GIVING – TREE ASSOCIATES, LLC
T/A PASSPORT FOR GOOD (“PFG”)
400 Broadway #959
Troy, New York 12180
(518) 203-6710 (T)
General E-Mail: info@passportforgood.com
Website: www.passportforgood.com
Web App: www.p4g.app
K-12 PRIVACY POLICY
A. INTRODUCTION
PFG is referred to herein as (“we/us/our”. The terms not defined herein, are defined in the Privacy Statement or the PFG General Terms (“Terms”) appearing on the Web App corresponding to the revision date of this K-12 Privacy Policy.
We operate the Web App and may engage in Data Handling as described in this K-12 Privacy Policy. Additionally, we do not ask for disclosure of more data, including, personally identifiable information, to Us than is reasonably necessary to use the Web App.
We value the privacy of all children.
We especially value the privacy of students under the age of 18 (“children”).
We particularly value the privacy of children under the age of 13.
We are subject to certain privacy rules in respect to children’s and students, including, personally identifiable information.
This K-12 Privacy Policy addresses specific privacy concerns under: the Family Educational Rights and Privacy Act (“FERPA”) for all children; the Children’s Online Privacy Protection Act (“COPPA”) for children under the age of 13; and any State and Local specific privacy requirements for children as well as all other applicable rules, regulations and laws.
This K-12 Privacy Policy applies to children and other students in grades K-12 to the exclusion of any conflicting provision in the Privacy Policy.
Data Handling of Children’s data, including, personally identifiable information, of children under the age of 13, by us will be specifically under the terms of the COPPA provisions of this K-12 Privacy Policy. The COPPA provisions of this K-12 Privacy Policy will be controlling as to any other provisions of this K-12 Privacy Policy in respect to Children under the age of 13.
Should a child or parent/guardian have any general questions, concerns or requests about this K-12 Privacy Policy and is a Client User or parent/guardian of a Client User, you should as a first level of support, contact the Client Entity administrator. If the requests are not addressed by the Client Entity administrator, as a second level of support, contact us as follows:
PFG Chief Privacy Officer
400 Broadway #959
Troy, New York 12180
Phone: (518) 424-9221
E-Mail: cpo@passportforgood.com
Any specific inquiry to us regarding technical support or technical issues for the Web App should be sent in writing via E-Mail to support@passportforgood.com.
B. DATA HANDLING
Our Data Handling is generally described in our Privacy Statement.
Our Data Handling for children and parents/ guardian, may include where applicable to the scope of Client Entity contract: first and last name, telephone numbers, e-mail addresses, passwords, child age/child date of birth, a child ID #, name of Client Entity associated with, activities/interests (teams/clubs), applicable photographs, video and audio files submitted by a child that contain a child’s image or voice, browser type, and access time spent on Web App, page views, referring URLs and, seniority or grade year.
Parent Data: Encryption, where there is Data Handling of parent data, including, personally identifiable information, is aligned with the encryption that is otherwise deployed by us.
Data, including, personally identifiable information, that may be transferred to or shared as part of our Data Handling, with third party service providers may include if applicable as follows:
- first name and last name
- phone/mobile number
- E-Mail address
- PFG password
- child ID such as student ID if Client Entity is an educational institution
- date of birth
- school name
- teams/clubs
- photographs, video or audio file
- browser type
- grade year
Transferring or sharing to third party service providers, where there is Data Handling relating to a parent data, including, personally identifiable information, is aligned with the process that is otherwise deployed by us.
As a commitment to privacy, from time to time we conduct and receive training on applicable rules, regulations, and laws regarding confidentiality of child data including, personally identifiable information.
We try to minimize Data Handling and we try to mitigate, to the extent commercially practicable, Data Handling by us and any third party service providers utilized by us.
We may collect data, including, personally identifiable information about children and parent/guardian from them, as well as automatically through use of the Web App. We post a copy of our Privacy Statement, including, those pertaining to children on the Web App for review by children and parents/guardians.
We may automatically assemble statistical information about use of the website and Web App through cookies and other technologies. Usage of a cookie is in no way linked to personally identifiable information. All users may always choose not to accept cookies, but, upon doing so use of the website and the Web App may be partially or completely impaired.
