School Use Privacy Policy

Last updated: May 10, 2016

Introduction

Ooka Island Inc., its affiliates and their successors and assigns (collectively referred to as “Ooka”) are committed to protecting the personal information which they collect by means of this web site (the “Site”) and by means of Ooka’s video game clients (the “Game”).

This School Use Privacy Policy describes the types of personal information which Ooka collects specific for teachers, teacher assistants, school administrators, and their assigns (collectively the “Educators”) for institutional (the “School”) activities related to minors (the “Students”), and how Ooka collects, uses and discloses that information.

This document is a supplement to the general Privacy & Legal Policy available here: https://lighthouse.ookaisland.com/privacy-legal/

Collection and Use

General principles

When collecting personal information relating to a user of this Site, Ooka will seek that individual’s consent, or the consent of the Educator, Parent or Guardian, to the collection as well as to the use and disclosure of it in accordance with this School Use Privacy Policy.

Ooka will collect the minimum personal information required to satisfy the business and educational functions of the company, in particular the minimum personal information of minors. When personal information on minors may be collected, we will provide suggestions for internal controls to mitigate the risk to the Educators and Students from intentional or accidental disclosure.

Information volunteered

Ooka may include requests for Educators to volunteer information required for the successful delivery of Ooka’s products and services.

Personal information:
  1. Educators: no personal data collected.
  2. Students:
    1. Username 1
    2. Grade level
    3. District/School/Educator/Class affiliations
Other information:
  1. Educators
    1. Email or username, first and last name
    2. Ooka Site and Game passwords
    3. Marketing preferences
    4. District, School, and Class names
    5. District and School mailing address and telephone number(s)
    6. District, School, and Class affiliations
  2. Students
    1. Game password

Information collected by other means

Data is collected from Educators, Students, and their physical device(s) during the course of access to the Site and the Game.

Personal information:
  1. Educators: no personal data collected.
  2. Students:
    1. game activity prompt responses.
Other information:
  1. Educators
    1. Mobile device identifiers (e.g. advertising identifiers, push notification tokens)
    2. Mobile device platform, operating system family and version
    3. Game client version, error reporting, and session metadata
    4. Web session metadata
    5. Game session metadata (e.g. access date)
  2. Students
    1. Game session metadata (e.g. session duration)

Use of student personal data

Ooka provides a personalized learning path through the Game based in part on the personal data volunteered and collected by other means from the Educator and Student.

  1. Student player profile ownership: To be provide a personalized experience, each Student must have their own player profile. Student personal identifiers and district, school, and class affiliations are used for the benefit of Educators and respective Student to identify ownership of player profiles for Game use (e.g. logging in).
  2. Game play personalization: Student game play activity data is measured and analyzed to classify how the Student is progressing through each activity in the Game. This data is used at granular and aggregate levels to chart a customized path through the Game that is optimized for the respective Student. Grade data is used to analyze Student performance based on learning outcome expectations at typical developmental stages.
  3. Reports for Educators: Student game play data is presented to Educators as an assessment supplement, as measured by game play data. Student personal identifiers and game play data is presented in different aggregate forms at district, school, class, and Student levels. Access to Student reports is limited via password protected Educator accounts.
  4. Support: Ooka may use Student personal identifiers and district, school, and class affiliations for the purposes of providing support or troubleshooting.
  5. Research: Aggregate and derivative data is used by Ooka to identify patterns and trends for the purpose of improving existing, and developing new, methods to further optimize the Game for learning objectives.

Disclosure

Ooka may share personal information which it has collected with its employees, agents, and other representatives who need to use that information in connection with one or more of the purposes for which that personal information was collected.

All members of the Ooka team are physically located in Canada, and may access and/or store personal information onto their local workstation.

Ooka may access and disclose any personal information which it has collected if required or permitted to do so by law (for example, in order to comply with a legal requirement, including, but not limited to, one imposed by a warrant, subpoena, court order or like instrument served on Ooka or in an emergency to protect the life, health or security of any person).

Ooka may disclose the personal information of the users of this Site to any successor or any assignee of Ooka’s assets relating to this Site and Game.

Before disclosing personal information relating to a user of this Site to a third party other than as set out in this School Use Privacy Policy, Ooka will obtain the user’s consent to the disclosure.

Providers and jurisdictions

Ooka engages service providers to provide certain limited services such as shipping products, hosting this Site, or processing financial transactions. Ooka will only provide those service providers with the personal information they need to deliver the service for which they were retained.

Ooka will also require those companies, through contractual means, to safeguard such information, maintain its confidentiality and not to use that information for any purpose other than providing the services for which they were retained. Please note that such services providers may be located outside of Canada.

Provider Territorial jurisdiction Information disclosed
Amazon Web Services
Primary internet host 		United States All data collected by Ooka, the Site, and the Game.
Google Analytics
Web analytics 		United States Personal: none
Other: web session data. Data accessible in aggregate only.
Mandrill
Transactional email 		United States Personal: none
Other: Educator email addresses and names, email subject and body content.
Efforts are made to not send transactional email containing personal information.
Mixpanel
User engagement tracking 		United States Personal: none
Other: Site and Game usage data.
Sentry
Application log monitoring 		United States During the course of error logging, some personal information may be exposed to this error logging provider. Reasonable efforts are made to obscure personal data.

