terms of service 4 loom.pdf · 1 day ago · pro. for individuals that need advanced recording and...
TRANSCRIPT
Terms of Service
Revision Date: July 24, 2020
These Terms of Service (these “Terms”) govern your use of the Loom website (the “Site”), the
Loom video platform and associated tools (collectively, the “Service”) made available by Loom,
Inc. (“Loom”, "our", "us", or "we"). Your use of the Site and/or your registration to use the Service
indicates that you agree on behalf of yourself or the entity that you represent (collectively, "you")
to be bound by these Terms as well as the Loom Privacy Policy. Please read these Terms
carefully before registering for or otherwise using the Loom Service.
I. Overview
Loom provides a video messaging platform. Loom is offered via the following plans or service
offerings.
Basic. For individuals that just need to record and share videos quickly, a basic version of
Loom is available for free when you register with Loom and set up a user account.
Starter. A new version of our Basic plan (limited availability). This plan is limited to one
Creator and unlimited Viewers, 25 videos and a 5-minute recording limit.
Starter Unlimited Videos. A new version of our Basic plan (limited availability) which gives
users access to Basic features plus unlimited videos in their Workspace.
Pro. For individuals that need advanced recording and editing functions, a Pro plan is
available on a paid basis via either a monthly or annual subscription. Loom Pro provides
enhanced Loom features, including higher video quality and access to unlimited number of
videos.
Professional. A new version of our Pro plan (limited availability). This plan is limited to one
Creator and unlimited Viewers.
Business. Includes the premium features of Loom Professional, but with added flexibility for
teams that need advanced sharing and reporting functions. This plan allows for as many
Creators as needed.
Enterprise. Includes the premium features of Loom Business, but with additional features
suitable for companies that need advanced administrative and security functions. This plan
allows for as many Creators as needed.
See our Site for further details on the features of the various Loom Service offerings, which
Loom will endeavor to improve and expand over time.
By registering for a Loom Business or Loom Enterprise account, you acknowledge that the
account administrator of your organization has control of and access to Your Content (as defined
below). Furthermore, you (1) agree to comply with your organization’s terms and policies with
regard to your use of the Service; (2) acknowledge your organization’s ability to monitor, restrict
or terminate your or other users’ access to Your Content; and (3) acknowledge your
organization’s ownership of the Loom Business or Loom Enterprise account.
II. Registration
Use of the Service requires that you register with Loom. When you register with Loom, you will
be asked to disclose certain personal information, including your name and email address, and
to set up a username and password, all of which will be subject to our Privacy Policy. You are
responsible for all activities that occur under your account and for keeping your password and
log-in information secure. You agree that you (1) will monitor your account, (2) will not share
your account or password with anyone, and (3) will notify Loom immediately of any unauthorized
use of your account or password, or any other breach of security. You agree to provide us with
true, accurate and complete information as requested in our registration process. You also agree
to update such information promptly as necessary to keep it current and accurate.
III. Payment
If you register for Loom Starter Unlimited, Loom Pro, Loom Professional, Loom Business or
Loom Enterprise (collectively, “Loom Premium”), you agree to pay all fees or charges to your
account for the Service in accordance with the fees, charges and billing terms in effect at the
time that each fee or charge is due and payable. Unless otherwise indicated in an order form,
you must provide Loom with a valid credit card (Visa, MasterCard, or any other issuer accepted
by us) (“Payment Provider”) as a condition to signing up for the Loom Premium. Your Payment
Provider agreement governs your use of the designated credit card account, and you must refer
to that agreement and not these Terms to determine your rights and liabilities with respect to
your Payment Provider. By providing Loom with your credit card number and associated
payment information, you agree that Loom is authorized to verify information immediately, and
subsequently invoice your account for all fees and charges due and payable to Loom hereunder
and that no additional notice or consent is required. You agree to immediately notify Loom of any
change in your billing address or the credit card used for payment hereunder. Loom reserves the
right at any time to change its prices and billing methods, either immediately upon posting on
our Site or by e-mail delivery to your organization’s administrator(s).
Any attorney fees, court costs, or other costs incurred in collection of delinquent undisputed
amounts shall be the responsibility of and paid for by you.
All fees for the Service are non-refundable. No contract will exist between you and Loom for the
Service until Loom accepts your order by a confirmatory e-mail, SMS/MMS message, or other
appropriate means of communication.
You are responsible for any third-party fees that you may incur when using the Service.
IV. Changes to and Your Termination of the Service
You acknowledge and agree that Loom may stop (permanently or temporarily) providing the
Service (or any features within the Service) to you or to users generally at Loom’s sole
discretion, without prior notice to you (except that if you are a Loom Premium customer, Loom
will notify you and not charge you for any Service that you have not received). You may stop
using the Service at any time. You do not need to specifically inform Loom when you stop using
the Service. You acknowledge and agree that if Loom disables access to your account, you may
be prevented from accessing the Service, your account details or any files or other materials
which is contained in your account.
V. User Conduct, Commitments and Understandings
You agree not to access (or attempt to access) any of the Service by any means other than
through the interface that is provided by Loom, unless you have been specifically allowed to
do so in a separate agreement with Loom.
You, directly or indirectly, alone or with any other party, may not:
1. modify, change, create derivative works of, disassemble, decompile or otherwise
reverse engineer the Service or any software provided in connection with the Service
(“Software”), or remove proprietary legends in the Service or Software;
2. distribute, transfer, resell, rent, lease, or loan the Service or Software to any other party,
except as described herein;
3. make the Service or Software available to others in a service bureau arrangement or
for any similar commercial time-sharing or third party training use;
4. harass, threaten or otherwise cause distress, unwanted attention or discomfort to a
person or entity;
5. post or otherwise transmit any unlawful, harmful, threatening, abusive, harassing,
defamatory, vulgar, obscene, or hateful content or content which is racially, ethnically or
otherwise objectionable, or which infringes upon the rights of any third party;
6. post or otherwise transmit any content that (i) infringes any patent, trademark, trade
secret, copyright or other proprietary rights of any party; (ii) you do not have the right to
transmit, such as information that is subject to a confidentiality agreement between you
and another party; (iii) contains sexually explicit images or other content that is
offensive; (iv) is harmful to minors in any way; or (v) promotes or provides instructional
information about illegal activities or promotes physical harm or injury against any
group or individual;
7. send any unsolicited commercial email, spam, or bulk commercial email;
8. impersonate any person or entity, or falsely state or otherwise misrepresent your
affiliation with a person or entity;
9. violate (intentionally or unintentionally) any applicable local, state, national or
international law including, but not limited to, any regulations having the force of law;
or
10. interfere with or disrupt the Service or Software, or servers or networks connected to
the Software, or disobey any requirements, procedures, policies or regulations of
networks connected to the Service or Software.