For any purposes, other than permitted purposes, we will mask, de-identify, anonymize and/or aggregate the data, including, personally identifiable information of children before we use it for any other purposes. When we, mask, de-identify, anonymize and/or aggregate the data, including, personally identifiable information, We make certain to strip out names, e-mails, contact information and other personal identifiers.
We only deploy unique identifiers, such as IP addresses, as necessary to operate the website and Web App, including, to maintain or analyze their functioning; perform network communications; authenticate users or personalize content; and protect the security or integrity of users of the website and Web App. We never use unique identifiers to track users across third-party apps or websites.
We may mask, de-identify, anonymize and/or aggregate the data, including, personally identifiable information for the following purposes:
- to better understand how user’s access the Web App;
- to improve the Web App and respond to user desires and preferences; and
- to conduct research or analysis, including, research and analysis by third parties.
Further general information about Our Data Handling practices please contact cpo@passportforgood.com.
C. The Children’s Online Privacy and Protection Act (“COPPA”)
COPPA protects Children’s data, including, personally identifiable information on websites and online services — including apps — that are directed to Children under the age of 13.
COPPA requires certain websites and certain service providers to notify parents directly and get their approval before they collect, process, use, share and store Children’s data, including, personally identifiable information.
Data, including, personally identifiable information under COPPA includes Children’s name, address, phone number or E-Mail address; their physical whereabouts; photos, videos and audio recordings of the Children and persistent identifiers, like IP addresses, that can be used to track Children’s activities over time and across different websites and online services.
A parent/guardian has control over the data, including, personally identifiable information, we collect from children under 13.
COPPA gives you tools to do that. The Federal Trade Commission, the nation’s consumer protection agency, enforces the COPPA Rule.
If a website or service provider is covered by COPPA, it has to obtain your consent before collecting data, including, personally identifiable information from Children under the age of 13 and it has to honor your choices about how that data, including, personally identifiable information is used. We follow COPPA and seek from you the necessary consent.
A full text of COPPA is available at COPPA , COPPA FAQ’s
How is Verifiable Parental Consent Obtained?
COPPA requires us to obtain verifiable parental/guardian consent (with limited exceptions) prior to the collection, use and disclosure of your data, including, personally identifiable information.
Verifiable parental/guardian consent is obtained from the parents/guardians before the children can login to their account and use Web App.
If a child is enrolled through an Client Educational Entity, verifiable parental/guardian consent can also be obtained on behalf of the parent/guardian through child’s school known as “school consent”.
Does COPPA affect the website and Web App?
The answer is yes, as we through the website and Web App and our Data Handling practices, collect children’s data, including, personally identifiable information.
How does COPPA work with PFG?
We do not permit children under the age of 13 to register as Users of the Web App without verifiable parental consent and meeting any other requirements of ours for registration.
When applicable, children that are under the age of 13 and are associated with a Client Educational Entity, will follow the parental/guardian consent process through the policies and procedures established by the Client Educational Entity. Also, for such Children any subsequent parental/guardian involvement follows the process and procedures established by the Client Educational Entity and is always through the Client Educational Entity.
Please review our Privacy Statement as well as this K-12 Privacy Policy of which these COPPA provisions are a part.
What are your choices?
Determine whether you are comfortable with our Privacy Statement and K-12 Privacy Policy and the Data Handling policy in the Privacy Statement and this K-12 Privacy Policy and whether you want to allow participation in Web App.
As a parent/guardian, you have the right to review or have deleted the data about your children, including, personally identifiable information, collected about your children.
As the parent/guardian, you also have the right to retract your consent at any time, including, personally identifiable information, about your children.
Specific Data Handling for Children
Our Data Handling involves specifically: first and last name, telephone numbers, e-mail addresses, passwords, child age/child date of birth, a child ID #, name of Client Entity associated with, activities/interests (teams/clubs), applicable photographs, video and audio files submitted by a child that contain a child’s image or voice, browser type, and access time spent on Web App, page views, referring URLs and, seniority or grade year.
