Digital Products Privacy Statement

Purpose.

Wilson Language Training Corporation (“WLT,” “we,” “us,” or “our”) understands that privacy is incredibly important. The purpose of this Digital Products Privacy Statement (the “Statement”) is to inform our customers, users, and parents of users of our Digital Products regarding our current practices for protecting the privacy of student data and educator data.

Scope.

This Statement applies to our provision of Digital Products to educators and administrators (“Educators”), to schools or school districts who purchase our Digital Products on behalf of their Educators (“Schools”), and to the students whose information we may receive from Educators, who are typically students in K-12 or beyond (“Students”).

This Statement does not apply to our corporate website www.wilsonlanguage.com, which is subject to the Wilson Website Privacy Policy.

As used in this Statement:

“Customer” refers to either: (i) Schools, or; (ii) an individual Educator when they purchase Digital Products licenses directly from us for their own use (e.g., when an educator provides freelance tutoring).

“Digital Products” refers, collectively and individually, to FUN HUB®, Virtual Implementation Support (VIS), and/or those portions of Wilson Academy that are exclusively available to our paid Customers.

“Educator Data” refers to information about an Educator that, either alone or in combination with other reasonably available information, can be used to identify the Educator.

“Student Data” refers to any personally identifiable information of a Student, as that term is defined under the Family Educational Rights and Privacy Act (FERPA).

“User” refers to users of our Digital Products.

Use of our Digital Products by Students; COPPA Direct Notice.

As required under our Digital Products Terms of Service, a Student may only use our Digital Products with the prior consent of a parent, guardian, or eligible student, or by the School acting on behalf of the Student. When our Customer is a School, we receive Student Data pursuant to the “school official” exception under FERPA. Our Digital Products are only used in the context of School-directed learning; accordingly, Schools are not required to obtain parental consent under COPPA to provide us with Student Data described in this Statement, although many Schools choose to do so to comply with state or local requirements. We provide additional information for Schools, Educators, and parents related to COPPA in our Children’s Privacy Notice and COPPA Notice to Schools and Educators. When our Customer is an individual Educator, we require the Educator to obtain express consent from a parent or guardian of any minors, and direct consent from students above the age of majority, prior to providing us with any Student Data. Individual teachers must provide parents with a consent form that describes the data that Wilson will collect, how that data is used, and a link to our Digital Products Privacy Statement. By using our Digital Products, the Educator represents that they have the right to provide us with any Student Data that they provide to us. For information about COPPA obligations and our data-collection and data-use practices, see the COPPA Direct Notice linked earlier in this paragraph.  

Information We Collect.

In connection with providing our Digital Products, we receive or collect certain Student Data and Educator Data as described below:

Student Data

We receive the following Student Data from our Customers in connection with our provision of Digital Products:

• Name
• School, grade, and Fundations® Level
• Fundations assessment scores

Student Data is collected only as reasonably necessary to provide the services to our Customer.

We never collect the following information from or about Students:

• Precise geolocation data
• Biometric or health data
• Information about a person’s ethnic, racial, or national origin
• Information about a person’s religious or political beliefs

Additional Student Data for WRS Services. As part of Wilson Academy, and only as part of the WRS Level I or WRS Level II certification process, we work with Educators to support Students who require intervention or who are otherwise having trouble learning to read. Accordingly, as part of that certification process, we additionally collect the following Student Data:

• Native language
• Handedness
• Learning disability status
• Educational history (e.g., type of reading instruction, grades retained, if applicable)
• Normative assessment scores
• Observation data (WRS Level I only)

Student Data collected as part of WRS certification is only collected after the Educator or School has obtained express written consent from the parent or guardian of the Student.

Educator Data

We receive the following Educator Data in connection with an Educator’s use of and access to the Digital Products: first and last name, school name, school district, school email address, and other information about the Educator’s School. We collect this Educator Data to provide the Educator with the services and interact with Educators regarding our products and services. Additionally, for Wilson Academy, we collect information about an Educator’s professional and educational background directly from the Educator. When an Educator participates in a Wilson Academy or VIS event, we may record those interactions. We will provide the Educator with notice at the time that the recording will start, at which point the Educator will have the opportunity to opt out of the recording process. Please be aware that opting out may prevent the Educator from participating in the session.

