This Data Sharing and Processing Agreement (this “Agreement”) is made effective as of the Order Effective Date (the “Effective Date”) of that certain Order Form (the “Order Form”) executed by and between Try Once, Inc. a Delaware corporation located at 440 N Barranca Ave, #5154, Covina, CA 91723 (“Once” or “We”) and the school and/or district specified in such Order Form (hereinafter, “School”). This Agreement supplements that certain Master Services Agreement entered into the parties on or around the Effective Date (the “MSA”).
Once is providing certain Services (as defined in the MSA) to School in order to carry out a reading instructional service to improve reading outcomes for children (the “Program”). School has determined that it would be advantageous to the efforts identified above and to the benefit of all parties for Once to collect and process the data as set forth herein in order to accomplish the purposes of the Program.
1. Program Description
1.1 Cooperation
School and Once will cooperate to notify students, parents and guardians of the availability of the Program.
1.2 Data
Once must collect, access and use the following data (“Data”) in connection with the Program:
- Student name, ID number, and grade
- School and District name
- Program attendance records
- Program curriculum baseline and progress information
- Video recordings of each instructional session
With express permission, Once may collect, access, and use the following additional data (also Data when such permission has been granted) in order to enable enhanced reporting in connection with the Program:
- Homeroom teacher
- Third-party assessment information the school may collect
- Student age, race, ethnicity, and home language(s)
- Student information about Individualized Education Plans (IEPs)
- Student information about Free and Reduced Lunch status
Such Data may be provided by the School from Instructors, teachers, or other staff members.
1.3 Permitted Uses
Once will use the Data for the performance of the Services, including for the purposes of monitoring students' progress, developing the Once product, and improving instruction and supporting student learning via human review and automated feedback. Once may associate or combine other data with the Data collected from the School for these purposes, such as aggregate population and demographic data, School name, age or grade range of students participating in the Program within the School, and aggregate metrics associated with the School and/or similarly-situated schools.
In addition, we may share Data with our trusted third-party service providers who perform services on our behalf (e.g. web hosting and analytics services), but strictly for the purpose of carrying out their work for us in furtherance of the Services. Such service providers are subject to confidentiality and data security requirements at least as protective as those set forth in this Agreement. We may also share information with third parties in an aggregated and/or anonymous form that does not reasonably identify an individual or School as provided for in the MSA.
For clarity: neither Once nor any of its partners will use Data for the purpose of targeted advertising or to amass a profile of an individual student for the purpose of targeting advertising.
2. Responsibilities
2.1 School Duties and Authority
School represents and warrants that it has the authority to permit Once to access and use Data as described herein and in the MSA for the purpose of providing the Services.
2.2 Once Security
Once will maintain and implement an information security program that requires reasonable and appropriate administrative, technical, physical, organizational, and operational safeguards against unlawful or unauthorized access, use, destruction, loss, alteration, disclosure, transfer, or processing of Data. The Security Safeguards will ensure a level of security appropriate to the risks and will be consistent with industry best practices.
In the event Once becomes aware of any unauthorized access to or use of Data, Once will: (i) notify the School promptly but no later than is reasonably required to enable the School to comply with data breach notification requirements, (ii) investigate the security breach, and (iii) reasonably cooperate with the School and any law enforcement or regulatory official.
2.3 Compliance with Laws
The parties agree to uphold their responsibilities under laws governing the privacy of Data, including but not limited to the Family Educational Rights and Privacy Act (“FERPA”), the Children's Online Privacy and Protection Act (“COPPA”), the Protection of Pupil Rights Amendment (“PPRA”), the Student Online Personal Information Protection Act (“SOPIPA”), and similar state or federal laws.
2.4 Compliance with COPPA
To the extent the Services are made available to students under the age of 13, School authorizes Once to collect Data from such students for the purpose of participating in the Program in accordance with this Agreement. School, or a student's parent or legal guardian, may withdraw consent at any time upon written notice to Once.
2.5 Once Representatives
Once will require its employees and subcontractors to use and protect Data in accordance with the requirements set forth in this Agreement.
3. Data Protection
3.1 No Re-identification
Once agrees to make no attempt to re-identify Data from which identifying information has been removed. Once has implemented technical and procedural safeguards to prevent re-identification, and will contractually prohibit any third party to whom it discloses Data from attempting to re-identify such Data. If identity is discovered inadvertently, no use will be made of that information, it will not be shared, and the identifying information will be safeguarded or destroyed.
3.2 Permitted Data Use
In addition to permitted uses described in §1.3, Once and Once Representatives are permitted to use Resultant Data (as defined in the MSA) for the purposes set forth in the MSA.
4. Publication and Presentation of Findings, Data and Resultant Data
4.1 Disclosure
Once may disclose Resultant Data to third parties in accordance with the MSA.
4.2 Anonymized Data
To the extent that Resultant Data is made publicly available (e.g., in peer-reviewed studies, white papers, documentaries, or public media), such Resultant Data will be presented on an anonymized and aggregate basis — at the school, grade-level, or geographic area, or on the basis of demographic groups consisting of greater than ten students — such that no individual student could reasonably be identified.
4.3 Analytical Results
Analytical Results generated by School's participation in the Program will be provided to School. Analytical results based on data from all participating schools may be made available to School upon request.
4.4 Marketing
Subject to the express written consent of School, Once may distribute and make available Recordings of participating students to the public as part of Once marketing programs. Without such express written consent, Once will not distribute Recordings publicly.
5. Term and Termination
5.1 Duration
This Agreement is effective as of the Effective Date through the final date services are provided as part of the Program, which may be extended by mutual agreement. Either party may terminate for reasonable cause with 30 days' written notice. Termination of this Agreement also terminates the MSA.
5.2 Termination
Upon termination, Once will cease collection of Data through the Program on behalf of School. Sections 2–4 continue to apply as long as Once maintains Data.
6. Destruction of Data
Within forty-five (45) days from end of Term, or at any time upon School's written request, Once will de-identify or destroy the Data, provided that Once will not be required to destroy de-identified, aggregate, or non-personally identifiable Data. Nothing in this Agreement authorizes Once or any partner to maintain personally identifiable Data related to School students beyond the time period reasonably required to complete the Program.