McCann Associates Holdings, LLC and affiliated companies (“McCann”) provide online assessment services for placement evaluations and other like services. McCann’s programs provide tools that assist Institutional evaluators to understand and respond to the needs of every student. McCann collects and uses data in a way that is safe, secure, and effective.
CollegeSuccess® is a fully customizable Adaptive Learning Environment® and Adaptive Placement Platform? that provides insights into appropriate course placement and embedded resources for immediate developmental support. With the data collected from CollegeSuccess placement and diagnostic tests, administrators can properly place students in courses suited to their skill sets, resulting in higher retention rates.
This Privacy Policy (“Privacy Policy”) or (“Policy”) describes how McCann collects, uses, and discloses personal information and data through the provision of its education products and services (“Products”). In the course of providing the services to the Institution and its students and/or families, McCann may collect or have access to “education records,” as defined by the federal Family Educational Rights and Privacy Act of 1974 (“FERPA”) and personal information that is directly related to an identifiable student (collectively, “Student Data”).
Student Data is always kept confidential. We collect and use Student Data solely for the purpose of providing our service to, or on behalf of, the Institution and its users and for the purposes set out in this Privacy Policy and our customer service agreements. Security measures are taken to maintain the security and confidentiality of Student Data collected or stored by McCann on behalf of the Institution and its students. The Institution controls the use, access, sharing and retention of the data. Collection and use of Student Data is governed by Agreements with the Institution, including this Privacy Policy, and applicable laws including the Family Educational Rights and Privacy Act (FERPA), the Children’s Online Privacy Protection Act (“COPPA”), and other applicable federal, state and local privacy laws and regulations (“Applicable Laws”). McCann receives Student Data as a “school official” as defined under Section 99.31 of FERPA for the purpose of providing its services, and such Student Data is owned and controlled by the Institution.
There may be different contractual terms or privacy policies in place with some of our Institutional Customers. Such other terms or policies may supersede this Policy for information collected or released under those terms. If you have any questions as to which legal agreement or privacy policy controls the collection and use of your information, please contact us using the information provided below.
1. Definition
Capitalized terms not defined in this section or above will have the meaning set forth by Applicable
Laws
a. “Agreement” means the underlying contractual Agreement between McCann and the Institution Customer.
b. “Authorized Users” means students, educators, staff and families using McCann’s services pursuant to an Agreement.
c. “Institution” means the School District, College or State Agency that is the party to the Agreement to provide the McCann services to the Institution’s Authorized Users.
d. “State Agency” means the educational agency primarily responsible for the supervision of public elementary and secondary schools in any of the 50 states, the Commonwealth of Puerto Rico, the District of Columbia or other territories and possessions of the United States, as well as a national or regional ministry or department of education in other countries, as applicable.
e. “Student Data” means any information that directly relates to an identifiable current or former student that McCann collects, receives, or generates while providing the services to or on behalf of an Institution. Student Data may include personal information from a student’s “educational records,” as defined by FERPA.
2. Student Data Collected
McCann receives Student Data in two ways: (i) from the Institution to implement the use of our services and (ii) from Authorized Users of the services.
a. Information provided by the Institution: McCann’s educational services require some basic information about who is in a classroom and who teaches the class. This roster information, including name, email address, grade level, and school ID numbers, may be provided to McCann by the Institution either directly from the Institution’s student information system, via a third party with whom the Institution contracts to provide that information or through student self-registration. Our Customers may also choose to provide additional student demographic data (e.g. socio-economic status, race, national origin) and other school records (e.g. grades, attendance, assessment results) to McCann for tailoring individual learning programs or enabling additional reporting capabilities through McCann services.
b. Information collected through our services.
Student generated content. We may collect information contained in student assessments including registration information and question responses.
c. Other Personal Information Collected
School Customer Information. McCann collects personal information when an Institution creates an account or uses our services or communicates with us. This could include contact information, such as a name, phone number, email address, as well as information about the individual’s Institution and location.
Parent and Guardian Information. On occasion, we may collect personal information from or about a Student’s parent or legal guardian. This information may be provided by a Institution Customer or directly by the parent or guardian who communicates with us or creates an account.
d. Device and Usage Data.
Depending on the services, we may collect information about the device used to connect to our service, ie: device type, model, browser configurations and persistent identifiers, such as IP addresses and unique device identifiers. McCann may collect device diagnostic information, such as usage logs and error logs as well as usage, viewing and technical information, such as the number of requests a device makes, to ensure proper system capacity for all Authorized Users. We may collect geolocation information from a user’s device, or may approximate device location based on other metrics, like an IP address. Some of our services use “cookies,” Web beacons, HTML5 local storage and other similar technologies to collect and store such data. McCann uses this information to remember returning users and facilitate ease of login, to customize the function and appearance of the services, and to improve the learning experience. This information helps McCann track product usage for various purposes including website optimization, to ensure proper system capacity, troubleshoot and fix errors, provide technical assistance and customer support, provide and monitor the effectiveness of our services, monitor and address security concerns, and to compile analytics for service improvement and other internal purposes.
