Learning Services Privacy Policy

Table of Contents

• A. Policy Overview
• B. Contact Us
• C. Personal Information We Collect
• D. How We Use Personal Information
• E. How We Share Personal Information
• F. Security
• G. School Customer Responsibilities
• H. Miscellaneous
• I. Definitions

A. Policy Overview

This privacy policy ("Privacy Policy" or "Policy") describes how Pearson Education, Inc. ("Pearson", "we", or "us") collects, protects, uses and shares personal information gathered from Users of Pearson U.S. K-12 websites, applications, products and services ("Educational Service(s)", or "Service(s)") that link to this Privacy Policy. It is important to us that educational institutions who have purchased and are using our Educational Services ("School Customers", or "you") understand the measures we have taken to keep our Services a safe and trustworthy environment for all Users.

Although Sections C, D, and E of this Privacy Policy provide detailed information on our collection, use and disclosure of your Personal Information, we would like to highlight the following:

1. We will NEVER sell your Student Data to third parties.
2. We will NEVER perform targeted advertising of your Student Users.
3. We will NEVER share your Student Data with third parties for the purpose of targeted advertising.
4. We will NEVER build marketing profiles of your Student Users.
5. We will NEVER claim ownership of your Student Data.

Changes to this Policy

We encourage you to read through and understand this Privacy Policy. From time to time, we may update it to address new issues or reflect changes to our Services. If we are making updates that involve material changes to the collection, protection, use or disclosure of Personal Information, we will attempt to provide you with advanced notice of the revisions. This notice may occur through various methods depending on which will best allow us to reach affected customers. These methods may include, but are not limited to, e-mail, postal mail, or a conspicuously-posted website notice. Depending on the method that is used, we may also provide Users of the Service with advance notice of material changes, however, School Customers should ensure that they keep students, parents, and other stakeholders informed of any material changes, as data handling practices can vary based on school-specific configurations and requests. Please feel free to contact us if you have questions or concerns regarding intended Privacy Policy revisions.

In accordance with our commitment to provide notice as described above, we reserve the right to revise the terms of this Privacy Policy. Any such revisions to this Policy are effective immediately upon posting of a revised Policy. Your use of the Services subsequent to such posting constitutes your acceptance of such revisions.

B. Contact Us

Pearson is committed to maintaining a dialogue with School Customers about our data handling practices. If you have any concerns, comments or questions about this Policy or general Service-related data handling practices, please contact us through one of the following methods:

Pearson Customer Care

C. Personal Information We Collect

We collect information about Users of the Service in multiple ways, including Personal Information provided directly to us by a School Customer for upload to the Service, data collected directly from or generated by Student and Educator Users of the Service, and data generated through your use of the Service. Depending on the Services provided, we may also collect Personal Information through other methods that follow the terms of this Privacy Policy.

Personal Information Input by School Customers

When a School Customer contracts with Pearson to provide an Educational Service, initial setup and configuration of that Service, in most cases, will involve an initial transfer of Personal Information by the School Customer. The following tables contain information about elements of Student and Educator Data commonly collected from our School Customers. Although we do attempt to maintain the accuracy of these tables, data handling practices may vary significantly across our K-12 products.

Directly Collected or User Generated Personal Information

Many of our Educational Services allow Users to create, upload and share information. Collection of this information is optional and at the discretion of the School Customer and/or User. The following tables contain information about elements of Student and Educator Data commonly collected directly from or generated by our School Customers and their Users.

Service-Generated Data

The Service you have purchased may generate information tied to specific Users as a core part of its functionality, such as for adaptive learning or providing immediate feedback to students. Service-generated data may also include the automatic generation of usernames or other data elements tied to a specific User, where those elements are not provided or set by the School Customer.

Cookies and Related Technologies

Our Services use cookies to enable you to sign-in to the Service and access your stored preferences and settings. You have a variety of tools to control the use of cookies, web beacons, and similar technologies, including browser controls to block and delete cookies. If you choose to disable or block these technologies, it may prevent or impair required functionality and therefore your use of the Service.

Application and System Logs

Application and system logs are critical to ensuring the availability and security of the Service. We collect log data for such purposes as monitoring the health of the Service, detecting unauthorized access and fraudulent activity on the Service, preventing and responding to Service-related security incidents, and ensuring appropriate scaling of the Service's computing resources.

