LAST UPDATED: June 13, 2022
If you are a resident of the European Union (“EU”), the United Kingdom ("UK"), Illinois, California, or New York, you may have additional rights with respect to your Personal Information, as outlined below.
“COPPA” means the Children’s Online Privacy Protection Act, 15 U.S.C. §§ 6501-6505, and the regulations promulgated thereunder, each as amended.
“Customer” means an institution or professional who licenses Services, such as school districts, educational agencies, universities, hospitals, clinical psychologists, and healthcare systems.
“Customer Personnel” means employees, staff, contractors, agents, and other authorized representatives of our Customers, such as administrators, authorized account holders, staff, teachers, and psychologists.
“FERPA” means the Family Educational Rights and Privacy Act, 20 U.S.C. § 1232g, and the regulations promulgated thereunder, each as amended.
“HIPAA” means the Health Insurance Portability and Accountability Act of 1996, 42 U.S.C. § 1320d et seq., and the regulations promulgated thereunder, each as amended.
“Personal Information” means information that, either alone or in combination with other information, identifies or relates to an individual.
“Platforms” means Riverside’s web-based platforms for assessment, scoring, and reporting.
“Products” means Riverside’s educational, clinical, and special needs assessments.
“Protected Health Information” or “PHI” has the definition provided under HIPAA.
“Services” means the Platforms and Products.
“Students/Examinees” means individuals who either directly use Riverside’s Services or whose information Riverside collects in the course of providing Services.
Additional defined terms are identified throughout the rest of this Policy.
In providing the Services, we may request Personal Information from you. The exact Personal Information we need to collect depends on which Service you are using and the optional data fields you or the Customer sponsoring your use of our Services chooses to provide. Our Services may collect four broad categories of Personal Information:
We may collect the foregoing types of Personal Information through your use of the Services in the following manner:
The primary use of any Personal Information we collect from you is to communicate assessment measurements, evaluations, and reports that are based on our psychometrically sound assessment results.
In addition, we may use Personal Information for the following purposes:
Under no circumstances will Riverside sell any Personal Information of a Student/Examinee or use such Student/Examinee Personal Information for targeted marketing. Any sale of Personal Information would only occur in the context of a transaction described below in Organizations Involved in Mergers and Acquisitions Transactions.
We will not disclose Personal Information except as set forth in this Policy or with your consent. This section describes to whom we disclose Personal Information and for what purposes:
If your use of our Services involves remote proctoring, please see our Remote Proctoring Privacy Statement.
We may disclose Personal Information at the request of law enforcement or government agencies or in response to subpoenas, court orders, or other legal processes in order to establish, protect, or exercise our rights; to defend against a legal claim; to protect the rights, property, or safety of another person; or as otherwise required by law. We may also disclose Personal Information to investigate or prevent a violation by you of any contractual or other relationship with us or any alleged illegal or harmful activity by you.
We use commercially reasonable safeguards that comply with accepted industry practice in protecting the confidentiality and security of Personal Information, including adherence to standards issued by the National Institute of Standards and Technology (“NIST”). Examples of how we protect your Personal Information include:
Despite these efforts to store Personal Information in a secure operating environment, we cannot guarantee the security of Personal Information during its transmission or storage in our systems. Further, while we attempt to ensure the integrity and security of Personal Information, we cannot guarantee that our security measures will prevent third parties, such as hackers, from illegally obtaining access to Personal Information. We do not represent or warrant that Personal Information about you will be protected against loss, misuse, or alteration by third parties.
Properly authorized Customer Personnel may log into the Platforms to access, update, and delete Personal Information collected by the Services. If you would like to otherwise access, update, or delete Personal Information about the data associated with your account, or to have us complete any of the tasks described in this section on your behalf, you may submit a request to email@example.com or call us toll-free at (800) 323-9540 (in the US) or (630) 467-7000 (outside the US). We will promptly review all such requests in accordance with applicable law.
Many of our Services are designed for Customer Personnel working with K-12 students. We recognize the sensitive nature of Personal Information contained in educational records concerning children under age 13 and K-12 students generally. This Personal Information is protected under either or both of the following federal statutes: COPPA and FERPA. Our privacy practices comply with both COPPA and FERPA.
