Contents
Agilix is committed to maintaining personal privacy
Data that schools or institutions gather from end users
How and to whom we disclose your information
How we protect your information
Agilix aligns with the Global Data Protection Regulation (EU GDPR)
Agilix acts as a "Data Processor"
End user deletion requests are handled by the "Data Controller"
Agilix products support "Data Controller" functions and GDPR compliance
Agilix is committed to maintaining personal privacy
Agilix is committed to maintaining your personal privacy. We agree to make every reasonable effort to prevent disclosure of personal information we gather about you on our web sites to any unauthorized third parties. We may disclose information to third parties authorized by your school or institution, as required to reasonably do their jobs, law enforcement officials or representatives with appropriate court orders, or when we deem that there is a reasonable suspicion that you have been involved in theft, damage to property, threats of harm to yourself or others, or other illegal activities.
Data we gather from end users
Agilix stores data about you that you, yourself, enter into our websites, as well as information entered by users authorized by your school or institution and computer systems they have configured to synchronize to ours. We may also store information about the system you use to access the websites, including any information the web browser or network interconnection services reasonably disclose to us. The personal information we store generally includes your:
- Name
- Username
- One or more email addresses
- Information about your password
Data that schools or institutions gather from end users
Your school or institution may enter other personal and non-personal information including student performance. We do not restrict the type of information your school or institution or their authorized users gather. We also store other non-personal information, which may be entered by you, by your school's or institution’s authorized users or computer systems, or which may be computed based on some combination of previously-stored information. We may also receive and store identity information from third party sites as configured by school or institution administrators for the purposes of automatically logging you into our websites.
How and to whom we disclose your information
Certain Agilix employees are authorized to access your personal information in order to maintain and improve the services we've been contracted to provide. Your school or institution may also provide authorization to others as they see fit.
Users authorized by your school or institution will have access to your information as configured by the school or institution and restricted by the security system enforced by our application programming interfaces. We make reasonable efforts to partition data in such a way as to allow school or institutions to configure access restrictions so that those to whom they provide authorization only have access to the data they need for their job function.
Agilix will not sell the personal information of users, except as part of a sale of the business or a business unit, transfer of the services holding that information, or bankruptcy or other legal proceeding.
Some of your information may be stored temporarily or persistently in cookies or local storage on systems you use to access the websites, or on proxy or caching servers between your school or institutions systems and ours, and there may be some delay in altering or removing that data after the master copy is updated. When TLS (Transport Layer Security, also known as SSL) is used to access the site, the data will only be cached on your local system or systems either Agilix or your school or institution have authorized to cache the data.
Agilix may use and disclose aggregate statistics about end users.
How we protect your information
Agilix uses industry-standard mechanisms to protect your information from unintentional disclosure. Examples of such mechanisms currently include restricting system access to authorized users, supporting and often forcing the use of TLS encrypted connections between your computer and ours, encryption-at-rest, log masking, session timeouts, response filtering, brute-force password attack mitigations, firewalls, logical network segregation or filtering, high-use alerts, and cryptographic password hashing. These may change over time as industry standards evolve. In addition, we protect records in compliance with the Family Educational Rights and Privacy Act (FERPA) and similar state laws. You may learn more about FERPA at http://www.ed.gov/policy/gen/guid/fpco/ferpa/index.html.
Third party sites
Content in our websites may link or embed content from other web sites. We make reasonable efforts to verify that the sites that Agilix links to or embeds also protect your personal information. Your school or institution may also link or embed content from other web sites as well. Agilix has no control over this information, so you will need to refer to your school or institution’s or the linked sites’ respective privacy policies for information about how they protect your privacy.
Agilix websites use industry-standard libraries and coding practices to let you access your personal content on third-party sites. You can use this content in Agilix websites, which includes (but is not limited to) course content, course-activity content, dropbox submissions, grading comments and feedback, forum, or blog posts. After you have chosen to use this content, our websites store references to it and provide links to it that you and other authorized end-users can click to access it.
Our websites do not alter the sharing privileges or permissions on the third-party content that you choose to share in our websites. You must set the sharing permissions of that content on the third-party site so that others who click on the links have the correct permissions to access it.
End user rights and choices
Agilix is committed to ensuring our customers’ data is handled in the most secure way possible. This includes responding to data deletion requests and other end user rights and choices.
Agilix aligns with the Global Data Protection Regulation (EU GDPR)
We have aligned our process with the requirements of the Global Data Protection Regulation (EU GDPR) which outlines the responsibility to delete all Personally Identifiable Information (PII) upon end user request to comply with the user’s “right to be forgotten.”
Agilix acts as a "Data Processor"
GDPR specifies two main responsible parties in fulfilling a data deletion request: the Data Controller and the Data Processor. In our partnerships, Agilix acts as the Data Processor because we host accumulated data, and our partners act as the Data Controller because they gather that data from end users. In partnerships where Agilix doesn’t host data, we act as neither.
End user deletion requests are handled by the "Data Controller"
GDPR specifies that end users must be able to initiate a deletion request with the Data Controller’s Data Protection Officer (DPO) (who is registered with the EU). The DPO is required to respond to the request within 30 days.
Agilix products support "Data Controller" functions and GDPR compliance
Control over Right to Access, Right to Rectification, Right to Erasure, Right to Restriction of Processing, Data Portability, Right to Object, and Informed Consent--in addition to any other provisions of the law--are handled by the Data Controller. Agilix products all support the Data Controller in managing these functions. It is our understanding and our reading of the law that these controls and processes give us the ability to lawfully operate as a Data Processor for Data Controllers that are of a certain size and which do sufficient processing in the EU to merit their being fully GDPR compliant.