You agree that you are solely responsible for (and that Loom has no responsibility to you or
to any third party for) any breach of your obligations under these Terms and for the
consequences (including any loss or damage which Loom may suffer) of any such breach.
To the extent Loom incurs any financial penalties or other costs and expenses (including
investigation expenses) from Loom’s server hosting facility, internet service provider or
other vendors because of your use of the Software, you shall be obligated to immediately
reimburse Loom for any such penalties, costs or expenses.
You understand that all information (such as data files, written text, computer software,
music, audio files or other sounds, photographs, videos or other images) which you may
have access to as part of, or through your use of, the Service are the sole responsibility of
the person from which such materials originated, which may be you.
While Loom uses reasonable efforts to include accurate and up-to-date information on the
Site, Loom makes no warranties or representations as to its accuracy. Loom assumes no
liability or responsibility for any errors or representations in the content available on the Site
(the “Content”).
The Site may contain links to other sites on the Internet which are owned and operated by
Third Party Vendors and other third parties (the “External Sites”). You acknowledge that
Loom is not responsible for the availability of, or the materials located on or through, any
External Sites. You should contact the site administrator or webmaster for those External
Sites if you have any concerns regarding such links or the materials located on such
External Sites.
You acknowledge that by accessing the Site, you may come into contact with Content that
you find harmful, offensive, threatening, indecent or objectionable and you acknowledge
that Loom shall have no liability to you for the Content including, but not limited to explicit
language and other potentially offensive material. You agree not to impersonate any person
or communicate under a false name or a name you are not entitled or authorized to use.
Loom has the right (but not the obligation) to remove, prohibit, edit or discontinue any
Content on the Site, including Content that has been posted by users.
You retain sole ownership of any Content you post or any other material you submit using
the Service (“Your Content”). You hereby grant Loom and its affiliates a revocable,
worldwide, royalty-free, non-exclusive, sublicensable license to use, reproduce and display
Your Content solely for the purpose of providing the Service to you. Loom will not use Your
Content for any other purpose or distribute Your Content to any third party without your
permission. You represent and warrant that Your Content will be your original work product
and will not be based on, or derived from, the proprietary information or materials of a third
party. Furthermore, you represent and warrant that your use of the Service in connection
with Your Content or any third party content complies with all laws including, but not limited
to, copyright law. You also hereby grant each user of the Service a non-exclusive license to
access Your Content through the Service. The licenses granted in Your Content terminate
within a commercially reasonable time after you remove or delete Your Content from the
Service; however, you understand, acknowledge and agree that Loom may retain, but not
display, server copies of Your Content that has been removed or deleted. You grant Loom
and its affiliates a perpetual and irrevocable license to use and display any comments you
add via the Service. You will defend, indemnify and hold Loom and its affiliates harmless
from and against any claims resulting from any of Your Content.
At your discretion, you may provide feedback to Loom concerning the functionality and
performance of the Service from time to time, including, without limitation, identifying
potential errors, improvements, modifications, bug fixes, or enhancements (“Feedback”). If
you, through your evaluation or otherwise, suggests any Feedback, you hereby assign the
ownership in all Feedback to Loom. In the event ownership in the Feedback cannot be
granted to Loom, you grant Loom at no charge a perpetual, irrevocable, royalty-free,
worldwide right and license to use, reproduce, disclose, sublicense, distribute, modify, and
otherwise exploit such Feedback without restriction. You agree that Loom may disclose that
Feedback to any third party in any manner and you agree that Loom has the ability to
sublicense all Feedback in any form to any third party without restriction.
The Site may contain areas in which additional terms and conditions apply. For purposes of
the use of such areas, in the event of a conflict between the terms and conditions of such
other areas and these Terms, the terms and conditions of the other area shall prevail. Loom
may at any time revise these Terms by updating this posting. You are bound by any such
revisions and should therefore periodically visit this page to review the current Terms to
which you are bound.
You shall not transmit to Loom or upload to this Site any Harmful Code or use or
misappropriate the data on this Site for your own commercial gain. “Harmful Code” shall
mean any software (sometimes referred to as “viruses,” “worms,” “trojan horses,” “time
bombs,” “time locks,” “drop dead devices,” “traps,” “access codes,” “cancelbots” or “trap
door devices”) that: (a) is intentionally designed to damage, disrupt, disable, harm, impair,
interfere with, intercept, expropriate or otherwise impede in any manner, any data, storage
media, program, system, equipment or communication, based on any event, including for
example but not limited to (i) exceeding a number of copies, (ii) exceeding a number of
users, (iii) passage of a period of time, (iv) advancement to a particular date or other
numeral, or (v) use of a certain feature; or (b) would enable an unauthorized person to
cause such result; or (c) would enable an unauthorized person to access another person’s
information without such other person’s knowledge and permission.
You may not use your username and password for any unauthorized purpose.
VI. Monitoring and Enforcement; Termination
Loom has the right to:
Remove or refuse to post any of Your Content for any or no reason at our sole discretion.
Take any action with respect to Your Content that we deem necessary or appropriate in our
sole discretion, including if we believe that Your Content violates these Terms, infringes any
intellectual property right or other right of any person or entity, threatens the personal safety
of users of the Service or the public or could create liability for Loom.
Take appropriate legal action, including without limitation, referral to law enforcement, for
any illegal or unauthorized use of the Service or the Site.
Terminate or suspend your access to all or part of the Service or the Site for any violation of
these Terms.
Without limiting the foregoing, we have the right to fully cooperate with any law enforcement
authorities or court order requesting or directing us to disclose the identity or other information of
anyone posting any materials on or through the Service or the Site. YOU WAIVE AND HOLD
HARMLESS LOOM AND ITS AFFILIATES, LICENSEES AND SERVICE PROVIDERS FROM
ANY CLAIMS RESULTING FROM ANY ACTION TAKEN BY ANY OF THE FOREGOING
PARTIES DURING OR AS A RESULT OF ITS INVESTIGATIONS AND FROM ANY ACTIONS
TAKEN AS A CONSEQUENCE OF INVESTIGATIONS BY EITHER SUCH PARTIES OR LAW
ENFORCEMENT AUTHORITIES.
However, we do not undertake to review Content before it is posted via the Service, and we
cannot ensure prompt removal of objectionable material after it has been posted. Accordingly,
we assume no liability for any action or inaction regarding transmissions, communications or
Content provided by any user or third party. We have no liability or responsibility to anyone for
performance or nonperformance of the activities described in this section.
VII. Indemnity
You agree to indemnify, defend and hold harmless Loom, and its directors, officers, agents,
contractors, partners and employees, from and against any loss, liability, claim, demand,
damages, costs and expenses (including reasonable attorney's fees) arising out of or in
connection with (i) any allegation that any of Your Content infringes or misappropriates any
intellectual property or other proprietary right of a third party or violates any applicable law, (ii)
your conduct in connection with the Service, and/or (iii) any violation by you of these Terms.
