LAST UPDATED: December 19, 2023
Riverside Assessments, LLC dba Riverside Insights (“Riverside,” “we,” “us,” or “our”) respects your privacy and makes the security and integrity of the data we collect a top priority. As part of our commitment to data privacy, we developed this Assessment Privacy Policy (“Policy”) to explain how Riverside collects, uses, shares, and protects the information you provide to us in the course of our assessment services and your rights with respect to such information.
This Policy applies to information we collect or receive through assessment products and platforms. If you would like data privacy information about our websites, please see our Website Privacy Policy.
If you are a resident of the European Union (“EU”), the United Kingdom ("UK"), Illinois, California, or New York, you may have additional rights with respect to your Personal Information, as outlined below.
“COPPA” means the Children’s Online Privacy Protection Act, 15 U.S.C. §§ 6501-6505, and the regulations promulgated thereunder, each as amended.
“Customer” means an institution or professional who licenses Services, such as school districts, educational agencies, universities, hospitals, clinical psychologists, and healthcare systems.
“Customer Personnel” means employees, staff, contractors, agents, and other authorized representatives of our Customers, such as administrators, authorized account holders, staff, teachers, and psychologists.
“FERPA” means the Family Educational Rights and Privacy Act, 20 U.S.C. § 1232g, and the regulations promulgated thereunder, each as amended.
“HIPAA” means the Health Insurance Portability and Accountability Act of 1996, 42 U.S.C. § 1320d et seq., and the regulations promulgated thereunder, each as amended.
“Personal Information” means information that, either alone or in combination with other information, identifies or relates to an individual.
“Platforms” means Riverside’s web-based platforms for assessment, scoring, and reporting.
“Products” means Riverside’s educational, clinical, and special needs assessments.
“Protected Health Information” or “PHI” has the definition provided under HIPAA.
“Services” means the Platforms and Products.
“Students/Examinees” means individuals who either directly use Riverside’s Services or whose information Riverside collects in the course of providing Services.
Additional defined terms are identified throughout the rest of this Policy.
In providing the Services, we may request Personal Information from you or other individuals affiliated with the Customer sponsoring your use of the Services, including Students/Examinees. The exact Personal Information we need to collect depends on which Service you are using and the optional data fields you or the Customer sponsoring your use of our Services chooses to provide. Our Services may collect four broad categories of Personal Information:
We may collect the foregoing types of Personal Information through your use of the Services in the following manner:
The primary use of any Personal Information we collect from you is to communicate assessment measurements, evaluations, and reports that are based on our psychometrically sound assessment results.
In addition, we may use Personal Information for the following purposes:
Under no circumstances will Riverside sell any Personal Information of a Student/Examinee or use such Student/Examinee Personal Information for targeted marketing. Any sale of Personal Information would only occur in the context of a transaction described below in Organizations Involved in Mergers and Acquisitions Transactions.
We will not disclose Personal Information except as set forth in this Policy or with your consent. This section describes to whom we disclose Personal Information and for what purposes:
We employ reputable service providers to assist us in providing aspects of our Services. A service provider is a third party engaged by Riverside who has or may have access to Personal Information for the purpose of helping us provide our Services to you. For example, we may engage third parties to provide hosting services, website and app security, remote proctoring services, customer communications, user and data subject rostering, user onboarding, and customer service (including online chat). These service providers may have access to some of your Personal Information only if they are performing specific tasks on our behalf. We take commercially reasonable steps to interact or contractually engage with service providers that have adopted a privacy policy governing their processing of Personal Information that is consistent with this Policy.
If your use of our Services involves remote proctoring, please see our Remote Proctoring Privacy Statement.
If you would like to review a list of our current service providers, please see our List of Third-Party Subprocessors.
If we sell or otherwise transfer some or all of our business or assets to another organization (e.g., in the course of a merger, acquisition, sale of assets, bankruptcy, dissolution, liquidation), any information collected through our Services, including Personal Information, may be among the items sold or transferred. If the rights and obligations with respect to your Personal Information are assigned to a third-party successor entity, then, with respect to your Personal Information, the successor entity will be subject to the terms of the then-applicable privacy policy or will adopt a privacy policy that is substantially similar in all material respects with this Policy.
