers that elect to have our Services handle the creation of student accounts, we also collect additional student information required by the Cloud Platform to create accounts, such as first and last name and school email address.  Customers who use Hapara Analytics may also elect to provide additional student information to support Hapara Analytics equity reporting such as grade, ELL status, FRL status, gender, and other metrics.

Student Information is used to provide our Services and support our customers.  As part of support and troubleshooting activities, select Hapara employees may directly access Student Information, including information which resides on the School’s Cloud platform.

Student Information is retained by Hapara only for the period of time required to process the information and to provide the Services to our Customers.

We do not solicit or collect information directly from students or their parents or guardians – student information can only be provided by their educational institution which is our Customer, and which retains the legal responsibility for collecting and sharing this information with service providers and Hapara.

Student Generated Information: Students create significant amounts of content in their school’s Cloud platform – such as emails, documents, sites, or blog posts.  This information is controlled by their institutional policies through controls provided by Cloud platforms, and independently of Hapara.  Student Generated Content and content metadata (for example document titles, creation dates) held in the School’s Cloud platform are essential for providing the Services, and we access and process it only for that purpose. We do not collect or maintain copies of the Student Generated Content held in the School’s Cloud platform.

Some Customers allow their students to create content that resides in Hapara systems. Content creation requires a validated login with the School’s Cloud platform (SSO), and all interactions with such content are protected with SSL encryption. This Student Generated Content is held in Hapara systems and associated with the Customer, and the student identifiers. We do not make such content publicly accessible except as directed by the Customer, and use it only to provide the required Services. This Student Generated Content is retained by Hapara only for as long as necessary to provide the associated Services.

Support Information:  In the course of providing Services to our Customers, the diagnostic and troubleshooting processes may require additional information to be collected (troubleshooting a student account rename for example might require access to the student’s previous name).  This information is limited in scope to what is required to resolve the support request, and is not stored in or shared with other Hapara systems.

Sales & Marketing Information

We collect information through our Website and Sales and Marketing Services from visitors who wish to learn more, purchase or participate in our Services or seek support.  For example, we collect information when you request marketing information, register for a Webinar, apply to a Hapara Certified Champion Program, apply for a job, interact with us via social media, take a survey, or otherwise communicate with us.  The types of information we collect may include your name, e-mail address, location, phone number, school/district affiliation, role, experience, certifications and relevant professional development, and any other information you choose to provide.  

Contact information is used by our sales, support, marketing and product teams to contact visitors for the purpose of providing the requested information or services support.

Information We Collect from Other Sources: If you interact with us through a social media site, we may have access to publicly available information from that site, such as follows and likes, in accordance with the policies determined by the social media site.  If you attend an event or a conference we sponsor or support, your contact details may be directly or indirectly shared with us.

Web Analytics: Like most organizations, we rely on automatic data collection technologies when you visit our Website or use the Services. We may collect information such as your IP address, internet service provider, browser type, operating system and language, referring and exit pages and URLs, date and time, amount of time spent on particular pages, what sections of the Website you visit, number of links you click while on the Website, search terms, and other data.

Operational Information: We also collect Website and Service health diagnostics, and technical logging data used for troubleshooting and performance management.

Referral Source: We may identify and record the referring source (other internet location) that directed a visitor to our Website. We collect the referring Website address from the HTTP “referrer header” provided by your browser. We use this information to better serve our current and potential clients, measure our marketing services and to identify where we might find future Customers.

Cookies: Cookies are small text files that help us to personalize the content of our Website.  We use cookies to recognize repeat visitors, and manage the user experience on our Website and Services. If you prefer, you can choose to turn off all cookies via your browser settings. However, if you turn your cookies off, some features of our Website may not function properly. We do not behaviorally target advertising.

How We Disclose Information

Third-Party Service Providers: Like many businesses, we hire other companies to perform certain business-related services. We may disclose personal information to certain types of third party companies but only to the extent needed to enable them to provide such services. The types of companies that may receive personal information and their functions are: mail services (hard copy and email); hosting services; database management/back-up services; real-time messaging services; monitoring services; and payment processors. If Student Information is required, we encrypt it prior to transfer whenever possible. All such third parties function as our agents, performing services at our instruction and on our behalf pursuant to contracts which require they provide at least the same level of privacy protection as is required by this privacy policy and implemented by Hapara.

Business Transfers: In the event of a merger, dissolution or similar corporate event, or the sale of all or substantially all of our assets, we expect that the information that we have collected, including personal information, would be transferred to the surviving entity in a merger or the acquiring entity. All such transfers shall be subject to our commitments with respect to the privacy and confidentiality of such personal information as set forth in this privacy policy.

Disclosure to Public Authorities, Other Third Parties: We are required to disclose personal information in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements. We may also disclose personal information to other third parties when compelled to do so by government authorities or required by law or regulation including, but not limited to, in response to court orders and subpoenas. We also may disclose your information when we have reason to believe someone is intending to or is causing harm to other users, or anyone else that could be harmed by such activities, or our rights or property.

We do not sell student information in any form.

Your Choices and Rights

Opt-Out for Direct Marketing. We do not undertake any form of marketing to students or children.  