Data Handling for the data, including, personally identifiable information, of parents of children is limited to Data Handling required by us for any verified parental consent and/or subsequent parental involvement.
What Data, Including, Personally Identifiable Information, Is Encrypted
Data, including, personally identifiable information that we encrypt is as follows: first and last name, telephone numbers, e-mail addresses, passwords, child age/child date of birth, child ID #, name of Client Entity associated with, activities/interests (teams/clubs), applicable photographs, video and audio files submitted by a child that contain a child’s image or voice, and, seniority or grade year.
Encryption, where there is Data Handling of a parent data, including, personally identifiable information, is aligned with the encryption that is deployed by us for children.
What Data, Including Personally Identifiable Information, May Be Transferred To Or Shared With, Including, Third Party Service Providers
Data, including, personally identifiable information that may be transferred to or shared with third party service providers is as follows first and last name, telephone numbers, e-mail addresses, passwords, child age/child date of birth, child ID #, name of Client Entity associated with, activities/interests (teams/clubs), browser type, applicable photographs, video and audio files submitted by a child that contain a child’s image or voice, and, seniority or grade year.
Transferring or sharing to third party service providers, where there is Data Handling relating to a parent data, including, personally identifiable information, is aligned with the process that is deployed by us for Children.
Special Message About Data Sharing As to Children under the age of 13
We do not use or sell data, including, personally identifiable information of Children for advertising or marketing purposes.
We will only disclose Children’s data, including, personally identifiable information, if required to do so by applicable rules, regulations and laws, or as otherwise stated in this K-12 Privacy Policy and Privacy Statement or in the good faith belief that such action is necessary to: (a) conform to the edicts of the law or comply with legal process served on us; (b) protect and defend our rights or property and those of others, including, among other things to enforce our contracts; (c) act under exigent circumstances to protect the personal safety of Children or the public; (d) to correct technical problems and malfunctions in how we provide the Web App to users and to technically process Children’s data, including, personally identifiable information; (e) to take precautions against liability; (f) to respond to claims that the rights or interests of a third party have been violated; or (g) as permitted or required by law to respond to law enforcement agencies. Also, certain technical processing of Children’s data, personally identifiable information is required for: (a) providing Web App; (b) conforming to technical requirements of connecting networks; (c) conforming to the limitations of the Web App; or (d) other similar technical connecting requirements.
What if you have concerns?
Should a child, parent or guardian have any questions, concerns, or requests about the COPPA provisions of this K-12 Privacy Policy and is a Client User or parent/guardian of a Client User, you should as a first level of support, contact the Client Entity administrator. If the requests are not addressed by the Client Entity administrator, as a second level of support, contact us as follows:
PFG Chief Privacy Officer
400 Broadway #959
Troy, New York 12180
Phone: (518) 203-6710
E-Mail: cpo@passportforgood.com
If a child or parent/guardian thinks we have collected data, including, personally identifiable information of a child and/or marketed to a child in a way that violates the law, contact the FTC at FTC.
D. FERPA COMPLIANCE [FERPA & ITS REGULATIONS (20 U.S.C. 1232g)] IF APPLICABLE
1. Summary
FERPA protects data, including, personally identifiable information in student’s “educational records” from unauthorized disclosure. FERPA also provides parents/guardians the right to have the records amended and the right to have some control over the disclosure of data, including, personally identifiable information from student’s education records. The purpose of FERPA and its regulations is to set out the requirements for the protection of children, parents/guardians and eligible students.
Because we are involved in Data Handling of children’s and eligible student’s data, including, personally identifiable information, We are subject to FERPA and its regulations and are hereby providing this K-12 Privacy Policy to comply with applicable laws, rules and regulations, and to fully demonstrate our commitment to privacy. Under FERPA, schools cannot share student’s data, including, personally identifiable information contained in an “educational record” without parent’s/guardian’s written consent. Under FERPA, schools can share data, including, personally identifiable information from educational records with third parties that provide a legitimate educational function.
A full text of the FERPA regulations is available at FERPA.