We may disclose Personal Information at the request of law enforcement or government agencies or in response to subpoenas, court orders, or other legal processes in order to establish, protect, or exercise our rights; to defend against a legal claim; to protect the rights, property, or safety of another person; or as otherwise required by law. We may also disclose Personal Information to investigate or prevent a violation by you of any contractual or other relationship with us or any alleged illegal or harmful activity by you.
We use commercially reasonable safeguards that comply with accepted industry practice in protecting the confidentiality and security of Personal Information, including adherence to standards issued by the National Institute of Standards and Technology (“NIST”). Examples of how we protect your Personal Information include:
Despite these efforts to store Personal Information in a secure operating environment, we cannot guarantee the security of Personal Information during its transmission or storage in our systems. Further, while we attempt to ensure the integrity and security of Personal Information, we cannot guarantee that our security measures will prevent third parties, such as hackers, from illegally obtaining access to Personal Information. We do not represent or warrant that Personal Information about you will be protected against loss, misuse, or alteration by third parties.
Properly authorized Customer Personnel may log into the Platforms to access, update, and delete Personal Information collected by the Services. If you would like to otherwise access, update, or delete Personal Information about the data associated with your account, or to have us complete any of the tasks described in this section on your behalf, you may submit a request to inquiry@service.riversideinsights.com or call us toll-free at (800) 323-9540 (in the US) or (630) 467-7000 (outside the US). We will promptly review all such requests in accordance with applicable law.
Many of our Services are designed for Customer Personnel working with K-12 students. We recognize the sensitive nature of Personal Information contained in educational records concerning children under age 13 and K-12 students generally. This Personal Information is protected under either or both of the following federal statutes: COPPA and FERPA. Our privacy practices comply with both COPPA and FERPA.
COPPA permits a school, acting in the role of “parent,” to provide required consent regarding Personal Information of students who are under the age of 13. Where a school is the user of or subscriber to our Services, we rely on this form of COPPA consent. We provide the school with this Policy, to ensure that the school, in providing its COPPA consent, has relevant information and assurance that our practices comply with COPPA.
FERPA permits a school to provide educational records (including those that contain students’ Personal Information) to certain service providers without requiring the school to obtain specific parental/guardian consent. FERPA permits this disclosure where the service provider acts as a type of “school official” by performing services, for example, that would otherwise be performed by the school’s own employees. We fulfill FERPA requirements for qualifying as a school official by, among other steps, giving our school district Customers control with respect to the use and maintenance of the education records at issue (including associated Personal Information) and refraining from re-disclosing or using this Personal Information except provided under this Policy.
To the extent that information qualifies as PHI under HIPAA, and HIPAA affords greater privacy protections than those set forth in this Policy, Riverside will comply with the relevant HIPAA requirements regarding privacy for that information.
Except as necessary to provide our Services, we do not knowingly collect or solicit Personal Information directly from anyone under the age of 18 without a parent’s or guardian’s prior consent. The information collected from children under 18 through assessments are intended only with the consent and under the supervision of a parent or guardian, or, in the case of use through an institutional user, with the consent and supervision of such institutional user acting with authority and consent from the parent or guardian. This information is not used for, sold to, or shared with third parties for marketing or commercial purposes.
The State of California provides its residents with certain rights concerning their Personal Information. This section describes how you may exercise your rights with respect to Personal Information collected through our Services.
Through our Services, we collected the following categories of Personal Information during the past 12 months:
We collect these categories of Personal Information to the extent necessary to provide the Services and as otherwise described in the section How We Use Personal Information.
Privacy Right |
Description |
Access |
You have the right to request information on the categories of Personal Information that we collected in the previous twelve (12) months, the categories of sources from which the Personal Information was collected, the specific pieces of Personal Information we have collected about you, and the business purposes for which such Personal Information is collected and shared. You also have the right to request information on the categories of Personal Information that were disclosed for business purposes and the categories of third parties with whom such information was shared in the twelve (12) months preceding your request. You can also access certain of your Personal Information by contacting us at inquiry@service.riversideinsights.com or calling us toll-free at (800) 323-9540 (in the US) or (630) 467-7000 (outside the US) to make such corrections. |
Deletion |
You have a right to request us to delete Personal Information that we collected from you. However, please be aware that we may not fulfill your request for deletion if we (or our service provider(s)) are required to retain your Personal Information for one or more of the following categories of purposes: (1) to complete a transaction for which the Personal Information was collected, provide a good or service requested by you, or complete a contract between us and you; (2) to ensure our website integrity, security, and functionality; (3) to comply with applicable law or a legal obligation or to exercise rights under the law; or (4) to otherwise use your Personal Information, internally, in a lawful manner that is compatible with the context in which you provided the information. |
Opt-Out |
As noted above, we do not use Personal Information to market or advertise directly to Students/Examinees and do not otherwise sell Personal Information.
