PASCO scientific is fully compliant with California's Student Online Personal Information Protection Act ("SOPIPA"), the Family Educational Rights and Privacy Act ("FERPA"), Children's Online Privacy Protection Act (COPPA), and California Assembly Bill ('AB') 1584 found in California Education Code section 49073.1. (Full details about our compliance with AB 1584 are available)

How do we comply?

Except for two rare exceptions (see directly below), PASCO scientific does not track, collect or store any personal information about any student anywhere at PASCO, including our website or in any of our systems/databases. Our software does not collect any personal identifiable information from students, nor does it include any advertising.

Exceptions

In regards to earlier version e-book downloads (Essential Physics 1st and 2nd Edition), where the purchaser inputted the student's name during the purchasing check-out procedure, PASCO maintains a user login record of e-book access in its secure server with limited employee access. This information is available for review upon request. All current and future version e-book download users are assigned an anonymous identification number without any personally identifiable information associated with it.

In regards to software application crashes, the software will request that the user send a crash report to PASCO. The crash reporting is optional. If the user elects to send the report, it is sent to PASCO via email. The email will contain the email address of the sender. For more information, see our Software Privacy Policy.

Regarding any personal data associated with the two limited exceptions, the data is fully secured and never shared. Note that the data is retained only for education purposes to improve our software and services.

3^rd Party Access/3^rd Party Service Providers

PASCO prevents 3^rd parties from accessing or utilizing any Student Record under PASCO's control (internal network) except for the following:

• Data Base consultants under contract/NDA.
• Outside Auditors such as ISO 9001 under strict supervision.

PASCO utilizes 3^rd party services such as Google Apps, Google Play, etc. However, these providers have no access to PASCO's secure network, and users provide information at their own discretion (account setup, etc.). PASCO urges parents who purchase products through these sites not to disclose their student's personal identifiable information.

School Rights/Parents Rights

Any and all Student Records provided to PASCO, or to which PASCO has been granted access, are and shall remain the sole property of the School District or educational agency (collectively, 'School District') that provided or granted access to such records.

Parent and Student Review Procedures: As stated above, PASCO does not store any personally identifiable information in regards to Student Records except for e-book downloads where the purchaser inputted the student's name during the purchasing check out procedure. This log information is available for review upon request. Furthermore, any future applications that have access or use of student data will be available for review upon request.

Schools have the right to review, have deleted and/or refuse to permit further collection or use of the student's information upon request.

PASCO will allow for inspection, review and amendment or changes to student data via an authorized written request from a school addressed to the PASCO Privacy Officer. Contact information is noted below under the Questions/Complaints section.

Data Security

PASCO's general practices related to data security and integrity including any breach of data;

I.E. Security and Confidentiality of Customer information:

PASCO has a secure server with limited employee access.

The PASCO internal network is a private network accessible by employees only (by a user name and login password). It is a VPN (Virtual Private Network). The VPN is an SSL (Secured Socket Layer) encrypted network.

The PASCO general website is 'https' (Hyper Text Transfer Protocol Secure) encrypted. The 'S' at the end of HTTPS stands for 'Secure'. It means all communications between your browser and the website are encrypted.

Education/Employee Training:

PASCO provides data privacy and security training to all company employees responsible in whole or in part for design, production, development, monetization and operations of their products and employees who are directly or peripherally involved in collection, use, storage, disclosure or other handling of student identifiable data. Training is required to be conducted a minimum of one time per year.

Unauthorized Disclosure/Data Breach:

In the unlikely event any Student Records are inadvertently compromised via an outside data breach or for any other reason, PASCO shall notify the School District that owns such records immediately upon the discovery of such inadvertent disclosure. The School District may in turn notify affected parents, legal guardians, or eligible students as the School District deems appropriate.

Other Security Measures:

PASCO conducts background checks on all employees who have access to student data.