Purpose
Kinems, Inc. (“We”) take the protection of our customers’ data and information, particularly data related to student users of our platform, very seriously. The purpose of this Data Handling and Privacy Statement is to inform our customers about our current data security policies and practices regarding student data, which are intended to safeguard this sensitive information. We handle customer data in a manner consistent with applicable laws and regulations, including, without limitation, the Federal Family Educational Rights and Privacy Act (FERPA), and other state student data privacy protection laws.
Scope
This policy covers the collection, use and storage of student data that is obtained through the use of Kinems learning games platform and related services provided by Kinems, Inc. For more information on the collection, use and storage of other data by Kinems, please see our privacy policy, which is incorporated herein by reference.
Student Data Obtained and Collected
We receive certain information from each school district customer to enable teachers (as used herein, “teachers” includes school administrators and staff) and students to use Kinems learning games. The following information is generally provided to Kinems, Inc for each student and teacher user of Kinems learning games: student full name or nickname, student grade level, teacher name and teacher e-mail. When students use Kinems learning games certain performance results and usage metrics are also created. These results and usage metrics are used by Kinems, Inc as described below. While teachers and school administrators are able to access student information and the related usage data, this information is not made available to other students, other teachers not related to the students or the public. Each teacher’s access is limited only to their students’ data. Note that Kinems, Inc does not collect personally identifiable information directly from students. All student information is provided by school district customers or created through the use of the platform.
Please note that Kinems does not collect, obtain, or retain information from any individual on the political affiliation, voting history, religious affiliation, or biometric information (including but not limited to information collected from the electronic measurement or evaluation of any physical or behavioral characteristics that are attributable to a single person, including fingerprint characteristics, hand characteristics, eye characteristics, vocal characteristics, and any other physical characteristics used for the purpose of electronically identifying that person with a high degree of certainty).
Use of Student Data
Kinems, Inc only uses student data for education related purposes. Kinems, Inc, only uses student and teacher identifiable data provided by schools and/or school districts to make Kinems learning games available to that particular student or teacher, to improve the services and to provide related reports and services to that student’s school and school district and its teachers and administrators. Kinems, Inc uses student data collected from the use of the Kinems learning games for the purpose of making our service available to its customers and improving its content and effectiveness. Kinems Inc, collects and uses aggregated, de-identified student data for core product functionality to make Kinems learning games a more effective, adaptive product. “De-identified student data” refers to data generated from usage of Kinems learning games from which all personally identifiable information has been removed or obscured so that it does not identify individual students and there is no reasonable basis to believe that the information can be used to identify individual students. Kinems, Inc does not attempt to re-identify de-identified student data and takes reasonable measures to protect against the re-identification of its de-identified student data. Kinems, Inc does not sell student data or otherwise share student identifiable data with third parties. Kinems, Inc does not include advertisements within Kinems learning games nor does it use student data for targeted advertising in any manner.
Data Storage Location
Kinems learning games is a cloud-based standalone application. Our servers are located in Tier 4 data centers located in the United States. We do not store any data outside of the US.
Network-Level Security Measures
Kinems Inc, systems and servers are hosted in a cloud environment. Our hosting provider (Microsoft Azure) implements network-level security measures in accordance with industry standards. In addition, Kinems, Inc manages its own controls of the network environment.
Server-Level Security Measures
Access to production servers is limited to a small, identified group of operations engineers that are trained specifically for those responsibilities. The servers are configured to conduct daily updates for any security patches that are released and applicable. The servers have anti-virus, intrusion detection, configuration control, monitoring/alerting and automated backups. In addition, Kinems, Inc conducts regular vulnerability testing.
Computer/Laptop/Device Security Measures
Kinems, Inc employs experienced IT staff that manages and secures its corporate and employee IT systems. Laptops are centrally managed with respect to configuration updates and anti-virus. Access to all Kinems, Inc computers and laptops is password-controlled. Kinems, Inc sets up teacher and administrator accounts for Kinems learning games so that they are also password-controlled.
Encryption
Kinems learning games is only accessible via https and all public network traffic is encrypted with the latest encryption standards. Encryption of data at rest is implemented for all data stored in the Kinems learning games system.
Employee and Contractor Policies and Procedures
Kinems, Inc limits access to personal information we have collected to those employees and agents who need to have such access in order to allow Kinems, Inc to provide quality products and services to its customers. Kinems, Inc requires all employees and agents who have access to Kinems, Inc servers and systems to sign non-disclosure agreements. Kinems, Inc requires its employees and contractors who have access to student data to participate in annual training sessions on IT security policies and best practices. Any employee who ceases working with Kinems, Inc is reminded of his or her non-disclosure obligations at the time of departure, and network access is terminated at that time.
Data Retention and Destruction
Personal information stored by Kinems is used only in the production systems and only for provision and improvement of the explicitly identified functions of the Kinems learning games application. Upon the written request of a customer, Kinems, Inc will remove all personally identifiable student and teacher data related to such customer from its production systems at the end or during the contract. In addition, Kinems, Inc, reserves the right, in its sole discretion, to remove a particular customer’s stdata from its production servers within a reasonable period of time after its relationship with the customer has ended, as demonstrated by the end of contract term or a significant period of inactivity in all customer accounts. Personal information is removed from backups in accordance with Kinems’, Inc data retention practices. If Kinems, Inc is required to restore any materials from its backups, it will purge all personal information not currently in use in the production systems from the restored backups.
Correction and Removal of Student Data
Teachers or parents of students who use Kinems learning games may request correction or removal of their child’s personally identifiable data from Kinems learning games by contacting their students’ teacher or school administrator. The teacher or school administrator can then verify the identity of the requesting party and notify Kinems, Inc of the request. Kinems, Inc will promptly comply with valid requests for correction or removal of student data; however, removal of student personally identifiable data will limit that student’s ability to use Kinems learning games platform.
Breach Notification
Kinems, Inc follows documented “Security Incident Management Procedures” when investigating any potential security incident. In the event of a data security breach, Kinems, Inc will notify impacted customers as promptly as possible that a breach has occurred, and will inform them (to the extent known) what data has been compromised. Kinems, Inc expects customers to notify individual teachers and parents of any such breach to the extent required, but will provide customers reasonably requested assistance with such notifications.