Cookies: A user may be able to reject cookies through browser or device controls but doing so may negatively impact the experience as some features may not work properly. To learn more about browser cookies, including how to manage or delete them, check the “Help,” “Tools” or similar section of your browser. If McCann links or combines device and usage information with personal information we have collected directly from users that relates to or identifies a particular individual, we will treat the combined information as personal information.
Third party website tracking. McCann does not track students across third-party websites and does not respond to Do Not Track (DNT) signals. McCann does not permit third party advertising networks to collect information from or about users using McCann educational services for the purpose of serving targeted advertising across websites and over time and McCann will never use Student Data for targeted advertising.
3. Use of Student Data
McCann uses Student Data collected from, or on behalf of, an Institution to support the learning experience, to provide the services to the Customer/Institution and to ensure secure and effective operation of our services, including: providing and improving our educational services and to support Institutions’ and Authorized Users’ activities. McCann may also use information for purposes requested or authorized by the Institution or as otherwise permitted by Applicable Laws. McCann may use information for adaptive or personalized learning purposes, provided that Student Data is not disclosed; for customer support purposes, to respond to the inquiries and fulfill the requests of our Institutions and their Authorized Users; to enforce product access and security controls; and to conduct system audits and improve protections against the misuse of our services, or to detect and prevent fraud and other harmful activities. McCann may use de-identified data as described in Section 5 below.
4. Disclosure of Student Data
McCann will share or disclose Student Data as needed to provide the services under the Agreement and as required by law, including but not limited to; as directed or permitted by the Institution; to other Authorized Users of the Institution entitled to access such data in connection with the services; to McCann service providers, sub processors, or vendors who have a legitimate need to access such data to assist McCann in providing the services, such as platform, infrastructure, and application software. We contractually bind such parties to protect Student Data in a manner consistent with those practices set forth in this Policy; to comply with the law, respond to requests in legal or government enforcement proceedings (such as complying with a subpoena), protect McCann’s rights in a legal dispute, or seek assistance of law enforcement in the event of a threat to McCann’s rights, security or property or that of McCann’s affiliates, customers, Authorized Users or others; in the event McCann or all or part of its assets are acquired or transferred to another party, including in connection with any bankruptcy or similar proceedings, provided that successor entity will be required to comply with the privacy protections in this Policy with respect to information collected under this Policy, or we will provide the Institution with notice and an opportunity to opt-out of the transfer of Student Data by deleting such data prior to the transfer; and except as restricted by Applicable Laws or contracts with our Institutional Customers, we may also share Student Data with McCann’s affiliated education companies, provided that such disclosure is solely for the purposes of providing services and at all times is subject to this Policy.
5. De-Identified Data
McCann may use de-identified or aggregate data for purposes allowed under FERPA and other Applicable Laws, to research, develop and improve educational sites, services and applications and to demonstrate the effectiveness of the McCann services. We may also share de-identified data with research partners to help us analyze the information for product improvement and development purposes. Records and information are considered to be de-identified when all personally identifiable information has been removed or obscured, such that the remaining information does not reasonably identify a specific individual. We de-identify Student Data in compliance with Applicable Laws and in accordance with the guidelines of NIST SP 800-122. McCann has implemented internal procedures and controls to protect against the re-identification of de-identified Student Data. McCann does not disclose de-identified data to its research partners unless that party has agreed in writing not to attempt to re-identify such data.
6. Prohibitions; Advertising; Advertising limitations
McCann will not sell Student Data to third parties; use or disclose Student Data to inform, influence or enable targeted advertising to a student based on Student Data or information or data inferred over time from the student’s usage of the services; use Student Data to develop a profile of a student for any purpose other than providing the services to the Institution, or as authorized by a parent or legal guardian; use Student Data for any commercial purpose other than provide the services to the Institution, as authorized by the Institution or the parent or guardian, or as permitted by Applicable Laws.
7. External Third-Party Services
a. This Privacy Policy applies solely to McCann’s services and practices. McCann Institutions and Authorized Users may choose to connect or use our services in conjunction with third party services and Products. This Policy does not address, and McCann is not responsible for, the privacy, information, or other practices of such third parties. Customers should carefully review the privacy and data security of such third-party websites.
b. Users may be able to login to our services using third-party sign-in services such as Canvas, Clever or Google. These services authenticate the user’s identity and provides the user with the option to share certain personal information with McCann, including name and email address, to pre-populate our account sign-up form. If you choose to enable a third party to share your third-party account credentials with McCann, we may obtain personal information via that mechanism. You may configure your accounts on these third-party platform services to control what information they share.