VIII. Intellectual Property Rights
Loom reserves all rights not specifically granted herein. You shall not modify any copyright
notices, proprietary legends, any trademark and service mark attributions, any patent markings,
and other indicia of ownership on the Content or other materials accessed through the Service.
The delivery of, and license to, the Content and/or access to third party materials does not
transfer to you any commercial or promotional use rights in the Content or any portion thereof.
Any use of Content, or descriptions; any derivative use of this Site or its materials; and any use
of data mining, robots, or similar data gathering and extraction tools is strictly prohibited. In no
event shall the user frame any portion of the Site or any materials contained therein.
As between the parties, Loom owns and shall continue to own all right, title and interest in and to
all aggregate and statistical information or analyses created and developed by Loom from
performance and usage data generated through your use of the Site, Service or Software
(collectively, “Aggregate Data”). Aggregate Data is de-identified so that you cannot be identified
as the source within the Aggregate Data.
IX. Copyright Protection
The U.S. Digital Millennium Copyright Act ("DMCA") provides recourse to copyright owners who
believe that their rights under the United States Copyright Act have been infringed by acts of
third parties over the Internet. If you believe that any content uploaded or otherwise made
available on the Service infringes upon any copyright which you own or control, you may so
notify us in accordance with our DMCA process available here. In accordance with the DMCA
and other applicable law, we have adopted a policy of terminating, in appropriate circumstances
and at our sole discretion, the accounts of users of the Service who are deemed to be repeat
infringers. Loom may also at its sole discretion limit access to the Service or terminate the
account of any user who infringes any intellectual property rights of others, whether or not there
is any repeat infringement.
X. Data Processing Addendum
To the extent that Loom processes any personal data on your behalf in providing the Service
that is subject to the EU General Data Protection Regulation (“GDPR”), the terms of Loom's data
processing addendum, which are hereby incorporated by reference, shall apply and the parties
agree to comply with such terms.
XI. Governing Law
Your use of the Service and these Terms shall be governed by, and construed in accordance
with, the internal laws of the State of California without reference to the choice of law or conflicts
of law principles thereof, and all claims relating to or arising out of your use of the Service or
these Terms, or the breach thereof, whether sounding in contract, tort or otherwise, shall
likewise be governed by the laws of the State of California without reference to the choice of law
or conflicts of law principles thereof. Notwithstanding the foregoing, if you represent an entity or
institution subject to state law mandating that such state’s laws govern your use of the Services,
Loom agrees to such governing state law.
XII. Disclaimer of Warranties
THE MATERIALS, CONTENT ON THIS SITE AND SERVICE ARE PROVIDED “AS IS”, “AS
AVAILABLE” WITHOUT WARRANTIES OF ANY KIND EITHER EXPRESS OR IMPLIED. LOOM
SHALL HAVE NO RESPONSIBILITY OR LIABILITY FOR ANY CONTENT, MATERIALS
POSTED ON THE SITE OR SERVICES. LOOM MAKES NO GUARANTEES AS TO UPTIME
OR AVAILABILITY OF THE SERVICE. TO THE FULLEST EXTENT POSSIBLE PURSUANT TO
THE APPLICABLE LAW, LOOM DISCLAIMS ALL WARRANTIES, EXPRESSED OR IMPLIED,
INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT OR OTHER VIOLATION OF
RIGHTS. THE SERVICE MAY BE SUBJECT TO LIMITATIONS, DELAYS, AND OTHER
PROBLEMS INHERENT IN THE USE OF THE INTERNET AND ELECTRONIC
COMMUNICATIONS. LOON IS NOT RESPONSIBLE FOR ANY DELAYS, DELIVERY
FAILURES, OR OTHER DAMAGE RESULTING FROM SUCH PROBLEMS, INCLUDING
INTERNET CONGESTION, VIRUS ATTACKS, AND DENIAL OF SERVICE (DOS) ATTACKS.
XIII. Limitation of Liability
UNDER NO CIRCUMSTANCES, INCLUDING, BUT NOT LIMITED TO, NEGLIGENCE,
BREACH OF CONTRACT, OR BREACH OF ANY STATUTORY OR OTHER DUTY OF CARE,
SHALL LOOM OR ITS THIRD PARTY LICENSORS BE LIABLE FOR ANY INDIRECT,
SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES, INCLUDING, BUT NOT LIMITED
TO, LOSS OF DATA OR PROFIT, ARISING OUT OF THE USE, OR THE INABILITY TO USE,
THE MATERIALS ON THIS SITE OR THE SERVICE, EVEN IF LOOM HAS BEEN ADVISED OF
THE POSSIBILITY OF SUCH DAMAGES AND NOTWITHSTANDING THE FAILURE OF
ESSENTIAL PURPOSE OF ANY REMEDY.
LOOM’S AND ITS LICENSORS’ ENTIRE AND AGGREGATE LIABILITY, WHETHER BASED IN
CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE,
SHALL NOT EXCEED THE GREATER OF $100 OR THE AMOUNT YOU HAVE PAID TO
LOOM FOR THE SERVICE DURING THE SIX (6) MONTHS PRECEDING THE DATE THAT A
CLAIM OR DEMAND IS FIRST ASSERTED, EVEN IF LOOM HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES AND NOTWITHSTANDING THE FAILURE OF ESSENTIAL
PURPOSE OF ANY REMEDY. IF YOUR USE OF MATERIALS FROM THIS SITE OR THE
SERVICE RESULTS IN THE NEED FOR SERVICING, REPAIR OR CORRECTION OF
EQUIPMENT OR DATA, YOU ASSUME ANY COSTS THEREOF. SOME STATES DO NOT
ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL
DAMAGES, SO THE ABOVE LIMITATION OR EXCLUSION MAY NOT APPLY TO YOU.
XIV. Entire Agreement; Modifications
These Terms constitute the entire agreement between the parties regarding the subject matter
hereof and supersede all proposals and prior discussions and writings between the parties with
respect thereto. No failure or delay in enforcing any right or exercising any remedy will be
deemed a waiver of any right or remedy. Each provision of these Terms is a separately
enforceable provision. If any provision of these Terms is determined to be or becomes
unenforceable or illegal, such provision shall be reformed to the minimum extent necessary in
order for these Terms to remain in effect in accordance with its terms as modified by such
reformation. These Terms may not be modified, supplemented, amended or interpreted by any
trade usage or prior course of dealing unless specifically agreed upon in writing. Reasonable
attorneys’ fees and costs will be awarded to the prevailing party in the event of litigation
involving the enforcement or interpretation of these Terms.