Usage Data

In connection with a User’s interactions with our Digital Products, WLT or our third-party service providers automatically collect certain data (“Usage Data”). This Usage Data includes, but is not limited to, the content that a User chooses to interact with, their responses to questions within our Digital Products, and other information about their use of and interaction with our Digital Products. As part of Usage Data, we collect a User’s IP address or other identifiers for the device. We use Usage Data to enhance and improve our product and service offerings and to provide our products and services to the User.

Cookies

We may use and collect cookies or other technologies (“Cookies”) to collect data in order to support User use and access to the Digital Products, to enhance and personalize their experience with the Digital Products, and for analytics purposes. These Cookies are not used for marketing to Students.

De-Identified Data

We may create de-identified or aggregate data sets from the data we receive or collect (“De-identified Data”) to improve our product and service offerings, to understand how our products are being used, and for other lawful business purposes, as described in the “How We Use De-Identified Data” section below.

Inquiries

If a person reaches out to us regarding our Digital Products, we will collect and use only that additional personally identifiable information which is required to respond to the request.

How We Use Information.

How we use Student Data

Our use of Student Data is consistent with applicable laws and regulations, including, without limitation, the Family Educational Rights and Privacy Act (FERPA), the California Student Online Personal Information Protection Act (SOPIPA), the Children’s Online Privacy Protection Act (COPPA), and other state laws. All Student Data is handled securely, as described in the “How We Secure Your Information” section below. We do not obtain any ownership interest in Student Data.

We use Student Data for the following purposes:

• to provide our Digital Products
• to provide related reports and services to the Customer
• for customer support, and;
• to comply with applicable laws.

How we use Educator Data

We use Educator Data to register and maintain Educator accounts, to offer Educators the services, to support our interactions with Educators and Schools, and to provide Educators with information concerning our programs and services, newsletters, updates, and related materials.

How We Use De-Identified Data

We may use and share De-identified Data in a manner that complies with applicable laws, for our permitted business purposes, including for improving our product and service offerings, for customer service purposes, for research and development, and to understand how our products are being used.

Sharing of Your Information.

We may share Student Data and/or Educator Data (collectively, “Customer Data”) for the following purposes:

Services. We will share Customer Data with the Customer in connection with providing the Digital Products. We do not control Educators’ use or handling of Customer Data.

Service Providers. We may share Customer Data with service providers who support our provision of the Digital Products by offering us hosting services, information technology and support (e.g., video hosting), IT security, analytics, or technologies that enhance and personalize a User’s experience with the Digital Products. We evaluate the privacy and security controls of these service providers before we agree to use their services. These service providers are bound by applicable laws and contractual obligations of confidentiality and privacy to maintain Customer Data in a secure and confidential manner.

Google Analytics. As part of collecting Usage Data, we use Google Analytics to collect information about Educators’ use of our Digital Products. We do not use Google Analytics on Student-facing portions of our Digital Products, and we do not use the information we receive from Google Analytics to market to Students. Google Analytics collects information such as how often an Educator uses the Digital Products and what content they visit when they do so. Google Analytics collects only the IP address assigned to an Educator on the date the Educator uses the Digital Products, rather than Educator name or other identifying information. We use information generated in connection with Google Analytics for IT support, to understand how our websites are used, and for marketing purposes (unless otherwise agreed to with a Customer). Google’s ability to use and share information collected by Google Analytics about an Educator’s use of Digital Products is restricted by the Google Analytics Terms of Use and the Google Privacy Policy. Google is bound by applicable laws and contractual obligations of confidentiality and privacy to maintain Customer Data in a secure and confidential manner.