Do Not Track Disclosures

Do Not Track ("DNT") is a proposed mechanism for allowing website visitors to control the collection of certain Usage Data. Although there has been research into the development of a standard to support the use of DNT signals, there is no adopted standard to follow. We do not currently respond to Do Not Track signals, but we are closely monitoring DNT proposals for further developments.

Third-Party Collection

Although we may use third-party vendors, subcontractors, and service providers to assist us in providing the Service, we do not permit third-party ad networks or similar services to collect the Personal Information of our authenticated Users.

D. How We Use Personal Information

We use your Personal Information for educational purposes and to exercise our legal rights, as described below.

Educational Uses

We use Personal Information to provide you with the Service(s) requested. We may use your Personal Information for any purposes required or permitted under our Agreement or with your consent.

Legal and Safety Uses

We may use your Personal Information to protect or exercise our legal rights, to defend against claims, to investigate fraud and other criminal conduct, to enforce our Terms of Service, to respond to a government request, to protect the security, integrity and availability of the Service, or to otherwise protect the property and safety of Pearson, our Users, and others.

De-Identified and Aggregate Data

We may use Usage Data and other properly de-identified or aggregate data to improve existing products, develop new products, communicate product effectiveness and outcomes, and for other related purposes. Our methods for de-identification are informed by guidance from the National Institute of Standards and Technology (NIST), the U.S. Department of Education's Privacy Technical Assistance Center, and the Department of Health and Human Services. Unless required to do so by law, we will not attempt to re-identify de-identified data and, where feasible and appropriate, will not transfer de-identified data to a third party unless they also agree not to attempt re-identification.

E. How We Share Personal Information

We share your Personal Information with third parties for educational purposes and to exercise our legal rights, as described below.

Subcontractors

Depending on the Service, we may hire subcontractors, vendors or other third parties to help deliver or improve the Service. Third-parties that we work with who have access to your Personal Information are subject to stringent privacy and security contractual requirements including, but not limited to, prohibitions on collection, use or disclosure of Personal Information for non-educational purposes and maintenance of a comprehensive information security program.

Merger, Acquisition or Bankruptcy

If we are involved in a merger, acquisition, or sale of all or a portion of our assets, we may need to share your Personal Information with the acquiring entity. We will condition any merger, acquisition, or sale on continued adherence to the terms of this Policy and maintaining a materially similar level of protection for your Personal Information. If such an event occurs, we will provide you information about the coming change, how it may impact you and any choices you may have.

Legal and Safety Disclosures

We may disclose your Personal Information when it is required or permitted by law, such as to comply with a subpoena, court order or similar legal process, to protect or exercise our legal rights, to defend against claims, to investigate fraud and other criminal conduct, to enforce our Terms of Service, to respond to a government request, to protect the security, integrity and availability of the Service, or to otherwise protect the property and safety of Pearson, our Users, and others.

Data Ownership and Access Requests

School Customers have primary responsibility for fulfilling student and parent access, amendment, and export requests. In most cases, School Customers can fulfill these requests using the built-in functionality of the Service. Where this functionality is not available or the School Customer cannot otherwise fulfill the request on their own, we will provide reasonable assistance with the production or export of Student Data if the assistance is in accordance with our Agreement and applicable law. In rare cases, we may not be able to fully satisfy these requests. Examples include requests for confidential company information in addition to Student Data, requests for Student Data in a specific or proprietary format that we are unable to support, or requests that are prohibited by law.

F. Security

We store and process School Customer Personal Information in accordance with industry standards and applicable law. Our comprehensive information security program protects your Personal Information from unauthorized access, use and disclosure through the use of reasonable and appropriate physical, administrative and technical safeguards. We perform periodic risk assessments of our information security program and prioritize remediation of identified security vulnerabilities. Nevertheless, security is a shared responsibility and no method of data transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee the absolute security of your Personal Information.

If you have general questions for us regarding the security and confidentiality of your Personal Information, please feel free to contact us using the information in Section B above.