XV. Force Majeure
Loom shall not be liable to you for any delay or failure of Loom to perform its obligations
hereunder if such delay or failure arises from any cause or causes beyond the reasonable
control of Loom. Such causes shall include, but are not limited to, acts of God, floods, fires, loss
of electricity or other utilities, labor strike, or delays by you in performing any requirements
hereunder.
XVI. Dispute Resolution
The state or federal courts sitting in San Francisco County, California shall have exclusive
jurisdiction and venue over any dispute arising out of these Terms and sale, and you hereby
consent to the jurisdiction of such courts. Any dispute, controversy or claim arising under, out of
or relating to these Terms and any subsequent amendments of these Terms, including, without
limitation, its formation, validity, binding effect, interpretation, performance, breach or
termination, as well as non-contractual claims, shall be submitted to arbitration before the
American Arbitration Association (“AAA”) in accordance with the AAA Commercial Arbitration
Rules. The place of arbitration shall be San Francisco, California. The language to be used in
the arbitral proceedings shall be English. The parties may apply to any court of competent
jurisdiction for a temporary restraining order, preliminary injunction, or other interim or
conservatory relief as necessary, without breach of this Section and without abridgment of the
powers of the arbitrator. The arbitrator may award any form of individual or equitable relief,
including injunctive relief. Any award will be final and conclusive to the parties and may be
entered in any court of competent jurisdiction. You agree to the entry of injunctive relief to stop
any lawsuit or to remove you as a participant in such a suit. These Terms do not constitute a
waiver of any of your rights and remedies to pursue a claim individually in binding arbitration, but
not as a class action. This provision preventing you from bringing, joining or participating in any
class action lawsuits is an independent covenant. You may opt-out of this Section by providing
written notice of your decision within thirty (30) days of the date that you first use the Site or
Service. Notwithstanding the foregoing, if you represent an entity or institution subject to state
law mandating different dispute resolution terms, Loom agrees to such state law requirements.
XVII. Questions and Comments
If you have any questions regarding these Terms, please contact Loom by emailing
XVIII. Notices
All notices regarding these Terms and the Service will be provided in writing to you by e-mail
using the contact information provided by you upon registration or by posting on the Site. Notice
will be deemed given one (1) business day after e-mail transmission from Loom, or two (2)
business days after the date of posting.
Privacy Policy
Last Updated: July 28, 2020
Loom Inc. ("Loom", “our”, “us” or “we”), respects your privacy and is committed to protecting it
through our compliance with this privacy policy (“Privacy Policy”).
This Privacy Policy applies to information collected by Loom through the Loom Site, any Loom
computer software downloadable or otherwise available from the Loom Site ("Loom Software")
and any Loom services purchased or otherwise made available from the Loom Site ("Loom
Services") (collectively, the "Loom Properties"). This Privacy Policy does not apply to the
practices of any third party websites, applications or services that Loom does not own or
maintain (collectively, “Third Party Services”) or to any third parties that use the Loom
Application Programming Interface (API) to perform any function related to the Loom Properties
(“Integrated Platforms”). In particular, this Privacy Policy does not cover any information or other
content you can view via the Loom Properties on Integrated Platforms or information you
provide to Third Party Services accessed via the Loom Properties. As further detailed below, we
cannot take responsibility for the content or privacy policies of any Third Party Services. If you
are a Viewer we encourage you to carefully review the privacy policies of the Loom User whose
Content you view and the privacy policies of any Integrated Platforms or Third Party Services
used by such User which you may access via the Loom Properties.
This Privacy Policy also does not cover any information, recorded in any form, about more than
one individual where the identity of the individuals is not known, cannot be inferred from the
information, and is not linked or reasonably linkable to an individual, including via a device
(“Aggregated Information”). Loom retains the right to use Aggregated Information in any way that
it reasonably determines is appropriate.
By using the Loom Services or otherwise providing us with your Personal Information (as
defined below), you are accepting the practices described in this Privacy Policy, as they may be
amended by us from time to time, and agreeing to our collection and use of your information in
accordance with this Privacy Policy. If you do not agree to the collection, use and disclosure of
your information in this way, please do not use any of the Loom Properties or otherwise provide
Loom with Personal Information.
Please refer to our Privacy Overview at https://www.loom.com/privacy for additional details
regarding how Loom Properties may use your information, including Loom’s use of certain
applications and platforms operated by Third Party Services, and how you may export your data.
What information Loom collects from you
Loom collects only the information required to provide products and services to you. The amount
of information provided by you and collected by Loom depends on the circumstances. Loom
may collect two (2) types of information about you: Personal and Non-Personal.
1. “Personal Information.” Personal Information means any information that identifies, relates
to, describes, is reasonably capable of being associated with, or could reasonably be
linked, directly or indirectly, with a particular individual or household, or is otherwise defined
as personal information under applicable law. Loom may collect Personal Information when
you use the Loom Properties including, without limitation, setting up account information,
filling out surveys, corresponding with Loom, or otherwise volunteering information about
yourself.
2. “Non-Personal Information.” Non-Personal Information refers to information that does not
meet the definition of Personal Information above. Loom may collect Non-Personal
Information through any of the methods discussed above as well as automatically through
use of industry standard technologies described further below.
How Loom collects your information
1. Registration. Prior to using one or more of the Loom Properties, Loom may require you to
provide us with certain Personal Information and Non-Personal Information to create an
account (“Account”) or to enable features or functionality of the Loom Properties.
2. Users. Loom may gather Personal Information about organizational representatives via
various methods (phone, email, online forms, in-person meetings) but only if such Personal
Information is submitted voluntarily. Loom may use such Personal Information for sales,
marketing, and support of the Loom Properties. This Personal Information is never shared
with third parties other than Third Party Service Providers utilized by a User in connection
with Loom Services.
3. User communications. When you send email or other communications to us, we may retain
those communications in order to process your inquiries, respond to your requests and
improve the Loom Properties.
4. Payment Information. When creating an Account, for certain Loom Properties, or when you
make online purchases, you may be asked to provide information, which may include your
payment instrument number (e.g., credit card), your name and billing address, and the
security code associated with your payment instrument (e.g., the CSV) and other financial
data (“Payment Information”). We use Payment Information to complete transactions, as
well as for the detection and prevention of fraud. When you provide Payment Information
while authenticated, we will store that data to help you complete future transactions without
your having to provide the information again. We do not, however, retain the security code
associated with your payment instrument (e.g., the CSV) in this manner. To remove or
modify Payment Information, please contact us. After you close your account or remove
Payment Information, however, we may retain your Payment Information for as long as
reasonably necessary to complete your existing transaction and for the detection and
prevention.
