"Use" means Subscriber's students, teachers, administrators, and other individuals licensed to use the Assessment System under the Master Subscription Agreement.
"Assessment System" means MAP® Growth™ and MAP® Skills™.
Subscriber Control and Choices Regarding Student Education Records
The collection, input, use, retention, disposal, and disclosure of Student Education Records by Users via the Assessment System are controlled solely by the Subscriber. The Subscriber is responsible for providing all necessary notices and obtaining all necessary consents from Users to collect, use, disclose, and submit the Student Education Records via the Assessment System for NWEA to use in accordance with the Master Subscription Agreement, including, if applicable, any notices and/or consents required under the Federal Educational Records Privacy Act (FERPA), the Children's Online Privacy Protection Act (COPPA) and applicable international laws, including, but not limited to, the General Data Protection Regulation (GDPR)
NWEA will not delete, change, or divulge any Student Education Records from its Assessment System controlled by the Subscriber except as outlined in this Policy. If a User has questions regarding control of Student Education Records related to the Assessment System licensed by the Subscriber, then User shall contact User's applicable school, district, or educational entity (i.e. Subscriber). If a User desires to revoke User's consent or "opt-out" of a particular use of User's Student Education Records, User shall contact User's applicable school, district, or educational entity. If NWEA receives a request from a User to "opt-out" it shall forward the request to the applicable school, district, or educational entity for handling. The applicable school, district, or educational entity is solely responsible for handling the User's "opt-out" in the Assessment System.
Information Collected & Maintained
NWEA collects and maintains the following information:
Use of Information Collected
NWEA only uses the information, including Student Education Records, it collects pursuant to this Policy and the Master Subscription Agreement. The most common of those uses are as follows:
Deidentified and Anonymized Data
NWEA aggregates information it collects, including Deidentified and Anonymized Data, and uses such aggregated information and other non-personally identifiable information it collects as follows:
Disclosure of Student Education Records
NWEA agrees to adhere to the disclosure requirements under FERPA and will not disclose any Student Education Records from the Assessment System to any third-party except as set forth in this Policy or as allowed by applicable law.
Generally, NWEA may disclose Student Education Records under the following circumstances:
NWEA does not sell Student Education Records to third parties for their commercial use and does not use such data to target advertisement at students. NWEA does not share, sell, rent, or transfer Student Education Records other than as described in the Master Subscription Agreement and this Policy.
NWEA does not publicly disseminate Student Education Records submitted by Users. NWEA permits Users to share comments and feedback in the Assessment System. NWEA does not publicly disseminate those comments and feedback outside of the Assessment System. Third-parties are prohibited from storing Student Education Records outside the borders of the United States of America.
Erasure, Rectification, Access & Portability of Student Education Records
Users or parents of such Users (if a User is a minor) may review and amend Student Education Records of such User by contacting the Subscriber and following the Subscriber's procedures for amending such User's Student Education Records. NWEA will not make any changes to any Student Education Records without the applicable Subscriber's express written permission, and then, only in accordance with applicable law.
NWEA develops and implements privacy and information security measures aligned to NIST Cybersecurity Framework to protect the confidentiality, integrity, and availability of partner personal data. In doing so, personal data is stored and processed in a manner that is designed to ensure the appropriate security of Student Education Records, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical and organizational measures. Further information on NWEA’s data security measures can be found here: https://legal.nwea.org/map-growth-information-security-whitepaper.html.
Please be aware that despite NWEA's efforts, no data security measures can guarantee 100% security. Users should take steps to protect against unauthorized access to their password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private. NWEA is not responsible for any lost, stolen, or compromised passwords or for any activity on a User's account via unauthorized password activity.
Data Retention & Destruction
NWEA retains Student Education Records for the length of time necessary to meet NWEA's contractual and legal commitments to Subscribers. These commitments generally extend past the end date of contractual agreements as Subscribers may need continued access to Student Education Records and educational data for reporting; and many Subscribers resume their subscriptions later and want their historical Student Education Records intact for longitudinal growth studies or legal compliance. All Student Education Records are stored in facilities located within the borders of the United States of America.
NWEA honors Subscribers' requests to delete Student Education Records if required by applicable law. To request that Student Education Records relating to a particular Subscriber and/or User(s) be deleted, Subscriber shall send a written request to NWEA via email to firstname.lastname@example.org and include the following: (i) requestor's name, title, and contact information; (ii) the name of requestor's school or entity with NCES number (if available); (iii) a request to delete Subscriber's Student Education Records; and (iv) an attestation that requestor is duly authorized and has legal capacity to execute the request. NWEA will subsequently contact Subscriber to confirm the destruction request before executing the destruction request. NWEA retains Anonymized Data indefinitely for the purposes stated in this Policy.
Links to Third-Party Websites and Services
General Data Protection Regulation (GDPR)
NWEA complies with all applicable laws governing international partners, including the GDPR. Information regarding GDPR compliance is described in the NWEA MAP® Growth™ GDPR Overview and our International Master Subscription Agreement. Subscribers subject to the GDPR need to obtain informed consent for the collection, processing, and transfer of personal data under our agreement with them. NWEA's Explicit Consent to Process Data Form can be found here. Subscribers should submit these completed forms to email@example.com.
NWEA may periodically revise this Policy from time to time and will make updated version of this Policy available here. However, NWEA will not make material changes to this Policy without first providing notice to Subscriber as provided in the Master Subscription Agreement. Notwithstanding the foregoing, should laws and regulations change to regarding the collection, use, or distribution of Student Education Records, NWEA shall be permitted to make appropriate changes to this Policy to comply with the laws and regulations without issuing prior notice to Subscriber.
Additional questions regarding this Policy can be sent to:
Jacob Carroll – Sr Director, Privacy & Information Security
121 NW Everett Street
Portland, Oregon 97209
Document Effective Date: November 15, 2020
Last Modified: October 14, 2020