Merger or Transfer. If we sell or otherwise transfer our business, we will not transfer Customer Data unless the purchaser agrees to adhere to data-security and privacy standards no less stringent than the terms of this Statement.

Legal Compliance. We may disclose Customer Data to the extent required by law.

Additional Sharing of Educator Data:

Affiliated College or University. Some colleges and universities that offer courses in teaching or education will partner with Wilson to offer course credits to Educators in connection with completion of Wilson Academy trainings. In connection with those programs, we may share relevant Educator Data (and not Student Data) with the affiliated college or university for the purpose of confirming a particular Educator is entitled to course credits.

Wilson Certification Status. Please note that on occasion, we receive inquiries as to whether an individual Educator is Wilson® certified or has otherwise participated in our programs. Our policy is to not disclose personal information about participants in our programs. However, unless an Educator has specifically requested otherwise in writing, we will share information regarding the Wilson® credentials and the level of participation in our professional learning programs of a given Educator, if requested.

Additional Notes on Information Sharing:

• Other than as described in the disclosures above, we do not disclose Student Data other than as authorized and permitted by the School. 
• We do not sell Student Data, and advertisements are not placed within the Digital Products. Without limiting the foregoing, we do not transfer Student Data for any third-party marketing or targeted advertising or for any other type of behavioral advertising.
• Our Digital Products do not have any features or functionality that would permit or support the visibility of Student’s information and their interactions with other students, so there is no opportunity for cyber-bullying. Use of our Digital Products does not involve creating a profile, and there is no social component to our Digital Products.

Data Retention and Destruction.

Upon the written request of a Customer, we will remove Student Data and/or Educator Data from our production servers when we will no longer be providing access to the Digital Products to the Customer. We reserve the right, in our sole discretion, to remove Student Data and/or Educator Data for a particular customer from our production servers following a reasonable period of time after our relationship with a Customer has ended, as demonstrated by the end of contract term or Customer’s lack of activity within the Digital Products. We do not knowingly retain Student Data beyond the reasonable period of time required to support Customer’s educational purpose, unless authorized by the Customer. Student Data is removed from backups in accordance with our data retention standards.

How We Secure Your Information.

In connection with providing the Digital Products, we will implement and maintain reasonable technical, administrative, and physical safeguards. For more details on our safeguards and our IT security program, please review our Information Technology Security Standards.

Your Data Rights.

Choices About Your Information:

Student Data:

Parents of Students, guardians, or eligible Students may request to review, access, correct, delete, or remove their Student Data by contacting their School administrator. The School administrator can then verify the identity of the requesting party and notify us of the request. We will promptly comply with valid requests for correction or removal of Student Data. We cannot delete, change, or divulge any Student Data unless authorized by the Student’s School.

Educator Data:

For Educators who are provided access to the Digital Products by their Schools, the Educator may request to review, access, correct, delete, or remove their Educator Data by contacting their School administrator. The School administrator can then verify the identity of the requesting party and notify us of the request. We will promptly comply with valid requests for correction or removal of Educator Data. We cannot delete, change, or divulge any Educator Data unless authorized by the School. For Educators who purchase a license to Digital Products directly from us, those Customers may contact us directly to delete, correct, or remove their data, although such requests may hinder or prevent beneficial use of our Digital Products.

Links to Other Websites and Services

To give Users access to other helpful information, we may provide links to other sites. We provide these links as a convenience, and we do not endorse the content or services offered by, or the privacy policies in place on, these other sites.

Other sites to which we link may have privacy policies that differ from this Statement. We encourage Users to review the privacy policies of each site they may visit through any links. We are not responsible for the conduct or policies of these third parties.

Jurisdiction-Specific Disclosures.

If applicable, Wilson’s Jurisdiction-Specific Privacy Supplement located in the addendum below applies to Customer and its Users.

Updates to Our Privacy Statement.

We review this Privacy Statement on an annual basis and make updates from time to time, for example, to reflect changes in the law and to provide more clarity on our practices. When we make any changes, we will provide notice by updating the “last updated” date at the top of this Privacy Statement indicating when it was last revised. For material changes to this Privacy Statement, we will seek to provide notice of such material changes in advance of the change coming into effect, by emailing the Customer point of contact we have in our records.