8. Security
McCann maintains a comprehensive information security program and uses industry standard administrative, technical, operational and physical measures to safeguard Student Data in its possession against loss, theft and unauthorized use, disclosure or modification. McCann performs periodic risk assessments of its information security program and prioritizes the remediation of identified security vulnerabilities. In the event McCann discovers or is notified that Student Data within its possession or control was disclosed to, or acquired by an unauthorized party, McCann will investigate the incident, take steps to mitigate the potential impact, and notify the Institution in accordance with Applicable Laws. McCann’s servers are hosted in and managed and controlled by us from the United States and are not intended to subject McCann to the laws or jurisdiction of any jurisdiction other than that of the United States. If you are a user located outside the United States, you understand and consent to having Student Data collected and maintained by McCann processed in the United States. United States data protection and other relevant laws may not be the same as those in your jurisdiction. This includes the use of cookies and other tracking technologies as described above.
9. Review and correction
FERPA requires schools to provide parents with access to their children’s education records, and parents may request that the school correct records that they believe to be inaccurate or misleading. If you are a parent or guardian and would like to review, correct or update your child’s data stored through our service, contact your School District. McCann will work with your Institution to enable your access to and, if applicable, correction of your child’s education records. If you have any questions about whom to contact or other questions about your child’s data, you may contact us using the information provided below.
10. Data Retention
We will retain Student Data for the period necessary to fulfill the purposes outlined in this Policy and our agreement with the Institution. We do not knowingly retain Student Data beyond the time frame required to support an Institution’s educational purpose, unless authorized by the Institution. Upon notice from the Institution/Customer, McCann will return, delete, or destroy Student Data stored by McCann in accordance with applicable law and customer requirements. We may not be able to fully delete all data in all circumstances, such as information retained in technical support records, customer service records, back-ups and similar business records. Unless otherwise notified by the Institution/Customer, we will delete or de-identify Student Data after termination of our Agreement with the Institution/Customer.
11. COPPA
We do not knowingly collect personal information from a child under 13 unless and until an Institution has authorized McCann to collect such information through the provision of services on the Institution’s behalf. McCann complies with all applicable provisions of the Children’s Online Privacy Protection Act (“COPPA”). To the extent COPPA applies to the information we collect, we process such information for educational purposes only, at the direction of the partnering Institution or State Agency and on the basis of educational institutional consent. Upon request, we provide the Institution the opportunity to review and delete the personal information collected from students. If you are a parent or guardian and have questions about your child’s use of the Products and any personal information collected, please direct these questions to your child’s Institution/school.
12. Updates to this policy
McCann may change this Policy in the future. For example, it may be updated to comply with new laws or regulations, to conform to industry best practices, or to reflect changes in our service offerings. When these changes do not reflect material changes in our practices with respect to use and/or disclosure of Student Data, such changes to the Policy will become effective when we post the revised Policy on our website. In the event there are material changes in our practices that would result in Student Data being used in a materially different manner than was disclosed when the information was collected, we will notify Institutions affected by the changes via the email contact information provided by the customer and provide an opportunity to opt-out before such changes take effect.
13. Contact Us
If you have questions about this Policy, please contact us at:
Email: Customer Support
Mail: McCann Associates
444 Oxford Valley Road
Langhorne, PA 19047
Attn: Corporate Counsel
14. Supplemental Disclosures
McCann complies with all Federal and State rules, statutes and laws including FERPA, California AB 1585, the Florida Information Protection Act of 2014 and other relevant statutes. McCann takes all reasonable measures to protect and secure data containing subscriber personal information.
Florida. McCann shall comply with reporting timelines set forth in FIPA regarding breaches involving personal information of individuals as defined in the statute and other provisions of FIPA.
Nevada. This section applies if you are a resident of the state of Nevada. While McCann does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personally identifiable information to Customer Support.
California. This section applies to you if you are a resident of the state of California and for purposes of this section the term “personal information” has the meaning provided by the California Consumer Privacy Act (the “CCPA”). Residents of California may be entitled to certain rights with respect to personal information that we collect about them under the CCPA: the Right to Know, the Right to Request Deletion and the Right to Opt-Out of Personal Information Sales. You also have the right to be free of discrimination for exercising these rights. However, please note that if the exercise of these rights limits our ability to process personal information (such as in the case of a deletion request), we may no longer be able to provide you the services or engage with you in the same manner. To request to exercise your California consumer rights, please contact us at Customer Support with the subject line “California Rights Request.”
Note for students and other users who engage with McCann in connection with an Institution Customer’s use of McCann: Because McCann provides the services to Institution Customers as a “School Official,” we collect, retain, use and disclose Student Data only for or on behalf of our Institution Customers for the purpose of providing the services specified in our agreement with the Institution Customer and for no other commercial purpose. Accordingly, we act as a “service provider” for our Institution Customers under the CCPA. If you have any questions or would like to exercise your California rights, please contact your Institution/School directly.
European Union. If you are a citizen of a European Union country, your rights may be further dictated by General Data Protection Regulation. You can visit the government website at https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/. We will retain your information for as long as your account is active or as needed to provide you services. Your information will be deleted upon your request, upon request of the Institution or, upon completion of services with our company. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes and enforce our agreements.
The Data Protection Officer is Kevin MacClay and he can be reached Customer Support or call 1 800.230.2213.