5. Information Collected Through Technology. Loom automatically collects and receives
certain information from your computer or mobile device, including the activities you perform
on the Loom Site, the Loom Software and the Loom Services, the type of hardware and
software you are using (for example, your operating system or browser), and information
obtained from cookies (see below). If you have an Account, we may link this Non-Personal
Information to your Account to better understand your needs and the needs of Users in the
aggregate, diagnose problems, analyze trends, provide services, improve the features and
usability of the Loom Properties, and better understand and market to our customers and
Users.
6. We use technology to automatically gather information by the following methods:
Cookies. Loom uses cookies on the Loom Site and other aspects of the Loom
Properties. Cookies, including local shared objects, are small pieces of information that
are stored by your browser on your computer's hard drive which work by assigning to
your computer a unique number that has no meaning outside of the Loom Properties.
Most web browsers automatically accept cookies, but you can usually configure your
browser to prevent this. Not accepting cookies may make certain features of the Loom
Properties unavailable to you.
IP Address. You may visit many areas of the Loom Site anonymously without the need
to become a registered User. Even in such cases, Loom may collect IP addresses
automatically. An IP address is a number that is automatically assigned to your
computer whenever you begin services with an Internet services provider. Each time
you access the Loom Site and each time you request one of the pages of the Loom
Site, the server logs your IP address.
Web Beacons. Web beacons are small pieces of data that are embedded in web pages
and emails. Loom may use these technical methods in HTML emails that Loom sends
to Users to determine whether they have opened those emails and/or clicked on links
in those emails. The information from use of these technical methods may be collected
in a form that is Personal Information.
Tracking Content Usage. If you use the Loom Services and you post audio visual
materials including, without limitation, videos, links, logos, artwork, graphics, pictures,
advertisements, sound and other related intellectual property contained in such
materials (collectively, “Content”) to your website or to a third party website, Loom
tracks and captures information associated with User accounts and the use of Content
by those that access your Content.
7. Information You Provide About a Third Party. You may have the opportunity to communicate
with others from the Loom Properties, such as by sending an invitation to a friend. If you
choose to take advantage of this functionality, we may ask you to provide us with certain
information about the person with whom you wish to communicate (e.g., name, email
address, etc.). Loom collects such information for the purposes of facilitating the requested
communication, which may contain a specific promotional message from you (e.g., an
invitation to watch a video). Unless we explicitly say otherwise, Loom will not use this
information for other marketing purposes without first obtaining consent from the person to
whom the relevant information pertains. Please be aware that when you use any invitation
functionality on the Loom Properties, your email address, name or username, and message
may be included in the communication sent to your addressee(s).
How Loom uses your information
1. Personal Information. Loom identifies the purpose for which your Personal Information is
collected and will be used or disclosed. If that purpose is not listed below, we will identify
any additional purposes for which we will collect your Personal Information, before or at the
time of collection, and we will obtain your consent to collect, use or disclose your Personal
Information for such additional purpose(s).
2. By using the Loom Properties, you will be deemed to consent to our use of your Personal
Information for the purposes of:
communicating with you generally;
processing your purchases;
processing and keeping track of transactions and reporting back to you;
protecting against fraud or error;
providing information or services requested by you;
administering and managing the Loom Properties and our business operations;
personalizing your experience with the Loom Site, as well as evaluating statistics on
Loom Site activity;
performing statistical analyses of your behavior and characteristics, in order to
measure interest in and use of the various sections of the Loom Site;
communicating with you on other websites;
email gating;
delivery of content and information to Third Party Services Providers;
complying with legal and governmental requirements; and/or
fulfilling any other purpose that would be reasonably apparent to the average person at
the time that we collect it.
3. Users utilize Loom Properties to manage and deliver Content to Viewers. As part of this
process, Loom may collect Personal Information from you.
4. Otherwise, we will obtain your express consent (by verbal, written or electronic agreement)
to collect, use or disclose your Personal Information. You can change your consent
preferences at any time by contacting us (see the “How to Access, Change and Erase Your
Personal Information” section below).
5. Loom extends the rights granted to “data subjects” under the General Data Protection
Regulation (Regulation (EU) 2016/679) (the “GDPR”) to all of its Users. Consequently, you
have the right to withdraw your consent to our processing of your Personal Information at
any time (if our processing is based on consent) and the right to object to our processing of
your Personal Information (if processing is based on legitimate interests).
6. Non-Personal Information. Loom may use Non-Personal Information for the following
purposes:
System Administration: Loom may use Non-Personal Information for the purposes of
system administration, assisting in diagnosing problems with Loom servers, monitoring
Loom's system performance and traffic on the Loom Properties and to gather broad
demographic information about Loom Users.
Personalization: Loom uses cookies and IP addresses to track features such as
delivering Content specific to your interests and informing you of new, relevant services
or certain third party offerings.
How to access, change and erase your personal information
Upon request, Loom will allow Users to update or correct Personal Information previously
submitted, but only to the extent such activities will not compromise privacy or security interests.
Additionally, upon request, Loom will delete Personal Information from the database where such
information is stored; however, it may be impossible to entirely delete a User’s entry without
some residual information being retained due to the manner in which data backups are
maintained. Requests to delete Personal Information may be submitted to [email protected].
Users also have the right to receive their Personal Information from us in a structured,
commonly used and machine-readable format, and the right to transmit their Personal
Information to another controller without hindrance from us (data portability).
Email preferences
Loom may use your Personal Information to send you emails periodically listing promotions or
events relating to the Loom Properties. You have the choice to opt-out of receiving such
promotional emails by sending an email to [email protected] and/or following the instructions
in such correspondence. Once Loom's has processed your opt-out request, Loom will not send
you promotional emails unless you opt back in to receiving such communications.
Disclosure of information to third parties
Except as described below, we do not sell, transfer or otherwise disclose, sell, trade, or
otherwise transfer your Personal Information to outside parties. This statement does not include
trusted third party service providers who assist us in administering and providing the Loom
Properties or provide services to us. Examples include storing and managed Content, analyzing
data, providing marketing assistance, integrations of Third Party Services such as CRM and
MAP services, processing credit card payments, and providing customer service. These third
party service providers will have access to Personal Information needed to perform their
functions, but may not use it for other purposes, and they are subject to appropriate agreements
with Loom and/or its Users to secure and protect the confidentiality of your Personal Information.
We may use service providers located outside of the United States, and, if applicable, your
Personal Information may be processed and stored in other countries and therefore may be
subject to disclosure under the laws of those countries. You explicitly consent and agree to such
transfer, storing and/or processing of your Personal Information outside of the United States or
other country in which you are located.
We may share Payment Information with third parties for purposes of fraud prevention or to
process payment transactions.
We may also release your information when we believe release is appropriate to comply with the
law, enforce our policies, or protect our or others’ rights, property or for safety. We may also
provide non-Personal Information to other parties for marketing, advertising or other uses.
