Statement of Compliance

STATEMENT OF COMPLIANCE

This statement is provided by Strivven Media LLC, a North Carolina limited liability company having a mailing address of P.O. Box 5424, Asheville, NC 28813, and an email address of info@strivven.com, (“Strivven”) in accordance with the requirements of various state and federal laws. The statement is intended to serve both as notice to users of Strivven’s services as well as an addendum to Strivven’s agreements with educational institutions.

I. COPPA

Strivven has reviewed and confirms that its operations and provision of services comply with the U.S. Children’s Online Privacy Protection Act (COPPA). This confirmation of compliance is based on Strivven’s observance of applicable Federal Trade Commission (FTC) operating guidance and interpretation of COPPA’s applicability to vendors with particular reference to the following: https://www.ftc.gov/tips-advice/business-center/guidance/complying-coppa-frequently-asked-questions (March 2015 revision).

In accordance with COPPA:

  1. Strivven has posted a clear and comprehensive online privacy policy describing its information practices for personal information collected online from children. This privacy policy is available here: http://www.virtualjobshadow.com/resources/policy/
  2. Strivven does not solicit information from or market products or services to children under 13 through its website or otherwise. To the extent which Strivven’s services cause Strivven to obtain personal information from children, these services are provided in connection with an educational institution which is responsible for providing notice to parents before contracting with Strivven.
  3. Strivven does not share student’s personal information with third parties except as required to deliver its services to students in accordance with its agreements with educational institutions.
  4. To the extent which Strivven has obtained a student’s personal information, the student’s parent, legal guardian, or the eligible student may review and correct the student’s personally identifiable information in the student’s record by logging into Strivven’s platform using the student’s login credentials, which may be provided by the student or administrators associated with the educational agency. Strivven certifies that a student’s records shall not be retained or available to Strivven upon termination of the relationship with the associated educational institution. At that time, all associated student data will be deleted by Strivven.
  5. Strivven maintains the confidentiality, security, and integrity of information it collects from children, including by taking reasonable steps to release such information only to parties capable of maintaining its confidentiality and security and employing of physical, administrative, and technical safeguards based on currently available technology and industry best practices.
  6. Strivven retains personal information collected online from a child for only as long as is necessary to fulfill the purpose for which it was collected and deletes the information using reasonable measures to protect against its unauthorized access or use.

II. FERPA

Strivven has reviewed and confirms that its operations and provision of services comply with the Federal Educational Rights and Privacy Act (FERPA). Since Strivven is a vendor to educational institutions rather than directly providing services to students, FERPA is not directly applicable to Strivven. Striven complies with the U.S. Department of Education rules, specifically 34 CFR § 99.31, which allows institutions subject to FERPA to share student data with contractors without first obtaining separate consent from eligible students or their parents or guardians. This confirmation of compliance is based on Strivven’s observance of applicable U.S. Department of Education best practices for written agreements with particular reference to the following: http://ptac.ed.gov/sites/default/files/data-sharing-agreement-checklist.pdf

  1. Strivven is willing to enter a binding data sharing agreement with educational institutions. Strivven requires its employees, contractors, and consultants to comply with data privacy requirements through confidentiality agreements.
  2. Strivven strictly limits its use of personally identifiable information to the minimum required to provide its services to eligible students through its agreements with educational institutions. Its use of such information is in a manner consistent with the privacy policy available here: http://www.virtualjobshadow.com/resources/policy/
  3. Strivven shares with educational institutions contact information for its Chief Technology Officer, who is responsible data management and maintenance. This contact information is also made available through Strivven’s website.
  4. Strivven’s management team defines and maintains privacy and data protection policies.
  5. The educational institutions with which Strivven has relationships retain ownership of any personally identifiable information shared with Strivven.
  6. Strivven certifies that a student’s personally identifiable information shall not be retained or available to Strivven upon completion of its relationship with educational institutions. At that time, all student data will be deleted by Strivven.
  7. Strivven acknowledges that the educational institutions with which it enters into agreements have the right to perform audits of Strivven’s data security practices. Strivven will reasonably cooperate in the conducting of any such audits.
  8. Strivven works hard to ensure the security and confidentiality of student data. Strivven’s reasonable efforts include employment of physical, administrative, and technical safeguards based on currently available technology and industry best practices to promote the integrity and security of both its services and student records.
  9. In the event of an unauthorized disclosure of student records as held by Strivven, Strivven will notify the affected students by contacting the local educational agency administrators by email with a detailed explanation of the breach and any steps needed or taken to provide a remedy. The local educational agency will then be prepared to disseminate this information to the affected parent, legal guardian, or eligible student.

