What information do we collect?
- We collect information from you when you register on our site, request more information, submit a donation, fill out an application to one of our schools, or fill out an application for a job at Success Academy.
- When donating or registering on our site, as appropriate, you may be asked to enter your name, email address, mailing address, phone number or credit card information. When applying to one of our schools, we will ask you specific questions about the applicant. Success Academy also stores your information when you request more information about Success Academy Charter Schools or register for an event.
- When filling out a job application, you will be asked to enter information related to your application, such as your name, address, and job history information. Success Academy’s Career Site also stores your information when you subscribe to job alerts, join Talent communities, or upload your resume.
- You may, however, visit our site anonymously.
What do we use your information for?
Any of the information we collect from you may be used in one of the following ways:
- To personalize your experience and improve our website
- To improve customer service
- To process transactions
- To send periodic emails, text messages, or mailings
- To process your online application into our lottery for admission to our schools
- To process your online job application
- To help us understand your interests and find like-minded audiences
The email, mailing address, and phone number you provide may be used to send information and updates pertaining to your donation or your application, in addition to receiving occasional organizational news.
Note: If at any time you would like to unsubscribe from receiving future emails or text messages, we include an unsubscribe link at the bottom of each email we send, and you may reply with STOP to any mobile message sent from us. Message and data rates may apply.
How do we protect your information?
We implement a variety of security measures to maintain the safety of your personal information when you submit a donation.
These security measures include: password protected directories and databases to safeguard your information and TLS (Transport Layer Security) technology to ensure that your information is fully encrypted and sent across the Internet securely and to actively protect our servers from hackers and other vulnerabilities.
We offer the use of a secure server. All supplied sensitive/credit information is transmitted via Transport Layer Security (TLS) technology and then encrypted into our Payment gateway providers database only to be accessible by those authorized with special access rights to such systems, and are required to keep the information confidential.
After a donation transaction, your private information (credit cards, social security numbers, financials, etc.) will not be stored on our servers.
Yes. Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your Web browser (if you allow) that enables the sites or service provider’s systems to recognize your browser and capture and remember certain information.
We also use web beacons in conjunction with cookies to help us gather additional information about your visit to our website.
To learn more about the cookies we use on the Success Academy Career Site, please visit here.
Do we disclose any information to outside parties?
We do not sell your personally identifiable information. We may share information with third parties to further Success Academy Charter Schools’ purposes or mission. We work with several trusted third parties who assist us in operating our website, conducting our business or market research, or servicing you. These parties agree to keep all information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others rights, property, or safety. Non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
This policy was last modified in January 2022.
Providing students with a safe and welcoming physical and virtual environment that enables learning at the highest levels is a key component of the mission of Success Academy Charter Schools – NYC (“Success Academy”). Success Academy is committed to promoting sound practices and policies that will strengthen data privacy and security at schools.
“Eligible student” means a student eighteen years or older.
“Parent” means a parent, legal guardian, or person in parental relation to a student.
“Student” means any person attending or seeking to enroll in a Success Academy school.
“Student PII” is personally identifiable information from a student’s education record, including, but not limited to, the student’s name, the name of the student’s parent or other family members, the address of the student or student’s family, a personal identifier, such as the student’s social security number, student number, or biometric record, and other indirect identifiers, such as the student’s date of birth, place of birth, and mother’s maiden name.
“Teacher or Principal data” means personally identifiable information from the records of an educational agency relating to the annual professional performance reviews of classroom teachers or principals that is confidential and not subject to release under the provisions of Education Law Sections 3012-c and 3012-d.
How Does Success Academy Protect Student PII and Teacher and Principal Data?
Success Academy protects Student PII and Teacher or Principal Data by:
- Utilizing the National Institute of Standards and Technology’s Cybersecurity Framework v 1.1 (NIST Cybersecurity Framework) as the standard for its Data Privacy and Security Program.
- Not selling Student PII or Teacher or Principal Data nor using or disclosing it for any marketing or commercial purpose or facilitating its use or disclosure by any other party for any marketing or commercial purpose or permitting another party to do so.
- Taking steps to minimize its collection, processing and transmission of Student PII and Teacher or Principal Data.
- Ensuring that every use and disclosure of Student PII benefits Students and Success Academy (e.g., improves academic achievement, empowers Parents and Students with information, and/or advances efficient and effective school operations).
- Not including Student PII in public reports without permission by Parents. Success Academy at times may share pictures, video, and/or newsletters that celebrate the Success Academy community and Student achievements. Such media may contain Student names, images, or information pertaining to a Student’s achievement. Prior to sharing such information, Success Academy staff ensure that appropriate consent has been obtained from the Parent or Eligible Student.