Information security management

Ooka uses multiple security measures to safeguard and help prevent unauthorized access to your information, maintain data security, and correctly use the information we collect. These measures include, but are not limited to, the use of encryption, mandatory password requirements, firewalls, and information access controls.

Additionally, your account is protected by the password you use to access your online account, and we urge you to take steps to keep your username and password safe. Educators are responsible for maintaining the confidentiality of their usernames and passwords, including student usernames and passwords.

Please be aware that, despite our best efforts, no security measures are perfect or impenetrable and that no data transmissions over the internet can be guaranteed to be 100% secure.

Breach notification protocol

Ooka has implemented information security procedures to provide security for School, Educator and Student data, and provides best practices to Schools, and Educators to protect their information while engaging with the Game. In the instance of a breach, Ooka will conduct an investigation. The objectives of the investigation are to:

  1. Ensure the immediate requirements of containment and notification have been addressed;
  2. Review the circumstances surrounding the breach; and
  3. Review the adequacy of existing policies and procedures in protecting personal information;
    1. Address the situation on a systemic basis. In some cases, program-wide or institution-wide procedures may warrant review (e.g., a misdirected fax transmission);
    2. Advise clients of findings and work together to make any necessary changes;
    3. Ensure staff are appropriately educated and trained with respect to privacy protection and information security.

In the event of a security breach, Ooka has established a notification protocol, which includes the following steps:

  1. Containment: Identify the scope of the potential breach and take steps to contain it
  2. Notification: Identify those individuals whose privacy was breached and, barring exceptional circumstances, notify those individuals accordingly:
    1. notify the individuals whose privacy was breached, by telephone or in writing;
    2. provide details of the extent of the breach and the specifics of the personal information at issue;
    3. advise of the steps that have been taken to address the breach, both immediate and long-term; and,
    4. provide contact information for someone within your organization who can provide additional information, assistance and answer questions.

Additional steps for Clients:

  1. Ensure appropriate staff within your organization are immediately notified of the breach, including the Freedom of Information and Privacy Co-ordinator, the head and/or delegate;
  2. If appropriate, inform the Information and Privacy Commissioner registrar of the privacy breach;
  3. Conduct an internal investigation into the matter.

Best practices and suggested internal controls

It is the School’s responsibility to protect the privacy rights of minors, their guardians, and staff. With the exception of student game play data, Ooka collects and retains personal information only as volunteered by the Educator. Student game play data only becomes personal in the context of Student personal identifiers linking them to their game play data. At any time, Educators may use internal controls to provide an additional layer of protection for personal information.

For example Educators should always use strong passwords for their Ooka login; Educators should always logout of the Ooka program when finished using the program, and Educators should never share their Ooka login credentials with anyone.

If consent to disclose personal information to Ooka has not been obtained from Student legal guardians, Educators should consult their privacy officers to determine how to balance the benefits of disclosing personal identifiers (e.g. the convenience of identifying Student profiles by full Student names) with the relative risks.

Since Ooka only requires Student player profile usernames be unique per Teacher account, Ooka recommends Educators provide the minimum amount of personal information to distinctly identify each Student. For example, first name plus their initial(s), a unique identifier, or internal codes. It is strongly recommended that the Student’s education number is never used.

For additional guidance, see your organization’s privacy policy.

Inquiries, Requests for Access and Submitting Corrections

Ooka welcomes your comments and questions regarding this School Use Privacy Policy. If you have a comment or question regarding this School Use Privacy Policy, or would like to request access or an amendment to your personal information collected and retained by Ooka, please contact Ooka’s Privacy Officer by e-mail, courier or regular mail at the following address:

Ooka Island Inc.
119 Kent St, Suite 155
Charlottetown, Prince Edward Island, C1A 1N3
Canada
Attention: Privacy Officer
E-mail: privacyofficer@ookaisland.com
Fax: 877-567-3115

Changes to this Policy

Ooka may, from time to time, update or change this School Use Privacy Policy. When Ooka makes any change to this Privacy Policy, an updated copy will be posted to this Site and the word updated will appear next to the link to this Privacy Policy on the introductory page of this Site for a period of at least 30 days from the date of the change. The date that this Privacy Policy was last updated will appear at the top of the copy of it posted on this Site.

Consent

By using this Site, you consent to Ooka’s collection, use and disclosure of your personal information in accordance with this Privacy Policy.

Please note that by refusing to provide personal information or by denying or withdrawing consent to use or disclose personal information for purposes identified in this School Use Privacy Policy, you may be unable to participate in certain programs or activities sponsored by Ooka.

 

1 Student usernames are considered personally identifiable only when real full names are used. See also: Best practices and suggested internal controls below.