Information, including Personal Information, which we collect from Users and Viewers, is
considered to be a business asset. As a result, in the unlikely event that we go out of business,
enter bankruptcy or if we are acquired as a result of a transaction such as a merger, acquisition
or asset sale, your Personal Information may be disclosed or transferred to the third-party
acquirer in connection with the transaction.
We may also share information related to your account with your employer or organization if you
have an individual Loom account and your account email domain is owned or managed by your
employer or organization.
Lastly, we may provide Users with certain usage information directly related to the videos and/or
other Content that they make available through the Loom Properties. Such information may
include who watched a particular Content (if the viewer is logged into Loom), which Content of a
particular User was watched, and how many times a particular Content was watched.
Under certain exceptional circumstances, Loom may have a legal duty or right to collect, use or
disclose your Personal Information without your knowledge or consent. In accordance with
applicable laws, We will not disclose any consumer information (which may include Personal
Information) without your written consent, except where consumer information is required to be
disclosed: (i) for billing or market operation purposes; (ii) for law enforcement purposes; or (iii)
for the purpose of complying with a legal requirement.
When you participate in a Loom Business or Loom Enterprise account (as described in Loom’s
Terms of Service), the organization administering such account may be able to (1) access
information in and about the account, including your Personal Information; (2) disclose, restrict
or access Content posted in connection with the account; and (3) control how the account is
accessed or deleted. Such accounts and their use are also subject to the Loom Terms of
Service accepted by the organization that established the Loom Business or Loom Enterprise
account.
You consent to disclosure of your information for the above purposes.
Safeguarding your personal information
Loom takes appropriate security measures to protect against unauthorized access, alteration,
disclosure or destruction of Personal Information. These include, but are not limited to, internal
reviews of: (a) Loom's data collection; (b) storage and processing practices; (c) electronic
security measures; and (d) physical security measures to guard against unauthorized access to
systems where Loom stores Personal Information.
Unfortunately, no data transmission over the internet can be guaranteed to be 100% secure. As
a result, while we are committed to protecting your Personal Information, we cannot ensure or
warrant the security of any information you provide to us.
All Loom employees, contractors and agents who access Personal Information are bound by
confidentiality obligations and may be subject to discipline, including termination and criminal
prosecution or unauthorized use or disclosure of Personal Information.
Some or all of the Personal Information we collect may be stored or processed on servers
located outside your jurisdiction of residence, whose data protection laws may differ from the
jurisdiction in which you live. As a result, this information may be subject to access requests
from governments, courts, or law enforcement in those jurisdictions according to laws in those
jurisdictions.
Retention of information
Loom retains the Personal Information that we collect about you for as long as reasonably
necessary for the purposes set out in this Privacy Policy. We also may retain your Personal
Information for a longer period of time on the basis of our legitimate interests in providing or
marketing our services to you or as necessary to comply with our legal obligations, to resolve
disputes, and to enforce our agreements. Even if we delete some or all of your Personal
Information, we may continue to retain and use information that has been aggregated or
anonymized so that it can no longer be used for personal identification.
Children and students
Loom takes the privacy of children and students extremely seriously. Personal information we
collect through the Loom Services may be subject to the Children’s Online Privacy Protection
Act (“COPPA”) and/or the Family Educational Rights and Privacy Act (“FERPA”).
COPPA Compliance. COPPA requires that operators of websites and online services that
collect the personal information of children under 13 years of age (i) inform parents and legal
guardians about their practices for collecting, using and disclosing such personal information
and (ii) obtain verifiable consent from parents and legal guardians for doing so. We only collect
personal information through the Loom Services from a child under 13 if that student’s school,
school district or teacher has agreed to obtain parental consent for that child to use the Loom
Services and disclose personal information to us for purposes of providing the Loom Services,
or we have directly obtained such parental consent.
If you are a student under 13, please do not send any personal information about yourself to us
if your school, school district or teacher has not obtained this prior consent from your parent or
guardian, or we have not obtained such consent, and please do not send any personal
information other than what we request from you in connection with the Loom Services. If we
learn we have collected personal information from a student under 13 without parental consent
having been obtained, or if we learn a student under 13 has provided us personal information
beyond what we request from him or her, we will delete that information as quickly as possible. If
you believe that a student under 13 may have provided us with personal information in violation
of this Privacy Policy, please contact us at [email protected].
FERPA Compliance. FERPA protects personally identifiable information contained in students’
education records from unauthorized disclosure. Consistent with FERPA, we will only use
education records, as defined under FERPA, for the purpose of providing agreed services to a
school, school district or teacher. We will never share or sell FERPA-protected information, or
use it for any other purposes, except as otherwise directed or permitted by the school, school
district or teacher. If a parent or eligible student requests access to education records that are
hosted on our servers, we will help facilitate such access.
EU and Swiss Privacy Shield Frameworks
Loom complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield
Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and
retention of Personal Information transferred from European Union member countries (as well
as Iceland, Liechtenstein, and Norway), the United Kingdom ("UK") and Switzerland transferred
to the United States in reliance on the Privacy Shield. Loom has certified that it adheres to the
Privacy Shield Principles with respect to such Personal Information. If there is any conflict
between the policies in this Privacy Policy and data subject rights under the Privacy Shield
Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield
program, and to view our certification page, please visit http://www.privacyshield.gov.
With respect to Personal Information received or transferred pursuant to the Privacy Shield
Frameworks, Loom is subject to the regulatory and enforcement powers of the U.S. Federal
Trade Commission.
Types of EU, UK and Swiss Personal Information Collected. Our participation in the Privacy
Shield applies to all Personal Information that is subject to this Privacy Policy and is received
from the European Union and European Economic Area, the UK and Switzerland. We will
comply with the Privacy Shield Principles with respect to all EU, UK and Swiss Personal
Information. We may collect employment-related Personal Information regarding our employees
located in the EU, the UK and Switzerland.
Purposes of EU, UK and Swiss Personal Information Collection and Use. We will only process
EU, UK and Swiss Personal Information in ways that are compatible with the purpose for which
we collected the EU, UK and Swiss Personal Information, or for purposes that the individual or
entity providing the EU, UK and Swiss Personal Information later authorizes.
Pursuant to the Privacy Shield Frameworks, EU, UK and Swiss individuals have the right to
obtain our confirmation of whether we maintain Personal Information relating to you in the
United States. Upon request, we will provide you with access to the Personal Information that
we hold about you. You may also correct, amend, or delete the Personal Information we hold
about you. An individual who seeks access, or who seeks to correct, amend, or delete
inaccurate data transferred to the United States under Privacy Shield, should direct their query
to [email protected]. If requested to remove data, we will respond within a reasonable
timeframe.