|
Additionally, you may be able to exercise the following supplemental rights under California law upon verification of your identity:
If you would like to exercise your rights listed above, please send (or have your authorized agent send) an email to inquiry@service.riversideinsights.com or call us toll-free at (800) 323-9540 (in the US) or (630) 467-7000 (outside the US). We will not use discriminatory practices against you for exercising your California privacy rights.
While we take measures to ensure that those responsible for receiving and responding to your request are informed of your rights and how to help you exercise those rights, when contacting us to exercise your rights, we ask you to please adhere to the following guidelines:
This GDPR section applies to individuals who are in the European Union (“EU”) and the United Kingdom (“UK”). For the purposes of this Policy, references to the GDPR include both the EU GDPR and the UK GDPR, and references to the EU also include Switzerland, and the European Economic Area countries of Iceland, Liechtenstein, and Norway.
For this GDPR section, we use the terms “Personal Data” and “processing” as they are defined in the GDPR. “Personal Data” generally means information that relates to an identified or identifiable person, and “processing” generally covers actions that can be performed in connection with data such as collection, use, storage, and disclosure.
If you have any questions about this section or whether any of the following applies to you, please contact us at inquiry@service.riversideinsights.com or call us toll-free at (800) 323-9540 (in the US) or (630) 467-7000 (outside the US).
Please see the section Types of Personal Information We Collect and Use above for details about the Personal Data we collect.
Please refer to the section How We Use Personal Information above for details about how we use and process your Personal Data.
We will only process your Personal Data if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity, and our “legitimate interests,” as further described below:
We share Personal Data with service providers; organizations involved in mergers and acquisitions transactions; and law enforcement, government agencies, and courts. Please refer to the section Disclosure of Personal Information above.
We retain Personal Data of users of our Services: (1) for as long as reasonably necessary to permit use of our Services and (2) as required by law or contractual commitment. After this period has expired, we will return or delete the Personal Data from our systems according to your written instruction; provided, we will maintain Personal Data in accordance with our backup or other disaster recovery policies and procedures. These deletion periods apply to Personal Data and do not apply to de-identified information. We retain de-identified information in accordance with our standard practices for similar information.
In addition, and subject to any data retention required under applicable law, if requested and as directed by a user of our Site, we will delete a user’s Personal Data collected via our Services. Deleting this information may limit some or all features of our Services. Where required by local law, we will delete such information and provide a certification of such deletion.
Please refer to the section How We Protect Personal Information above for more information on the security measures we use to protect your Personal Data.
You may have certain rights with respect to your Personal Data, including those set forth below. For more information about these rights or to submit a request, please email inquiry@service.riversideinsights.com or call us toll-free at (800) 323-9540 (in the US) or (630) 467-7000 (outside the US). Please note that in some circumstances, we may not be able to fully comply with your request, such as if it is impractical, if it jeopardizes the rights of others, or if it is not required by law. In those circumstances, we will still respond to notify you of such a decision. In some cases, we may also need you to provide us with additional information, which may include Personal Data, if necessary, to verify your identity and the nature of your request.
Your rights under the GDPR include:
Access. You can request more information about the Personal Data we hold about you and request a copy of your Personal Data.
Rectification. If you believe that any Personal Data we process about you is incorrect or incomplete, you can request that we correct or supplement such data.
Erasure. You can request that we erase some or all of your Personal Data from our systems.
Withdrawal of Consent. If we are processing your Personal Data based on your consent (as indicated at the time of collection of such Personal Data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to provide express consent on a case-by-case basis for the use or disclosure of certain Personal Data when such use or disclosure is necessary to enable you to use some or all features of a Site.