Please reach out to Legal@wilsonlanguage.com with any questions on this Privacy Statement.

Jurisdiction-Specific Privacy Supplement

California Education Code § 49073.1: The following terms apply to our use of Customer’s pupil records (as defined in Education Code § 49073.1(D)(5)) for Customers located in California, to the extent required by applicable law:

(1) Pupil records continue to be the property of and under the control of Customer;

(2) No pupil-generated content is provided to WLT or generated in connection with WLT’s Digital Products;

(3) WLT will use and access pupil records solely for the purposes described in the Digital Products Terms of Service and Digital Products Privacy Statement;

(4) A parent, legal guardian, or eligible pupil may review personally identifiable information in the pupil records and correct erroneous information by contacting their School administrator, as described in the “Choices About Your Information” Section of the Digital Products Privacy Statement;

(5) To ensure the security and confidentiality of pupil records, WLT will comply with the commitments identified in the Information Technology Security Standards;

(6) Upon the discovery of a breach of security that results in the unauthorized disclosure of pupil records, WLT will notify the Customer of such disclosure and will reasonably cooperate with Customer in connection with its notification to parents, legal guardians, and/or eligible pupils, and as further described in the “Unauthorized Disclosure” section of the Information Technology Security Standards;

(7) Retention of Customer’s pupil records shall be handled in accordance with the “Data Retention and Destruction” section of the Information Technology Security Standards;

(8) Customer and WLT shall each ensure its compliance with the Family Educational Rights and Privacy Act of 1974, 20 USC 1232g, as amended from time to time; and

(9) WLT will not use pupil records to engage in targeted advertising.

California Privacy Rights Act (CPRA): The following terms apply to our use of Educator Data for Customers located in California, to the extent required by applicable law:

Educators who are residents of California may be entitled to certain rights with respect to personal information that we collect about them under the CCPA and CPRA, including the Right to Know, the Right to Request Deletion, the Right to Opt Out of Personal Information Sales, the right to non-discriminatory treatment for exercising any rights, the right to initiate a private cause of action for data breaches, the right to correct inaccurate personal information, and the right to limit use and disclosure of sensitive personal information. However, please note that if the exercise of these rights limits our ability to process personal information (such as in the case of a deletion request), we may no longer be able to provide our services to the Educator in question. To exercise these rights, California Educators may contact us at Legal@wilsonlanguage.com, via phone at 508.368.6678, or by U.S. mail at:

Wilson Language Training Corporation
47 Old Webster Road
Oxford, MA 01540

Canada. The following terms apply to our use of Customer Data for Customers located in Canada, to the extent required by applicable law:

In connection with the Digital Products, a Customer with personal information about Canadian citizens must provide any such data to us, or cause data to be provided to us, in strict compliance with applicable laws, which may include, but are not limited to, the Personal Information Protection and Electronic Documents Act (“PIPEDA”), Consumer Privacy Protection Act (“CPPA”), and any other federal or provincial privacy statutes. Provider is a “service provider” for purposes of the CPPA. Without limiting the foregoing, Customer must, to the extent required by applicable laws, provide appropriate notice, and obtain clear consent from parents, guardians, and eligible students, as applicable. Such disclosure must provide appropriate transparency related to our use of and access to Customer Data from the United States, to the extent required by applicable laws. Customer will obtain consent from parents, guardians, and eligible students, as applicable, in full compliance with Section 15(1)-(5) of the CPPA. In the event that consent to use or sharing of any Customer Data is lawfully withdrawn by a person and that Customer Data has been disclosed to or shared with us in connection with the Digital Products, then Customer must promptly reach out to us to request deletion or return of such person’s personally identifiable information. Upon request, we will provide confirmation of the disposition of such Customer Data.

