AUGUST SCHOOLS PRODUCT PRIVACY STATEMENT
last updated: May 31, 2024
Introduction
August Schools, Inc. (“August Schools”) provides its electronic health record management platform (“Product”) that allows its enterprise customers’ (any, a “Customer”) personnel to track medical treatment provided to students. This Product Privacy Statement (“Privacy Statement”) explains how we collect, use, disclose and otherwise process personal information on our Customers’ behalf in connection with the Product (collectively, the “Services”). As a service provider and data processor, August Schools provides the Services to Customers. August Schools’ Customers are the data owners and data controllers with respect to such information processed through the Services. This Privacy Statement does not apply to any websites or other online services that do not link to this Privacy Statement. To the extent August Schools shares information with the Customer as this Privacy Statement describes, this Privacy Statement does not apply to the Customer’s subsequent use of that information. BECAUSE AUGUST SCHOOLS DOES NOT CONTROL THE PRIVACY PRACTICES OF THE RELEVANT CUSTOMER, YOU SHOULD READ AND UNDERSTAND THE RELEVANT CUSTOMER’S DESCRIPTION OF ITS PRIVACY PRACTICES.August Schools’ processing of information in connection with the Services is governed by this Privacy Statement and the relevant Customer agreement. In the event of any conflict between this Privacy Statement and the relevant Customer agreement, the relevant Customer agreement will control to the extent permitted by applicable law.This Privacy Statement is not a substitute for any privacy notice that the relevant Customer may be required to provide to its personnel, authorized users, students or other individuals.
Information We Collect
Information collected via the Services. The Customer is responsible for determining the scope of information that August Schools may collect. The Services process information that Customer personnel upload into the Product. Such information may include personal information, including information that may be deemed sensitive under applicable laws (including, without limitation, identity-verification information (such as government-issued identification numbers and images of government-issued identification cards), financial information, health information, and information about children).Information collected about authorized users. We collect information about the Customer’s “authorized users” — the end users (typically personnel) that Customer authorizes to create an account to access the dashboards, reports and other items produced by the Services. The information we collect about authorized users includes:
Information provided to us by the Customer about its authorized users. This may include business contact information, such as name, email address, and phone number.
Information provided to us by authorized users. This may include personal information that end users provide when they register for an account or create a user profile (such as name, email address, telephone number, account username, account password), contact customer support, or otherwise correspond with us by phone, email, or other means.
Information about authorized users’ use of the Services. This may include information about authorized users’ use of the Services, including computer or mobile device operating system type and version number, manufacturer and model, device identifier, browser type, screen resolution, IP address, general location information such as city, state or geographic area; and information about authorized users’ use of and actions on the Services, such as pages you viewed, how much time was spent on a page, navigation paths between pages, information about activity on a page, access times, and length of access. This information is collected using cookies and similar technologies.
Information collected through Google integration. If you connect the Services to a Gmail account, this Privacy Statement will apply to Google user data collected from this account as well as to other categories of personal information. Notwithstanding anything else in this Privacy Statement, if you provide the Services access to the following types of your Google data, our use of that data will be subject to these additional restrictions:
The Service will only use access to read Gmail message bodies and Google calendars (including, in both instances, any attachments) to help you organize the details of the people with whom you exchange email and your daily activities.
The Service will not transfer this Google data to others unless doing so is necessary to provide and improve user-facing features, comply with applicable law, or as part of a merger, acquisition or sale of assets (or the contemplation of such transaction).
The Services will not use Google data for serving advertisements.
The Services will not allow humans to read this data unless (i) we have your affirmative agreement for specific messages/calendar entries; (ii) it is necessary for security purposes such as investigating abuse; (iii) it is necessary to comply with applicable law; or (iv) it is necessary for the Services’ internal operations and even then only when the data have been de-identified, aggregated, and/or anonymized.
How We Use Information
We use the information we collect at the instruction of the relevant Customer and in accordance with the relevant Customer agreement, to provide the Services and for related internal purposes, such as to:
maintain the Services;
create and maintain your account;
facilitate the management of Customer’s health records;
provide information about the Services, such as important updates or changes to the Services;
measure performance of and improve the Services and develop new products and services;
create anonymous, aggregated or deidentified data that August Schools may then use to analyze patterns to enhance August Schools’ products and services and develop new ones; and
respond to inquiries, complaints and requests for Customer support.