2. Protection of Data, Including, Personally Identifiable Information
As part of Data Handling of data, including, personally identifiable information, we may mask, de-identify, anonymize and/or aggregate data, including, personally identifiable information, and in such instances all data, including, personally identifiable information, is completely anonymous and we are providing notice of such not only to comply with applicable laws, rules and regulations, but, to fully demonstrate our commitment to privacy.
We comply with applicable laws, rules and regulations, and to fully demonstrate our commitment to privacy, we are informing you that we use certain third party service providers to assist in masking data, de-identifying, anonymizing or aggregating data, including, person identifiable information and in such instances all data, including, personally identifiable information, is completely anonymous.
You understand and acknowledge specifically the masking, de-identification, anonymization and aggregation of data, including, personally identifiable information, notifications set forth in the above two paragraphs as to us and the third party service providers which assist us in providing the Web App to you.
Under FERPA, all data, including, personally identifiable information is protected.
3. FERPA Definitions
Personal[ly] Identifiable Information (also sometimes known as “PII”) includes, but is not limited to—
(a) The student’s name;
(b) The name of the student’s parent or other family members;
(c) The address of the student or student’s family;
(d) A personal identifier, such as the student’s social security number, student number, or biometric record;
(e) Other indirect identifiers, such as the student’s date of birth, place of birth, and mother’s maiden name;
(f) Other information that, alone or in combination, is linked or linkable to a specific student that would allow a reasonable person in the school community, who does not have personal knowledge of the relevant circumstances, to identify the student with reasonable certainty; or
(g) Information requested by a person who the educational agency or institution reasonably believes knows the identity of the student to whom the education record relates.
“Parent” means a parent of a student and includes a natural parent, a guardian, or an individual acting as a parent in the absence of a parent or a guardian.
“Eligible student” means a student who has reached 18 years of age or is attending an institution of postsecondary education.
4. Consent & Involvement
Under FERPA, verified parental consent is required for schools to share educational records containing data, including, personally identifiable information, if you are under the age of 18 years.
Where children are associated with a Client Educational Entity, the required consent of the parent given to us is obtained through the Client Educational Entity and all of our subsequent involvement are through the Client Educational Entity. We reciprocate the policies and procedures of the Client Educational Entity that we are working with as to verified parental consent and parental involvement we will have a contract with the Client Educational Entity that we are working with, which contains terms regarding verified parental consent and parental involvement. The Client Educational Entity is required to validate the identity of the parent in all instances of verified parental consent or parental involvement.
We rely on the Client Educational Entity to obtain the necessary verifiable parental consent for any Client User under the age of 18 years and to obtain any further verifiable parental consent under this K-12 Privacy Policy for any Client User under the age of 13 years. Once verified parental consent is obtained by Child Educational Entity, any subsequent involvement with a parent for any Client User under the age of 18 years, will be through the Child Educational Entity, except, as otherwise designated herein.
When Children become Eligible students the rights accorded to and consent required of parents under FERPA transfers from parent/guardian to the Eligible student. We work with the Eligible student in the same manner that we worked with the parent of the Eligible student when that Eligible student was under the age of 18.
5. Notification of Rights
Children’s or student’s data, including, personally identifiable information, cannot be sold or released for any commercial or marketing purposes by us.
Children’s or student’s data, including, personally identifiable information, may only be used by us for purposes that are deemed to be legitimate educational purposes and within the intended purposes of the Web App.
Parents and Eligible students have the right to know all data, including, personally identifiable information, which are subject to Data Handling by us, regarding a student.
Parents and Eligible students have the right to inspect and review all data, including, personally identifiable information, which are subject to Data Handling by us regarding a student.
Parent and Eligible students have the right to seek amendment of all data, including, personally identifiable information, regarding a student, that is believed to be inaccurate, misleading or otherwise in violation of a student’s privacy rights.
Parent and Eligible students have the right to seek deletion of all data, including, personally identifiable information, regarding a student, provided however that if such data is deleted, such could affect the functionality you experience with the Web App.