COPPA permits a school, acting in the role of “parent,” to provide required consent regarding Personal Information of students who are under the age of 13. Where a school is the subscriber to our Services, we rely on this form of COPPA consent. We provide the school with this Policy, to ensure that the school, in providing its COPPA consent, has full information and assurance that our practices comply with COPPA.
FERPA permits a school to provide educational records (including those that contain students’ Personal Information) to certain service providers without requiring the school to obtain specific parental/guardian consent. FERPA permits this disclosure where the service provider acts as a type of “school official” by performing services, for example, that would otherwise be performed by the school’s own employees. We fulfill FERPA requirements for qualifying as a school official by, among other steps, giving our school district Customers control with respect to the use and maintenance of the education records at issue (including associated Personal Information) and refraining from re-disclosing or using this Personal Information except provided under this Policy.
To the extent that information qualifies as PHI under HIPAA, and HIPAA affords greater privacy protections than those set forth in this Policy, Riverside will comply with the relevant HIPAA requirements regarding privacy for that information.
Except as necessary to provide our Services, we do not knowingly collect or solicit Personal Information directly from anyone under the age of 16. Further, Riverside does not sell Student/Examinee Personal Information and does not market or advertise directly to Students/Examinees.
The State of California provides its residents with certain rights concerning their Personal Information. This section describes how you may exercise your rights with respect to Personal Information we collect through our Services.
Through our Services, we collected the following categories of Personal Information during the past 12 months:
We collect these categories of Personal Information to the extent necessary to provide the Services and as otherwise described in the section How We Use Personal Information.
You have the right to request information on the categories of Personal Information that we collected in the previous twelve (12) months, the categories of sources from which the Personal Information was collected, the specific pieces of Personal Information we have collected about you, and the business purposes for which such Personal Information is collected and shared. You also have the right to request information on the categories of Personal Information, which were disclosed for business purposes, and the categories of third parties in the twelve (12) months preceding your request for your Personal Information. You can also access certain of your Personal Information by contacting us at firstname.lastname@example.org or calling us toll-free at (800) 323-9540 (in the US) or (630) 467-7000 (outside the US) to make such corrections.
You have a right to request us to delete Personal Information that we collected from you. However, please be aware that we may not fulfill your request for deletion if we (or our service provider(s)) are required to retain your Personal Information for one or more of the following categories of purposes: (1) to complete a transaction for which the Personal Information was collected, provide a good or service requested by you, or complete a contract between us and you; (2) to ensure our website integrity, security, and functionality; (3) to comply with applicable law or a legal obligation or to exercise rights under the law; or (4) to otherwise use your Personal Information, internally, in a lawful manner that is compatible with the context in which you provided the information.
As noted above, we do not use Personal Information to market or advertise directly to Students/Examinees and do not otherwise sell Personal Information.
If you would like to exercise your rights listed above, please send (or have your authorized agent send) an email to email@example.com or call us toll-free at (800) 323-9540 (in the US) or (630) 467-7000 (outside the US). We will not use discriminatory practices against you for exercising your California privacy rights.
While we take measures to ensure that those responsible for receiving and responding to your request are informed of your rights and how to help you exercise those rights, when contacting us to exercise your rights, we ask you to please adhere to the following guidelines:
This GDPR section applies to individuals who are in the European Union (“EU”) and the United Kingdom (“UK”). For the purposes of this Policy, references to the GDPR include both the EU GDPR and the UK GDPR, and references to the EU also include Switzerland, and the European Economic Area countries Iceland, Liechtenstein, and Norway.
For this GDPR section, we use the terms “Personal Data” and “processing” as they are defined in the GDPR. “Personal Data” generally means information that relates to an identified or identifiable person, and “processing” generally covers actions that can be performed in connection with data such as collection, use, storage, and disclosure.
If you have any questions about this section or whether any of the following applies to you, please contact us at firstname.lastname@example.org or call us toll-free at (800) 323-9540 (in the US) or (630) 467-7000 (outside the US).
Please see the section Types of Personal Information We Collect and Use above for details about the Personal Data we collect.
Please refer to the section How We Use Personal Information above for details about how we use and process your Personal Data.