- Ensuring that only authorized individuals are able to review a Student’s education records, and ensuring that this review is conducted in a confidential manner that protects the records from unauthorized access. Records may be viewed by authorized individuals in person in the Main Office of the applicable Success Academy school, or records may be delivered to authorized individuals by mail or by electronic transmission that is password protected and encrypted. School officials responsible for responding to requests for education records may only provide student education records to limited categories of individuals, including Parents and new schools of former Students, pursuant to written procedures. All other requests for education records are handled by legal counsel for Success Academy to ensure compliance with the Family Educational Rights Privacy Act (FERPA) and New York Education Law § 2-d.
- Taking steps to verify the identity of Parents or Eligible Students who submit requests to inspect and review an education record, and complying with a request for access to records within a reasonable period, but not more than 45 calendar days after receipt of a request.
- Requiring consent before sending records electronically to Parents or Eligible Students who submit requests, transmitting the records in a way that complies with State and federal law and regulations, and employing safeguards associated with industry standards and best practices, such as encryption and password protection, when education records requested by a Parent or Eligible Student are electronically transmitted.
- Not reporting to the New York State Education Department (“NYSED”), except as required by law or in the case of educational enrollment data, the following student data elements: juvenile delinquency records; criminal records; medical and health records; and student biometric information.
How Do Third Party Contractors Protect Information?
Third party contractors who have access to Student PII or Teacher or Principal Data must refrain from disclosing Student PII or Teacher or Principal Data without the express written permission of Success Academy, and refrain from using Student PII or Teacher or Principal Data on the contractor’s own behalf or on behalf of anyone other than Success Academy. Success Academy works with third party contractors to establish a data security and privacy plan and a contract that:
- Outlines how the third-party contractor will implement all state, federal, and local data security and privacy contract requirements.
- Specifies the administrative, operational and technical safeguards and practices it has in place to protect Student PII and Teacher or Principal Data.
- Specifies how the third party’s officers, employees, and assigns who have access to Student PII or Teacher or Principal Data will receive training on the laws governing confidentiality of such data.
- Specifies how the third-party contractor will identify and manage breaches and unauthorized disclosures of Student PII or Teacher or Principal Data.
- Includes a requirement to notify Success Academy of breaches and unauthorized disclosures of Student PII or Teacher or Principal Data and to pay for or promptly reimburse Success Academy for the cost of notification of such breach to Parents, Eligible Students, teachers, and/or principals.
- Describes whether, how and when data will be returned to Success Academy, transitioned to a successor contractor, or deleted or destroyed when the contract is terminated or expires.
- Includes a signed copy of the Parents’ Bill of Rights for Data Privacy and Security.
- States the exclusive purposes for which the Student PII or Teacher or Principal Data will be used.
- States if and how a Parent, Student, Eligible Student, teacher or principal may challenge the accuracy of the Student PII or Teacher or Principal Data that is collected.
- States where the Student PII or Teacher or Principal Data will be stored and how the data will be protected.
- Addresses how the data will be protected using encryption while in motion and at rest.
Third party contractors with access to Student PII or Teacher or Principal Data are obligated by New York Education Law § 2-d to:
- Adopt technologies, safeguards and practices that align with the NIST Cybersecurity Framework and maintain reasonable administrative, technical and physical safeguards to protect the security, confidentiality and integrity of Student PII or Teacher or Principal Data in its custody.
- Limit internal access to Student PII or Teacher or Principal Data to only those employees or subcontractors that need access to provide the contracted services.
- Not use Student PII or Teacher or Principal Data for any purpose not explicitly authorized in its contract.
- Not disclose Student PII or Teacher or Principal Data to any other party without the prior written consent of the Parent or Eligible Student: (i) except for authorized representatives such as a subcontractor or assignee to the extent they are carrying out the contract and in compliance with state and federal laws; or (ii) unless required by statute or court order and the third-party contractor provides a notice of disclosure to Success Academy no later than the time the information is disclosed, unless providing notice of disclosure is expressly prohibited by the statute or court order.
- Use encryption to protect Student PII or Teacher or Principal Data in its custody while in motion or at rest.
- Not sell Student PII or Teacher or Principal Data nor use or disclose it for any marketing or commercial purpose or facilitate its use or disclosure by any other party for any marketing or commercial purpose or permit another party to do so.
Training for Employees
Success Academy will annually provide data privacy and security awareness training to their officers and employees with access to Student PII or Teacher or Principal Data. Such training shall include but not be limited to training on the state and federal laws that protect Student PII and Teacher or Principal Data, and how employees can comply with such laws.