If there is a need for exercising any of the above rights, including, those as to inspection and review, amendment, or deletion of data, including, personally identifiable information and the user is a Client User or parent/guardian of a Client User, you should as a first level of support, contact the Client Entity administrator. If the requests are not addressed by the Client Entity administrator, as a second level of support, contact us as follows:
PFG Chief Privacy Officer
400 Broadway #959
Troy, New York 12180
Phone: (518) 203-6710
E-Mail: cpo@passportforgood.com
6. Safeguards
In furtherance of the section of the Privacy Statement regarding privacy and security, We have implemented administrative, technical, and physical safeguards associated with industry standards and best practices, including, but not limited to, encryption, firewalls and password protection when data, including, personally identifiable information, is stored or transferred or otherwise in motion. We conduct security audits from time to time for the Web App.
7. Third Party Service Providers Specifically
In compliance with applicable laws, rules and regulations, and to fully demonstrate our commitment to privacy, we are informing you that we use certain third party service providers for Data Handling and other services which assist us in providing the website and Web App. We hold such third party service providers to the same standard that we are held to as to Data Handling. We do not share any data, including, personally identifiable information from “educational records” with any third party unless, they are providing services to us and only to the extent that such must be shared to facilitate the functioning of the website and Web App.
We utilize the services of third party service providers to assist us in providing access to the website and Web App. A list of third party service providers is available upon request by contacting cpo@passportforgood.com.
The third party service providers we utilize, have established comparable privacy terms consistent with the privacy terms under the Privacy Statement and the K-12 Privacy Policy which we have established and notify them of such on an annual basis.
We inform the third party service providers annually that our services are directed to Children and students and of our Data privacy and security policies and practices.
8. Notification of Breach
We are required to notify the Client Entity/Client Educational Entity of any breach of privacy or security involving a child’s data, including, personally identifiable information, by us or any third party service providers utilized by us.
9. Notification of Sale or Merger
Sharing with Affiliated Businesses: Over time, we may grow and reorganize. We may share your information, including personal information with affiliates such as a parent company, subsidiaries, joint venture partners or other companies that we control or that are under common control with us, in which case we will require those companies to agree to use your personal information in a way that is consistent with our Privacy Statement and K-12 Privacy Policy.
We will provide notice of an acquisition within thirty (30) days following the completion of such a transaction, by posting on our homepage, and by email to your email address that you provided to us. If you do not consent to the use of your personal information by such a successor company, subject to applicable law, you may request its deletion from the company.
E. NEW YORK STATE RULES, REGULATIONS & LAWS
As a New York State corporation, We are subject to general requirements of privacy under New York State law as set forth in New York Gen Bus L § 899-AA.
Specifically, in respect to Children and students enrolled in an Educational Entity, Section 2-d of the Education Laws of the State of New York (“Section 2-d”) are applicable to us directly and our third party service providers.
Under Section 2-d, among other things, a Parent’s Bill of Rights applies, standard for data privacy and security shall be stated in clear and plain English terms and terms regarding Data Handling shall be stated.
A full text of Section 2-d is available at Section 2-d.
Our summary of the Parent’s Bill of Rights as it applies to us has been extracted from Section 2-d and text is available at PFG Summary of Parent Bill of Rights – Data Privacy and Security.
We are committed to ensuring the privacy of Children and students in accordance with Local, State and Federal regulations and the policies of schools/school districts in New York state. To this end the following summary of Section 2-d is provided to you which parallels the requirements of FERPA:
Children’s and student’s data, including, personally identifiable information, cannot be sold or released for any commercial or marketing purposes by us.
Children’s and student’s data, including, personally identifiable information, may only be used by us for purposes that are deemed to be legitimate educational purposes and within the intended purposes of the Web App.
Parents and Eligible students have the right to know all data, including, personally identifiable information, which are subject to Data Handling by us, regarding a student.
Parents and Eligible students have the right to inspect and review all data, including, personally identifiable information, which are subject to Data Handling by us regarding a student.
Parent and Eligible students have the right to seek amendment of all data, including, personally identifiable information, regarding a student, that is believed to be inaccurate, misleading or otherwise in violation of a student’s privacy rights.
Parent and Eligible students have the right to seek deletion of all data, including, personally identifiable information, regarding a student, provided however that if such data, including, personally identifiable information, is deleted, such could affect the functionality you experience with the Web App.