We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your
data with third parties other than our agents, or before we use it for a purpose other than which it
was originally collected or subsequently authorized. To request to limit the use and disclosure of
your Personal Information, please submit a written request to [email protected].
In certain situations, we may be required to disclose Personal Information in response to lawful
requests by public authorities, including to meet national security or law enforcement
requirements.
Loom’s accountability for Personal Information that it receives in the United States under the
Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield
Principles. In particular, Loom remains responsible and liable under the Privacy Shield Principles
if third-party agents that it engages to process the Personal Information on its behalf do so in a
manner inconsistent with the Principles, unless Loom proves that it is not responsible for the
event giving rise to the damage.
In compliance with the Privacy Shield Principles, Loom commits to resolve complaints about
your privacy and our collection or use of your Personal Information transferred to the United
States pursuant to Privacy Shield. European Union and Swiss individuals with Privacy Shield
inquiries or complaints should first contact Loom by email at [email protected] or via post at:
Loom, Inc.
140 2nd Street
Floor 3
San Francisco, CA 94105
Loom has further committed to refer unresolved privacy complaints under the Privacy Shield
Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD,
operated by the Council of Better Business Bureaus. If you do not receive timely
acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please
visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a
complaint. This service is provided free of charge to you.
Loom commits to cooperate with the EU data protection authorities (DPAs), the UK Information
Commissioner and the Swiss Federal Data Protection and Information Commissioner (FDPIC)
and comply with the advice given by such authorities with regard to human resources data
transferred from the EU, the UK and/or Switzerland, as applicable, in the context of the
employment relationship with Loom.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain
conditions, you may invoke binding arbitration for some residual claims not resolved by other
redress mechanisms. See Privacy Shield Annex 1 here.
California residents
California law grants additional privacy rights to California residents. In particular, the California
Consumer Privacy Act (CCPA) requires businesses to disclose, for the past 12 months, (i) the
categories of personal information collected, (ii) the sources of the collected personal
information, (iii) the purposes for which the collected personal information is used, (iv) the
categories of personal information disclosed for a business purpose, and (v) the categories of
any personal information sold. Loom provides these disclosures in the following table. Loom has
not sold personal information in the past 12 months.
Category: Identifiers
Sources of Collection: Website visits and registration for Loom Services
Purposes of Collection: To allow use of Loom Services and to enable Loom to communicate
with you
Disclosures for a Business Purpose: To Loom service providers for the purpose of providing
Loom Services to you
Category: Personal information categories listed in the California Customer Records statute
Sources of Collection: Registration for Loom Services
Purposes of Collection: Credit card information to permit payment for premium Loom Services
Disclosures for a Business Purpose: To Loom service providers to facilitate payment
transactions
Category: Internet or other similar network activity
Sources of Collection: Your browsing and search history on the Loom Site
Purposes of Collection: To improve the visitor experience on the Loom Site, diagnose server
problems and administer the Loom Site
Disclosures for a Business Purpose: To marketing specialist companies for the purpose of
enhancing the Loom Site and improving the effectiveness of our advertising
California residents also have the rights described below. We will not discriminate against any
California resident who exercises these rights.
Right to access/know. You may request from us a list of (i) the personal information that we have
collected about you, and (ii) the categories of third parties to whom we have disclosed your
personal information. You have the right to up to two (2) access requests each twelve (12)
months.
Right to delete your personal information. You may request, at any time, that we delete your
personal information.
You may contact us to exercise these rights at [email protected]. To ensure the privacy and
protection of individuals, we are required to verify your identity or otherwise authenticate your
request(s). Please note that, under the CCPA, we are not required to grant a request to
access/know or a request to delete with respect to personal information obtained from you in
your role as an employee, owner, director, officer or contractor of a company and within the
context of Loom providing the Loom Services to such company.
Third Party Websites and Services
The Loom Properties may contain links to third party websites or services, including Third Party
Services, (collectively, “Third Party Sources”) who may collect Personal Information and Non-
Personal Information directly from you. Links to Third Party Sources are intended for
convenience only. Third Party Sources are wholly independent from Loom. Third Party Source
may have separate privacy policies and data collection practices, independent of Loom. Loom:
(a) has no responsibility or liability for these independent policies or actions; (b) is not
responsible for the privacy practices or the content of such websites; and (c) does not make any
warranties or representations about the contents, products or services offered on such websites
or the security of any information you provide to them.
Changes to this Privacy Policy
The terms in this Privacy Policy may be changed from time to time, so you should review it
periodically for changes. We reserve the right, at any time, to modify or replace this Privacy
Policy. The date of the most recent version of the Privacy Policy is noted below under “Effective
Date of this Privacy Policy.” We may also notify you via email or other direct electronic
communication method of any changes that, in our sole discretion, materially impact your use of
the Loom Properties or the treatment of your Personal Information. Your use of the Loom
Properties following the posting of any changes to the Privacy Policy constitutes acceptance of
those changes.
How to contact us
If you have any questions or concerns about this Privacy Policy or our privacy practices, you
may contact us directly as follows:
Email us: [email protected].
or:
Loom, Inc.
140 2nd Street
Floor 3
San Francisco, CA 94105
If you are a resident of the European Union, and you believe that our processing of your
Personal Information is inconsistent with your data protection rights under the GDPR and we
have not adequately addressed your concerns, you have the right to lodge a complaint with the
data protection supervisory authority of your country. Current list of National Data Protection
Authorities and members of the European Data Protection Board found here.