Connecticut. The following terms apply to our use of Customer’s Student information, Student records, and Student-generated content, as those terms are defined in Conn. Gen. Stat. § 10-234aa(4)-(6), for Customers located in Connecticut, to the extent required by applicable law:

(1) Student information, student records, and student-generated content in our possession (collectively, “CT Student Data”) are not the property of nor under the control of WLT;

(2) Customer may request the deletion of any CT Student Data in our possession that is not (A) otherwise prohibited from deletion or required to be retained under state or federal law, or (B) stored as a copy as part of a disaster recovery storage system and that is (i) inaccessible to the public, and (ii) unable to be used in the normal course of business by the contractor, provided the Customer may request the deletion of any such CT Student Data if such copy has been used by the operator to repopulate accessible data following a disaster recovery;

(3) WLT shall not use CT Student Data for any purposes other than those authorized by Customer;

(4) An eligible Student, parent, or legal guardian of a Student may review personally identifiable information contained in CT Student Data and correct erroneous information, if any, in such student record by contacting their School administrator, as described in the “Choices About Your Information” Section of the Digital Products Privacy Statement;

(5) WLT shall take actions designed to ensure the security and confidentiality of CT Student Data;

(6) Upon the discovery of a breach of security that results in the unauthorized release, disclosure, or acquisition of CT Student Data, WLT will notify the Customer of such disclosure in accordance with the provisions of Conn. Gen. Stat. 10-234dd, and as further described in the “Unauthorized Disclosure” section of the Information Technology Security Standards;

(7) Retention of Customer’s CT Student Data shall be handled in accordance with the “Data Retention and Destruction” section of the Information Technology Security Standards;

(8) Customer and WLT shall each ensure its compliance with the Family Educational Rights and Privacy Act of 1974, 20 USC 1232g, as amended from time to time;

(9) The laws of the state of Connecticut shall govern the rights and duties of the parties with respect to CT Student Data; and

(10) If any provision of the Digital Products Terms of Service and/or Digital Products Privacy Statement (or, as applicable, such other agreement as agreed upon by the parties) or the application of such agreement(s) is held invalid by a court of competent jurisdiction, the invalidity does not affect other provisions or applications of the agreement(s) which can be given effect without the invalid provision or application.

Illinois. The following terms apply to our use of Covered Information (as defined in Illinois’s Student Online Personal Protection Act, or “SOPPA” (105 ILCS 85/)) for Customers located in Illinois, to the extent required by applicable law:

(1) Categories or types of covered information to be provided to WLT are defined in the section “Information We Collect” of the Digital Products Privacy Statement;

(2) Products being provided to the school by WLT include FUN HUB®, Virtual Implementation Support (VIS), and/or those portions of Wilson Academy that are exclusively available to our paid Customers;

(3) Pursuant to the Family Educational Rights and Privacy Act of 1974, WLT is acting as a school official with a legitimate educational interest; is performing an institutional service or function for which the school would otherwise use employees, under the direct control of the school, with respect to the use and maintenance of covered information; and is using the covered information only for an authorized purpose and may not re-disclose it to third parties or affiliates, unless otherwise permitted under the Act, without permission from the school or pursuant to court order;

(4) If a “Breach”, as defined in SOPPA, is attributed to WLT, its officials, agents, employees and subcontractors, WLT shall be liable for any costs and reasonable expenses incurred by the Board in investigating and remediating the Breach, including those costs and expenses identified in 105 ILCS 85/15(4)(D)(i)-(iv);

(5) Upon the written request of a customer, WLT will remove Covered Information from our production servers when we will no longer be providing access to the Digital Products to the customer. We reserve the right, in our sole discretion, to remove Covered Information for a particular customer from our production servers following a reasonable period of time after our relationship with a customer has ended, as demonstrated by the end of contract term or customer’s lack of activity within the digital products. Covered Information is removed from backups in accordance with our data retention standards; and

(6) WLT agrees that the Customer may publish the written agreement on the school’s website or make the written agreement available for inspection by the general public at its administrative office, as applicable.

---