Breach Notification

In the event of a security incident affecting our systems that involves your Personal Information, we will notify you as required by applicable law and the terms of our Agreement. We will always attempt to notify you of any security incident affecting your Personal Information that we believe poses a material risk of harm to you, your staff or your students.

Federation and Identity Management Support

We strongly support and encourage the use of secure federated identity management technologies such as SAML in conjunction with our Services. These technologies make access to our Service safer and more secure for your district and Users. If you would like more information on configuring your Service with federated identity management, please contact us using the information in Section B above.

Retention and Deletion

We retain, destroy or de-identify your Personal Information in accordance with applicable law and the terms of our Agreement. Deletion and retention functionality and procedures vary based on the Service used.

G. School Customer Responsibilities

Although we have taken numerous steps to ensure the privacy and security of Personal Information we hold on your behalf, your use of the Services must also be in accordance with prevailing security practices. These practices include, but are not necessarily limited to, (i) securely configuring your accounts using federated identity management or strong and unique passwords and not sharing your authentication information, (ii) avoiding the upload of unnecessary Personal Information into the Service, (iii) exercising oversight to ensure your Educator and Student Users are using the Service appropriately, (iv) training and educating your Users on the importance of privacy and security; and (v) limiting information sharing by allowing Users to access only the information that they need.

H. Miscellaneous

External Content

Certain Services we offer may provide Users with the ability to link to external content such as online videos or news articles. Educator Users often make these sites available as reading materials for Student User assignments or exercises. This Privacy Policy does not apply to any non-Pearson site, as we are unable to control the associated privacy and security practices. We urge our School Customers and Educator Users to exercise caution by evaluating the privacy practices of external content you are linking to, particularly those that collect Personal Information from your Student Users.

In addition to User-linked external content, some Services may link to, embed content from, or seamlessly integrate with Pearson-approved third party content providers. In such cases, we have made commercially reasonable efforts to evaluate the data handling practices these third parties to ensure they follow this Privacy Policy. In most cases, these third parties do not collect or receive any Student Data. For those third parties that do process Student Data, we have evaluated their data handling practices and require them to protect your Student Data in accordance with this Privacy Policy. Should you have concerns over the privacy practices of our linked or embedded external content, please notify us using the contact information in Section B above.

Governing Terms

Unless otherwise stated in the Agreement, the terms of this Policy shall prevail and supersede any inconsistent terms and conditions contained in the Agreement.

FERPA

Our Services comply with all applicable provisions of the Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99). We receive Student Data from School Customers as a "school official" under FERPA and only process Student Data for educational purposes. In the event we receive a subpoena or judicial order for the disclosure of education records, we will notify the associated School Customer(s) prior to fulfilling the request in accordance with §99.31(a)(9). For additional information on FERPA, please visit the U.S. Department of Education's Privacy Technical Assistance Center.

COPPA

Our Services comply with all applicable provisions of the Children's Online Privacy Protection Act (COPPA) (15 USC 6501 et seq.) To the extent COPPA applies to information we collect, we process such information for educational purposes only, at the direction of the partnering School Customer and on the basis of educational institution consent. For additional information on COPPA and educational institution consent, please refer to the Federal Trade Commission's Complying with COPPA: Frequently Asked Questions.

I. Definitions

Capitalized terms not defined in this section are defined by applicable law when a citation is present.

• "Agreement" means the underlying Service or License agreement between Pearson and the School Customer.
• "Data Handling Practices" means Pearson's practices related to the collection, protection, use or disclosure of Personal Information.
• "Educator Data" means the personally identifiable information of Users of the Service who are not students, such as teachers or School administrators.
• "Educator User" means a User of the Service who is not a student, such as a school administrator, faculty member, board member, school employee, school agent or representative.
• "Personal Information" means the personally identifiable information of Users of the Service.
• "School Customer" means the educational institution who has purchased and is using a Service.
• "Student Data" means the personally identifiable information Pearson receives about Student Users of the Service.
• "Student User" means a User of the Service who is a student at an educational institution who has purchased and is using a Service.
• "Usage Data" means data gathered about Users' activity on the site, which may be collected through the use of system or application logs, cookies, mobile device identifiers, IP addresses and other industry-accepted technology.
• "User" means an authenticated Authorized User of Pearson's U.S. K-12 online websites, applications, products and services.