We may also use information as we believe necessary or appropriate to (i) comply with applicable law; (ii) enforce the terms and conditions that govern the Services; (iii) protect our rights, privacy, safety or property and/or that of you or others; and (iv) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
How We Share Information
We share the information we collect with:
the relevant Customer through which you are authorized to use the Services;
such third parties as the relevant Customer may direct;
third-party service providers that help us manage and improve the Services; and
August Schools subsidiaries and corporate affiliates for the purposes described in this Privacy Statement or in the relevant Customer agreement.
We may also share information with government, law enforcement officials or private parties as required by law, when we believe such disclosure is necessary or appropriate to (i) comply with applicable law; (ii) enforce the terms and conditions that govern the Services; (iii) protect our rights, privacy, safety or property, and/or that of you or others; and (iv) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity. We may sell, transfer or otherwise share some or all of August Schools’ business or assets, including information that we process as part of the Services, in connection with a business transaction (or potential business transaction) such as a merger, consolidation, acquisition, reorganization or sale of assets or in the event of bankruptcy.
Information Security
August Schools uses physical, electronic, and procedural safeguards designed to protect information from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction. We cannot, however, guarantee that any safeguards or security measures will be sufficient to prevent a security problem. We recommend that the Customer take steps to protect against unauthorized access to any devices or networks used to access the Services. We recommend that end users take steps to protect their account credentials used to access the Services. See the relevant Customer agreement for additional information regarding August Schools’ information security practices.
Data Subject Rights
The relevant Customer is the data controller/data owner of end users and others’ personal information processed through the Services. As the data controller/data owner, the relevant Customer is responsible for receiving and responding to end users and others’ requests to exercise any rights afforded to them under applicable data protection law. August Schools will assist its customers in responding to such requests as set forth in the relevant Customer agreement. You may have several choices regarding use of your information on the Services.
CookiesIf you decide at any time that you no longer wish to accept Cookies from the Services, then you can instruct your browser, on each device you use to access the Services, by changing its settings, to stop accepting Cookies or to prompt you before accepting a Cookie from the Service.Please consult your browser’s technical information to learn how to exercise this option.If you do not accept Cookies, however, you may not be able to use all or portions of the Services.
How August Schools Responds to Do Not Track Signals Some Internet web browsers transmit “do not track” signals to the websites and other online services with which your web browser communicates.There is currently no standard that governs what, if anything, websites should do when they receive these signals.Currently, August Schools does not take action in response to these signals.To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.
Cross-Border Data TransferAugust Schools may transfer information collected through the Services outside of the country from which it originated, including to the United States. See the relevant Customer agreement for additional information regarding how August Schools safeguards the information it transfers across international borders. Data RetentionAugust Schools may retain information for as long as necessary to (i) provide the Services; (ii) comply with legal obligations; (iii) resolve disputes; and (iv) enforce the terms of its Customer agreements. See the relevant Customer agreement for additional information regarding August Schools’ data retention practices. Third-Party Products and ServicesThe Services may integrate with or enable access to third party tools. End users that register, install or access any third-party tools may be required to accept privacy notices provided by those third parties. Please review those notices carefully, as August Schools does not control and cannot be responsible for these providers’ privacy or information security practices.Supplemental Notice for CanadaThis Supplemental Notice for Canada only applies to our processing of personal information that is subject to the applicable data protection laws of Canada.
Security of Your Information. The files and records containing your personal information will be kept in our offices and/or on our servers or those of our service providers, and only those employees that require it for the purposes of their duties will have access to these files.
International Transfers and Access. Personal information may be accessible to the courts and the law enforcement and national security authorities of the United States.
To obtain more information about our policies and practices with respect to service providers outside of Canada, please contact us as set forth in Contact Us below.Changes to this Privacy StatementAugust Schools reserves the right to modify this Privacy Statement at any time and for any reason. Similar to August Schools’ Services, laws, regulations and industry standards may evolve that may make changes to this Privacy Statement appropriate. August Schools will post the changes to this page. August Schools encourages you to review the Privacy Statement to stay informed. August Schools will notify you of any material changes in its collection, use, or disclose of your information by posting a notice on its website. Any material changes to this Privacy Statement will be effective thirty (30) calendar days following notice of the changes on the website unless otherwise noticed. These changes will be effective immediately for new users of the Services. If you object to any such changes, you must notify August Schools prior to the effective date of such changes that you wish to deactivate your account. Continued use of the Services following the effective date of such changes indicates your agreeing to such changes.Contact UsIf you have any question about this Privacy Statement, you can contact our privacy team at [email protected].