Exhibit A
DATA PRIVACY RIDER FOR ALL CONTRACTS INVOLVING PROTECTED DATA PURSUANT TO EDUCATION LAW §2-C AND §2-D
District and Vendor agree as follows:
1. Definitions:
(1) Protected Data means personally identifiable information of students from student education records as defined by FERPA, as well as teacher and Principal data regarding annual professional performance reviews made confidential under New York Education Law §3012-c and §3012-d;
(2) Personally Identifiable Information (PII) means the same as defined by the regulations implementing FERPA (20 USC §1232-g);
2. Confidentiality of all Protected Data shall be maintained in accordance with State and Federal Law and the District’s Data Security and Privacy Policy;
3. The Parties agree that the District’s Parents’ Bill of Rights for Data Privacy and Security are incorporated as part of this agreement, and Vendor shall comply with its terms;
4. Vendor agrees to comply with Education Law §2-d and its implementing regulations;
5. Vendor agrees that any officers or employees of Vendor, and its assignees who have access to Protected Data, have received or will receive training on federal and State law governing confidentiality of such data prior to receiving access;
6. Vendor shall:
(1) limit internal access to education records to those individuals that are determined to have legitimate educational interests;
(2) not use the education records for any other purposes than those explicitly authorized in its contract. Unauthorized use specifically includes, but is not limited to, selling or disclosing personally identifiable information for marketing or commercial purposes or permitting, facilitating, or disclosing such information to a third party for marketing or commercial purposes;
(3) except for authorized representatives of the third party contractor to the extent they are carrying out the contract, not disclose any personally identifiable information to any other party:
(i) without the prior written consent of the parent or eligible student; or
(ii) unless required by statute or court order and the party provides notice of the disclosure to the department, Board of Education, or institution that provided the information no later than the time the information is disclosed, unless providing notice of the disclosure is expressly prohibited by the statute or court order;
DocuSign Envelope ID: D75DC43A-4DAC-4A6D-A8BF-D4399613861D
(4) maintain reasonable administrative, technical and physical safeguards to protect the security, confidentiality and integrity of personally identifiable student information in its custody;
(5) use encryption technology to protect data while in motion or in its custody from unauthorized disclosure using a technology or methodology specified by the Secretary of the United States Department of Health and Human Services in guidance issued under Section 13402(H)(2) of Public Law §111-5;
(6) adopt technology, safeguards and practices that align with NIST Cybersecurity Framework;
(7) impose all the terms of this rider in writing where the Vendor engages a subcontractor or other party to perform any of its contractual obligations which provides access to Protected Data.
(8) If any terms of the foregoing agreement conflict with any terms of this exhibit, the terms of this exhibit, New York Education Law §2-d and the regulations shall control.”
DocuSign Envelope ID: D75DC43A-4DAC-4A6D-A8BF-D4399613861D
Exhibit B
PARENTS’ BILL OF RIGHTS FOR DATA PRIVACY AND SECURITY The District, in compliance with Education Law §2-d, provides the following:
DEFINITIONS:
As used in this policy, the following terms are defined:
Student Data means personally identifiable information from the student records of a District student.
Teacher or Principal Data means personally identifiable information from District records relating to the annual professional performance reviews of classroom teachers or Principals that is confidential and not subject to release under the provisions of Education Law §§3012-c and 3012-d.
Third-Party Contractor means any person or entity, other than a District, that receives student data or teacher or Principal data from the District pursuant to a contract or other written agreement for purposes of providing services to the District, including, but not limited to, data management or storage services, conducting studies for or on behalf of the District, or audit or evaluation of publicly funded programs. Such term shall include an educational partnership organization that receives student or teacher or Principal data from a school district to carry out its responsibilities pursuant to Education Law §211-e and is not a District, and a not-for-profit corporation or other nonprofit organization, other than a District.
Parent means a parent, legal guardian, or person in parental relation to a student. These rights may not apply to parents of eligible students. Eligible Student means a student 18 years and older.
1. Neither student data, nor teacher or Principal data will be sold or released for any commercial purpose;
2. Parents have the right to inspect and review the complete contents of their child's
education records. Procedures for reviewing student records can be found in the Board Policy entitled Student Records: Access and Challenge (#7240);
3. Security protocols regarding confidentiality of personally identifiable information
are currently in place and the safeguards necessary to protect the confidentiality of student data are maintained at industry standards and best practices. The safeguards include, but are not limited to, encryption, firewalls, and password protection. As required by Education Law §2-d (5), the National Institute for Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity Version 1.1 (NIST Cybersecurity Framework or NIST CSF) is adopted as the standard for data security and privacy;
DocuSign Envelope ID: D75DC43A-4DAC-4A6D-A8BF-D4399613861D
4. New York State maintains a complete list of all student data collected by the State and the data is available for public review at http://www.p12.nysed.gov/irs/sirs/NYSEDDataElements2018.xlsx, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 89 Washington Avenue, Albany, New York 12234;
5. Parents have the right to have complaints about possible breaches of student data
addressed. Complaints should be directed to the District's Data Protection Officer at 607-757-2211.
Complaints may be also be submitted to NYSED online at www.nysed.gov/dataprivacy-security, by mail to Chief Privacy Officer, New York State Education Department, 89 Washington Avenue, Albany, NY 12234; by email to [email protected]; or by telephone at 518-474-0937.
6. Parents have the right to be notified in accordance with applicable laws and regulations if a breach or unauthorized release of their student's personally identifiable information occurs.
7. Educational agency workers that handle personally identifiable information will ·
receive annual training on applicable state and federal laws, the educational agency's policies, and safeguards associated with industry standards and best practices that protect personally identifiable information.
8. The District will promptly acknowledge receipt of complaints, commence an
investigation, and take the necessary precautions to protect personally identifiable information;
• following its investigation of a submitted complaint, the District shall provide
the parent or eligible student with its findings within a reasonable period but no more than 60 calendar days from receipt of the complaint;
• where the District requires additional time, or where the response may compromise security or impede a law enforcement investigation, the District shall provide the parent or eligible student with a written explanation that includes the approximate date when the District anticipates that it will respond to the complaint;
• the District will require complaints to be submitted in writing; • the District will maintain a record of all complaints of breaches or unauthorized
releases of student data and their disposition in accordance with applicable data retention policies, including the Records Retention and Disposition Schedule ED-1;
DocuSign Envelope ID: D75DC43A-4DAC-4A6D-A8BF-D4399613861D
9. This policy will be regularly updated with supplemental information for each contract the District enters into with a third-party contractor where the third-party contractor receives student data or teacher or Principal data. The supplemental information must be developed by the District and include the following information:
• the exclusive purposes for which the student data or teacher or Principal data
will be used by the third-party contractor, as defined in the contract; • how the third-party contractor will ensure that the subcontractors, or other
authorized persons or entities to whom the third-party contractor will disclose the student data or teacher or Principal data, if any, will abide by all applicable data protection and security requirements, including, but not limited to, those outlined in applicable State and federal laws and regulations (e.g., FERPA; Education Law §2-d);
• the duration of the contract, including the contract’s expiration date and a description of what will happen to the student data or teacher or Principal data upon expiration of the contract or other written agreement (e.g., whether, when and in what format it will be returned to the District, and whether, when and how the data will be destroyed);
• if and how a parent, student, eligible student, teacher or Principal may challenge the accuracy of the student data or teacher or Principal data that is collected;
• where the student data or teacher or Principal data will be stored, it will be described in such a manner as to protect data security and the security protections taken to ensure that such data will be protected and data security and privacy risks mitigated; and how the data will be protected using encryption while in motion and at rest will be addressed.
10. This policy shall be published on the District’s website. This policy shall also be
included with every contract the District enters with a third party contractor where the third party contractor receives student data or teacher or Principal data.
Signature Date
Name & Job Title
DocuSign Envelope ID: D75DC43A-4DAC-4A6D-A8BF-D4399613861D
Vinay Hiremath
Loom, Inc.
9/21/2020
CTO