STUDENT DATA PRIVACY POLICY

Last Updated: July 15, 2022

Thank you for choosing to be part of our community at Cossey Web Solutions, doing business as CWeb (“CWeb,” “we,” “us,” or “our”). We are committed to protecting your student data. If you have any questions or concerns about this Student Data Privacy Policy or our practices with regard to your student data, please contact us at cosseyweb@gmail.com.

Our privacy and data protection policies follow the guidelines and best practices for online applications.

As a provider of educational services, our privacy and data protection policies also follow the guidelines and best practices laid out by the U.S. Family Educational Rights and Privacy Act (“FERPA”) and Children’s Online Privacy Protection Act (“COPPA”). Specifically, we check with the Privacy Technical Assistance Center (PTAC), established by the U.S. Department of Education, for updated guidelines and best practices.

Data Ownership

Student Data.
All Student Data transmitted to Cossey Web Solutions will continue to be the property of and under the control of the educational institution. For the purposes of FERPA, Cossey Web Solutions shall be considered a School Official, under the control and direction of the educational institution as it pertains to the use of Student Data.

Parental Access.
To the extent required by law the educational institution shall establish reasonable procedures by which a parent, legal guardian, or eligible student may review Student Data and request corrections for erroneous information. Cossey Web Solutions shall respond in a reasonably timely manner and no later than 30 days after the date of the request. In the event that a parent of a student or other individual contacts Cossey Web Solutions to review any of the Student Data accessed pursuant to the services provided, Cossey Web Solutions shall refer the parent or individual to the educational institution, who will follow the necessary and proper procedures regarding the requested information. Cossey Web Solutions agrees to assist the educational institution in a reasonable manner to facilitate the Student Data request.

Law Enforcement Access.
Should law enforcement or other government agencies contact Cossey Web Solutions with a request for Student Data, Cossey Web Solutions shall notify the educational institution in advance of a disclosure to the law enforcement or other government agencies, unless lawfully directed by the requesting agency not to inform the educational institution of the request.

Responsibilites of Cossey Web Solutions

Privacy.
Cossey Web Solutions shall comply with all applicable federal, state, and local laws, rules, and regulations pertaining to Student Data privacy and security.

Authorized Use.
All Student Data transmitted to Cossey Web Solutions by an educational institution shall be used for no purpose other than those required to provide the services defined in the binding contract between Cossey Web Solutions and the educational institution.

Employees and Contractors.
Cossey Web Solutions shall require all employees and contractors who have access to Student Data to follow all guidlines covered in this Student Data Privacy Policy. Cossey Web Solutions also agrees to require a signed confidentiality agreement for all employees and contractors who have access to Student Data.

Data Security.
Cossey Web Solutions agrees to use administrative, technical, and physical security measures to protect Student Data from unauthorized access, acquisition, use, modification, and destruction. Cossey Web Solutions shall follow all applicable laws relating to student data security, including those found in FERPA and COPPA.

Personally Identifiable Information (PII).
Cossey Web Solutions agrees not to disclose any personally identifiable information unless permitted by the educational institution or in response to a lawfully issued subpoena.

Data Destruction.
Cossey Web Solutions agrees to destroy Student Data transmitted under the terms of this Student Data Privacy Policy, provided written request by the educational institution, within 30 days. Data destruction shall always include the removal of all PIID. Data destruction may include, but is not required to include, full removal of all Student Data, even the non-identifiable information. The decision to remove PIID or to remove all data shall remain under the discretion of Cossey Web Solutions.

De-Identified Data.
Cossey Web Solutions agrees not to re-dentify Student Data that was requested to be de-identified by the educational institution. De-identified Student Data may be used by Cossey Web Solutions only as allowed by the conditions and guideliens of FERPA. De-identified Student Data is allowed to remain in the systems of Cossey Web Solutions after requests by the educational institution to destroy Student Data.

Data Breach.
Cossey Web Solutions shall notify the educational institution of any known unauthorized access as quickly as possible, and no longer then 24 hours after the discovery. Cossey Web Solutions agrees to assist, as appropriate, in the investigation and response to correct this unauthorized access and prevent similar unauthorized access in the future. Cossey Web Solutions also agrees to provide the educational institution with details of the breach, including but not limited to a general description of the breach and its causes, the names of all affected institutions, descriptions of data known to be breached, and an estimated date of the breach.

Responsibilites of Educational Institution

Annual Notification of Rights.
The educational institution shall notify Cossey Web Solutions each year what is considered a school official and what is considered a legitimate education interest, as these two pertain to FERPA.

Reasonable Precautions.
The educational institution shall take reasonable precautions to secure all activities associated with Student Data, including but not limited to, usernames, passwords, account access and permissions, and unauthorized device access.

Data Breach.
The educational institution shall notify Cossey Web Solutions of any known unauthorized access as quickly as possible, and no longer then 24 hours after the discovery. The educational institution agrees to assist, as appropriate, in the investigation and response to correct this unauthorized access and prevent similar unauthorized access in the future. The educational institution also agrees to provide Cossey Web Solutions with details of the breach, including but not limited to a general description of the breach and its causes, the names of all affected accounts, descriptions of data known to be breached, and an estimated date of the breach.

Authority

Cossey Web Solutions and the educational institution represents that it is authorized to bind to the terms of this Student Data Privacy Policy, including confidentiality and destruction of Student Data and any portion thereof contained therein, all related or associated institutions, individuals, employees or contractors who may have access to the Student Data and/or any portion thereof.