Portability. You can ask for a copy of your Personal Data in a machine-readable format. You can also request that we transmit the Personal Data to another entity where technically feasible.
Objection. You can contact us to let us know that you object to the further use or disclosure of your Personal Data for certain purposes.
Restriction of Processing. You can ask us to restrict further processing of your Personal Data.
Right to File Complaint. You have the right to lodge a complaint about Riverside’s practices with respect to your Personal Data with the supervisory authority of your country or EU Member State.
New York’s Education Law 2-d and the New York Parents’ Bill of Rights for Data Privacy and Security (collectively, “Ed Law 2-d”) addresses the relationship between schools and their third-party contractors, in addition to the schools’ relationships with parents/guardians. The only elements of Ed Law 2-d that are incorporated herein are those provisions directed to third-party contractors (“Contractor Ed Law 2-d Provisions”). We agree to comply with the Contractor Ed Law 2-d Provisions for schools in the State of New York. If there is a direct conflict between this Privacy Policy and the Contractor Ed Law 2-d Provisions, the Contractor Ed Law 2-d Provisions will control. The full text of Ed Law 2-d is available at the New York State Education Department website (as of the date of this publication: https://www.nysenate.gov/legislation/laws/EDN/2-D).
The Illinois Student Online Personal Protection Act (“SOPPA”) requires school districts to take certain precautions with respect to the student data collected by educational technology companies. SOPPA applies to all Illinois school districts, the Illinois State Board of Education, and operators of online services and applications. The only elements of SOPPA that are incorporated herein are those provisions directed to third-party contractors (“Contractor SOPPA Provisions”). We agree to comply with the Contractor SOPPA Provisions for schools in Illinois. If there is a direct conflict between this Privacy Policy and the Contractor SOPPA Provisions, the Contractor SOPPA Provisions will control. As of the date of this publication: the full text of SOPPA is available on the following website: https://www.ilga.gov/legislation/ilcs/ilcs3.asp?ActID=3806&ChapterID=17 .
Our Services may direct you to or integrate with third-party services or websites. As noted above in the subsection Our Service Providers, we exercise commercially reasonable efforts to partner with service providers whose privacy policies governing their processing of Personal Information align with this Policy. We understand that you may want to examine and inquire about our service providers’ privacy practices, and we encourage you to do so.
The specific definition of “de-identified information” applicable to you depends on the laws applicable to your data. In general, however, de-identified information is information from which all personal identifiers have been removed or obscured such that it does not identify an individual and there is no reasonable basis to believe that the information can identify an individual.
Riverside collects and uses aggregated, de-identified information to assess the quality of and improve our Services and for purposes of assessment development, research, and publications relevant to our services and industry. As part of our assessment development efforts, we may share aggregated, de-identified information with reputable third-party development partners, who are considered experts in the field of assessments and subject to strict obligations of security and confidentiality with respect to information they receive from us. These development partners only use the de-identified information we share with them for analysis on our behalf and for purposes permitted under this Policy.
Finally, while assessments are in progress, we use de-identified information in order to authenticate a user’s identity, maintain links between Students/Examinees and their respective proctors during assessment sessions, and update certain features of our Services.
We reserve the right to update this Policy at any time. We will post the revised Policy on our main Site (https://www.riversideinsights.com/support/policies), and such changes will be effective immediately unless otherwise stated. If these changes are material, we will provide notice to you through email notifications and/or prominent statements on our website and, where required by applicable law, we will obtain your consent.
If you are located outside of the United States, please be aware that information we collect, including Personal Information, may be transferred to, and processed, stored, and used in the United States. The data protection laws in the United States may differ from those of the country in which you are located.
Your browser may offer you a “Do Not Track” option, which allows you to signal to operators of websites, web applications, and services (including behavioral advertising services) that you do not wish such operators to track certain of your online activities over time and across different websites. Our Services currently do not support Do Not Track requests.
If you have any questions about this Policy, please email us at contracts@riversideinsights.com or call us toll-free at (800) 323-9540 (in the US) or (630) 467-7000 (outside the US).
© 2022 Riverside Assessments, LLC. All rights reserved.
General Inquiries 1.800.323.9540
Sitemap