Data Protection Officer
Success Academy shall designate a Data Protection Officer to be responsible for the implementation of the policies and procedures required in Education Law § 2-d and to serve as the point of contact for data security and privacy for the educational agency. Success Academy’s Data Protection Officer shall have the appropriate knowledge, training and experience to administer the functions described in Education Law § 2-d and its implementing regulations. The Data Protection Officer may perform these functions in addition to other job responsibilities.
Reports and Notifications of Breach and Unauthorized Release of Student PII or Teacher or Principal Data
Success Academy shall:
- Report breaches or unauthorized releases of Student PII or Teacher or Principal Data to the NYSED Chief Privacy Officer without unreasonable delay, but no more than 10 calendar days after such discovery. “Breach” means the unauthorized acquisition, access, use, or disclosure of Student PII or Teacher or Principal Data by or to a person not authorized to acquire, access, use, or receive the Student PII or Teacher or Principal Data.
- Notify affected Parents, Eligible Students, teachers and/or principals in the most expedient way possible and without unreasonable delay, but no more than 60 days after the discovery or receipt of a report of a breach by a third party contractor. Notification may be delayed if it would interfere with an ongoing investigation by law enforcement or would disclose an unfixed security vulnerability, and Success Academy shall send notification within 7 days after the security vulnerability is fixed or the risk of interference with the law enforcement investigation ends.
Notifications required by this section shall:
- Be clear, concise, and use language that is plain and easy to understand.
- Include a brief description of the breach or unauthorized release, the dates of the incident and the date of discovery, if known, a description of the types of Student PII or Teacher or Principal Data affected, an estimate of the number of records affected, a brief description of the educational agency’s investigation or plan to investigate, and contact information for representatives who can assist Parents or Eligible Students that have additional questions.
- Be sent to affected Parents, Eligible Students, teachers or principals by email, telephone, or first-class mail to the last known address.
Parents’ Rights Under FERPA and Education Law § 2-d
Under the Family Educational Rights and Privacy Act (“FERPA”), Parents and Eligible Students have the rights set forth in Success Academy’s FERPA Notice.
Under New York state’s education law, Parents have rights regarding the privacy and security of their child’s Student PII, as set forth in the Parents’ Bill of Rights for Data Privacy and Security at https://develop.successacademies.org/privacy-policy/.
Parents’ Bill of Rights for Data Privacy and Security
Both state and federal laws protect the confidentiality of information about your child that identifies him or her. Such information is known as “personally identifiable information.” Under New York state’s education law, if you are a parent or legal guardian of a child currently or previously enrolled in a Success Academy school, you have the following rights regarding the privacy and security of your child’s personally identifiable information and data:
- Your child’s personally identifiable information cannot be sold or released for any commercial purposes.
- If your child is under age 18, you have the right to inspect and review the complete contents of your child’s education records.
- Safeguards must be in place to protect your child’s personally identifiable data when it is stored or transferred. These safeguards must meet industry standards and best practices. Examples of such safeguards include encryption, firewalls, and password protection.
- You have the right to make complaints about possible breaches of student data and to have such complaints addressed.
Complaints to Success Academy Charter Schools should be directed in writing to:
Data Protection Officer
Success Academy Charter Schools
95 Pine Street, Floor 6
New York, NY 10005
Success Academy will respond to complaints pursuant to these procedures. Complaints may also be submitted to NYSED at www.nysed.gov/data-privacy-security; by mail to: Chief Privacy Officer, New York State Education Department, 89 Washington Avenue, Albany, NY 12234; by email to [email protected]; or by telephone at 518-474-0937.
You can find a complete list of the types of student data elements collected by NYSED at www.nysed.gov/data-privacy-security, and by writing to: Chief Privacy Officer, New York State Education Department, 89 Washington Avenue, Albany, NY 12234.
Signed by: Data Protection Officer, Success Academy Charter Schools
SUPPLEMENTAL INFORMATION REGARDING THIRD-PARTY CONTRACTORS
In the course of complying with its obligations under the law and providing educational services, Success Academy has entered into agreements with certain third-party contractors. Each contract that Success Academy enters into with a third party contractor where the contractor receives personally identifiable information from student educational records or certain teacher or principal data will include the following information:
(1) the exclusive purposes for which the student data or teacher or principal data will be used;
(2) how the third party contractor will ensure that the subcontractors, persons or entities that the third party contractor will share the student data or teacher or principal data with, if any, will abide by data protection and security requirements;
(3) when the agreement expires and what happens to the student data or teacher or principal data upon expiration of the agreement;
(4) if and how a parent, student, eligible student, teacher or principal may challenge the accuracy of the student data or teacher or principal data that is collected; and
(5) where the student data or teacher or principal data will be stored (described in such a manner as to protect data security), and the security protections taken to ensure such data will be protected, including whether such data will be encrypted.