III. California AB 1584

Strivven has reviewed and confirms that its operations and provision of services comply with California Assembly Bill 1584, codified as California Education Code Section 49073.1. Specifically, with respect to any software services provided by Strivven through a contract with a local educational agency:

  1. Pupil records continue to be the property of and under the control of the local educational agency.
  2. Pupils are able to retain possession and control of their own pupil-generated content and transfer pupil-generated content to their personal accounts. Specifically, content generated by a pupil through Strivven’s services is created and edited in Strivven’s platform and may be exported as a Word or PDF document and saved to the pupil’s computing device.
  3. Any information in pupil records will not be used by Strivven except for the exclusive purpose of providing Strivven’s services as described and authorized by contracts between Strivven and the local educational agency.
  4. To the extent which Strivven has obtained a pupil’s personally identifiable information, the pupil’s parent, legal guardian, or the eligible pupil may review and correct the pupil’s personally identifiable information in the pupil’s record by logging into Strivven’s platform using the pupil’s login credentials, which may be provided by the pupil or administrators associated with the local educational agency.
  5. Strivven works hard to ensure the security and confidentiality of pupil records. Strivven’s reasonable efforts include employment of physical, administrative, and technical safeguards based on currently available technology and industry best practices to promote the integrity and security of both its services and pupil records.
  6. In the event of an unauthorized disclosure of a pupil’s records as held by Strivven, Strviven will notify the affected pupil by contacting the local educational agency administrators by email with a detailed explanation of the breach and any steps needed or taken to provide a remedy. The local educational agency will then be prepared to disseminate this information to the affected parent, legal guardian, or eligible pupil.
  7. Strivven certifies that a pupil’s records shall not be retained or available to Strivven upon completion of the relationship with the local educational agency. At that time, all pupil data will be deleted by Strivven.

IV. California SB 1177

Strivven has reviewed and confirms that its operations and provision of services comply with California Senate Bill 1177, codified as 8 Cal. Bus. & Prof. Code Sec. 22584 et seq. Specifically, with respect to any software services provided by Strivven through a contract with a local educational agency:

  1. Strivven shall not knowingly engage in any of the following activities:
    1. Engage in targeted advertising through its services or target advertising on any other site, service, or application when the targeting of the advertising is based upon any information, including covered information and persistent unique identifiers, that Strivven has acquired because of a pupil’s use of Strivven’s services provided in connection with the local educational agency.
    2. Use information, including persistent unique identifiers, created or gathered through Strivven’s services to amass a profile about a K–12 student except in furtherance of K–12 school purposes.
    3. Sell a student’s information, including covered information. This prohibition does not apply to the purchase, merger, or other type of acquisition of Strivven by another entity, provided that Strivven or successor entity continues to be subject to the provisions of this section with respect to previously acquired student information.
    4. Disclose covered information unless the disclosure is made:
      1. In furtherance of the K–12 purpose of Strivven’s services, provided the recipient of the covered information disclosed pursuant to this subparagraph:
        1. Shall not further disclose the information unless done to allow or improve operability and functionality within that student’s classroom or school; and
        2. Is legally required to as described below;
      2. To ensure legal and regulatory compliance;
      3. To respond to or participate in judicial process;
      4. To protect the safety of users or others or security of the site; Or
      5. To a service provider, provided Strivven contractually:
        1. prohibits the service provider from using any covered information for any purpose other than providing the contracted service to, or on behalf of, the operator,
        2. prohibits the service provider from disclosing any covered information provided by the operator with subsequent third parties, and
        3. requires the service provider to implement and maintain reasonable security procedures and practices as provided below.
  2. Strivven shall:
    1. Implement and maintain reasonable security procedures and practices appropriate to the nature of the covered information, and protect that information from unauthorized access, destruction, use, modification, or disclosure.
    2. Delete a student’s covered information if the school or district requests deletion of data under the control of the school or district.
  3. Notwithstanding section A(4) above, it is acknowledged that Strivven may disclose covered information of a student, as long as sections A(1-3) are not violated, under the following circumstances:
    1. If other provisions of federal or state law require Strivven to disclose the information and Strivven complies with the requirements of federal and state law in protecting and disclosing that information.
    2. For legitimate research purposes:
      1. as required by state or federal law and subject to the restrictions under applicable state and federal law or
      2. as allowed by state or federal law and under the direction of a school, school district, or state department of education, if no covered information is used for any purpose in furtherance of advertising or to amass a profile on the student for purposes other than K–12 school purposes.
    3. To a state or local educational agency, including schools and school districts, for K–12 school purposes, as permitted by state or federal law.
  4. Strivven is not prohibited from using deidentified student covered information as follows:
    1. Within Strivven’s site, service, or application or other sites, services, or applications owned by Strivven to improve educational products.
    2. To demonstrate the effectiveness of Strivven’s products or services, including in its marketing.
    3. In aggregated form for the development and improvement of educational sites, services, or applications.

V. California AB 1442

Strivven has reviewed and confirms that its operations and provision of services comply with California Assembly Bill 1442, codified as California Education Code Section 49073.6, in its entirety. This bill is not applicable to Strivven’s services generally or its relationship with any educational institution since Strivven does not collect student information through social media and has not been asked to perform such a service by an educational institution.