If there is a need for exercising any of the above rights, including, those as to inspection and review, amendment or deletion of data, including, personally identifiable information and the user is a Client User or parent of a Client User, you should as a first level of support, contact the Client Entity administrator. If the requests are not addressed by the Client Entity administrator, as a second level of support, contact us as follows:
PFG Chief Privacy Officer
400 Broadway #959
Troy, New York 12180
Phone: (518) 203-6710
E-Mail: cpo@passportforgood.com
In furtherance of the section of the Privacy Statement regarding privacy and security, we have implemented administrative, technical, and physical safeguards associated with industry standards and best practices, including, but not limited to, encryption, firewalls and password protection when data, including, personally identifiable information, is stored or transferred or otherwise in motion.
The third party service providers We utilize have established comparable privacy terms consistent with the privacy terms which we have established and notify them of such on an annual basis.
We notify the Client Entity/Educational Entity of any breach of privacy or security involving children’s or student’s data, including, personally identifiable information, by us or any third party service providers utilized by us.
Please be advised that the Parent’s Bill of Rights for data, privacy and security under Section 2-d is subject to change, based upon regulations of Commissioner of Education issued from time to time, which address data, privacy and security in respect to third-party contractors, such as us, in providing educational related products and services.
F. DATA & ACCOUNTS
Where this K-12 Privacy Policy applies, please note that it is our policy to delete data, including, personally identifiable information, and accounts of an Individual User, if there has been no activity for seven (7) years.
Where this K-12 Privacy Policy applies, please note that it is our policy to delete your data, including, personally identifiable information, and accounts of a Client User associated with an Client Entity/Educational Entity, if there has been no activity for seven (7) years.
In addition to the other specific provisions of this K-12 Privacy Policy, data, including, personally identifiable information, generally may be deleted at any time as follows.
Upon receipt by us at cpo@passportforgood.com of a request by a Client User or parents/guardians of a Client User to delete the data, including, personally identifiable information in writing, we will delete the data, including, personally identifiable information as soon as reasonably possible after receipt of a such request.
In addition to the other specific provisions of this K-12 Privacy Policy, an account generally may be deleted at any time as follows. Upon receipt by us at cpo@passportforgood.com of a request by a Client User or parents/guardians of a Client User to delete the account, in writing, we will delete the account as soon as reasonably possible after receipt of a such request. Notwithstanding the above, in respect to data, including, personally identifiable information, and accounts, the following applies:
Data, including, personally identifiable information, and account details, may be retained by us as required by applicable rules, regulations, and laws. Some or all data, including, personally identifiable information, and account details, may need to be retained by us for school legal compliance reasons. Some or all data, including, personally identifiable information, and account details, may need to be retained by the Client Educational Entity.
Data, including, personally identifiable information, and account details, may be retained by us for archival purposes.
Data, including, personally identifiable information, and account details, may be cached on various storage devices of ours or those of third party service providers from which it will not be deleted.
Data, including, personally identifiable information, and account details, may also continue to remain on our server in a dormant status without being deleted.
Where, we have been requested to take some action regarding your data, including, personally identifiable information, or your account, we will do so as timely as reasonably possible given the nature and scope of the requested action.
G. GENERAL
No updates, revisions, or amendments of any provision of this K-12 Privacy Policy and any document referenced herein or linked hereto, shall be valid unless made in a writing (including, by electronic means) and posted on the website and the Web App or otherwise initiated or confirmed by us, including, by e-mail.
We reserve the right to update, revise or amend the Software, the website, Web App, and this K-12 Privacy Policy, at any time, for any reason or no reason, and any update, revision or amendment shall apply as of the designated date. We reserve the right to update, revise or amend any document referenced herein or linked hereto, at any time, for any reason or no reason, and any update, revision or amendment shall apply as of the designated date. It is your responsibility to periodically check the website and Web App and any e-mails from us regarding any such updates, revisions, or amendments.
We will notify Client Entity/Client each Educational Entity that we work in writing at a minimum thirty (30) days in advance of any material changes to this K-12 Privacy Policy.
This K-12 Privacy Policy as well as any documents referenced herein or linked hereto represent the entire understanding between us and you regarding its subject matter.
Rev. 03/2022