If you are a teacher or school administrator and have provided us with your information, we may send you product marketing communications. You may opt out of these communications at any time by sending a request at Privacy@Hapara.com. Please allow us a reasonable time to process your request.

Access to Personal Information. Hapara acknowledges the right of individuals to access their personal information. If you are a parent or guardian and wish to delete your child’s records from our database, please contact the appropriate School official and ask them to carry out this action in collaboration with our team.  Upon request to privacy@hapara.com, we will provide you with confirmation as to whether we are processing your personal information, and have the data communicated to you within a reasonable time.

Retention of Customer Personal Information

If you are a Customer or someone who has expressed interest in our Services, we will retain your personal information in a form that identifies you only for as long as it serves the purpose(s) for which it was initially collected as stated in this privacy policy, or subsequently authorized. After such time periods have expired, we may either delete your personal information or retain it in a form such that it does not identify you personally.

If you have requested us not to contact you, we will retain your contact details on the do-not-contact list.

How We Protect Your Information

Hapara takes very seriously the security and privacy of the personal information that it collects pursuant to this privacy policy. Accordingly, we will implement reasonable and appropriate security measures to protect such personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in processing and the nature of such data, and comply with applicable laws and regulations. We have also committed to comply with the Student Privacy Pledge (coordinated by FutureofPrivacy.org).

Links to External Websites

The Website may contain links to third party websites (“External Sites”). Hapara has no control over the privacy practices of these External Sites. As such, we are not responsible for the privacy policies of those External Sites. You should check the applicable third party privacy policy and terms of use when visiting any External Sites, and before providing any personal information to such External Sites.

Important Notice to All Non-U.S. Residents

Our servers are located in the U.S. If you are located outside of the U.S., please be aware that any information provided to us, including personal information, will be transferred from your country of origin to the U.S. Except in the case of data transfers under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, your decision to provide such data to us, or allow us to collect such data through our Website or the Services, constitutes your consent to this data transfer.

U.S.-EU Privacy Shield and Swiss-U.S. Privacy Shield

Hapara complies with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from the European Union member countries (including Iceland, Liechtenstein and Norway) and Switzerland, respectively. Hapara has certified that it adheres to the Privacy Shield principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability (the “Privacy Shield Principles”). With regard to the Principle of Accountability for Onward Transfer, for example, we remain liable if our agent processes such personal information in a manner inconsistent with the Privacy Shield Principles, unless we prove that we are not responsible for the event giving rise to the damage. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/.

Hapara is subject to the investigatory and enforcement powers of the Federal Trade Commission.

In compliance with the EU-U.S. and Swiss-U.S. Privacy Shield Principles, Hapara commits to resolve complaints about your privacy and our collection or use of your personal information. EU and/or Swiss individuals with inquiries or complaints regarding this privacy policy should first contact Hapara at privacy@hapara.com. Hapara has further committed to refer unresolved privacy complaints under the EU-U.S. and Swiss-U.S. Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by Hapara, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint. If these processes do not result in a resolution, you may also contact your local data protection authority, the U.S. Department of Commerce, and/or the Federal Trade Commission for assistance. If your complaint still remains unresolved, then you have the right to invoke binding arbitration by the Privacy Shield Panel upon written notice to Hapara at privacy@hapara.com.

Residents of the European Economic Area

If you are a resident of the European Economic Area (“EEA”), you have certain rights and protections under the law regarding the processing of your personal data.  In circumstances where Hapara acts as a data processor, you must contact your data controller (your educational institution) to avail yourself of these rights and protections.

Legal Basis for Processing: If you are a resident of the EEA, if and when we process your personal data as a data controller, we will only do so in the following situations:

  • We need to use your personal data to perform our responsibilities under our agreement with you or our customer with whom you have a relationship (e.g., for processing payments for or for providing the Hapara services you or our Customers have requested).
  • We have a legitimate interest in processing your personal data. For example, we may process your personal data to communicate with you about changes to our Services or to provide, secure, and improve our Services.
  • We have your consent to do so. For example, we may seek your consent to send you marketing communications.

Data Subject Requests: If you are a resident of the EEA, you have the right to access personal data we hold about you and to ask that your personal data be corrected, erased, or transferred. You may also have the right to object to, or request that we restrict, certain processing. If you would like to exercise any of these rights, you may email us at privacy@hapara.com. Alternatively, you may contact us as indicated below.

Questions or Complaints: If you are a resident of the EEA and have a concern about our processing of personal data that we are not able to resolve, you have the right to lodge a complaint with the data privacy authority where you reside. For contact details of your local Data Protection Authority, please see: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm.

Changes to this Privacy Policy

We may change this privacy policy from time to time. When material changes are made to this privacy policy, Customers will be notified through the contact email given to us at least two weeks prior to modification taking effect. In that time, the primary administrative contact for a Customer may request that we delete the Service Information from our systems if it does not wish to be bound by the new policy. Please allow us a reasonable time to comply with your request.

How to Learn More

Hapara’s principal headquarters are located at 585 Broadway St. Redwood City, California. We can be reached by telephone at 650-847-1371. To learn more about our privacy policy, you can email us at privacy@hapara.com.

Pin It on Pinterest

Share This