We will only process your Personal Data if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity, and our “legitimate interests,” as further described below:
We share Personal Data with service providers; organizations involved in mergers and acquisitions transactions; and law enforcement, government agencies, and courts. Please refer to the section Disclosure of Personal Information above.
We retain Personal Data of users of our Services: (1) for as long as reasonably necessary to permit use of our Services and (2) as required by law or contractual commitment. After this period has expired, we will return or delete the Personal Data from our systems in accordance with our contractual commitments and records retention policies. These deletion periods apply to Personal Data and do not apply to de-identified information. We retain de-identified information in accordance with our standard practices for similar information.
In addition, and subject to any data retention required under applicable law, if requested and as directed by a user of our Site, we will delete a user’s Personal Data collected via our Services. Deleting this information may limit some or all features of our Services. Where required by local law, we will delete such information and provide a certification of such deletion.
Please refer to the section How We Protect Personal Information above for more information on the security measures we use to protect your Personal Data.
You may have certain rights with respect to your Personal Data, including those set forth below. For more information about these rights or to submit a request, please email email@example.com or call us toll-free at (800) 323-9540 (in the US) or (630) 467-7000 (outside the US). Please note that in some circumstances, we may not be able to fully comply with your request, such as if it is impractical, if it jeopardizes the rights of others, or if it is not required by law. In those circumstances, we will still respond to notify you of such a decision. In some cases, we may also need you to provide us with additional information, which may include Personal Data, if necessary, to verify your identity and the nature of your request.
Your rights under the GDPR include:
Access. You can request more information about the Personal Data we hold about you and request a copy of your Personal Data.
Rectification. If you believe that any Personal Data we process about you is incorrect or incomplete, you can request that we correct or supplement such data.
Erasure. You can request that we erase some or all of your Personal Data from our systems.
Withdrawal of Consent. If we are processing your Personal Data based on your consent (as indicated at the time of collection of such Personal Data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Data when such use or disclosure is necessary to enable you to use some or all features of a Site.
Portability. You can ask for a copy of your Personal Data in a machine-readable format. You can also request that we transmit the Personal Data to another entity where technically feasible.
Objection. You can contact us to let us know that you object to the further use or disclosure of your Personal Data for certain purposes.
Restriction of Processing. You can ask us to restrict further processing of your Personal Data.
Right to File Complaint. You have the right to lodge a complaint about Riverside’s practices with respect to your Personal Data with the supervisory authority of your country or EU Member State.
The specific definition of “de-identified information” applicable to you depends on the laws applicable to your data. In general, however, de-identified information is information from which all personal identifiers have been removed or obscured such that it does not identify an individual and there is no reasonable basis to believe that the information can identify an individual.
Riverside collects and uses aggregated, de-identified information to assess the quality of and improve our Services. Further, Riverside uses de-identified information for purposes of assessment development, research, and publications relevant to our services and industry. As part of our assessment development efforts, we may share aggregated, de-identified information with reputable third-party development partners, who are considered experts in the field of assessments and subject to strict obligations of security and confidentiality with respect to information they receive from us. These development partners only use the de-identified information we share with them for analysis on our behalf and for purposes permitted under this Policy.
Finally, while assessments are in progress, we use de-identified information in order to authenticate a user’s identity, maintain links between Students/Examinees and their respective proctors during assessment sessions, and update certain features of our Services.
We reserve the right to update this Policy at any time. We will post the revised Policy on our main Site (https://www.riversideinsights.com/support/policies), and such changes will be effective immediately unless otherwise stated. If these changes are material, we will provide notice to you through email notifications and/or prominent statements on our website and, where required by applicable law, we will obtain your consent.
If you are located outside of the United States, please be aware that information we collect, including Personal Information, may be transferred to, and processed, stored, and used in the United States. The data protection laws in the United States may differ from those of the country in which you are located.
Your browser may offer you a “Do Not Track” option, which allows you to signal to operators of websites, web applications, and services (including behavioral advertising services) that you do not wish such operators to track certain of your online activities over time and across different websites. Our Services currently do not support Do Not Track requests.
If you have any questions about this Policy, please email us at firstname.lastname@example.org or call us toll-free at (800) 323-9540 (in the US) or (630) 467-7000 (outside the US).