Privacy Policy
Clevr is committed to the protection of personal information collected and used in the course of its business activities. Clevr will only collect and use the minimal information necessary to provide our clients the level of service needed. The data collected is limited to that required for our clients to access and use the Clevr software.
The 10 PIPEDA principles and Clevr’s policies with regard to these principles can be found below:
Principle 1: Accountability
An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization’s compliance with the 10 PIPEDA principles.
In accordance with the accountability principle, the following contact has been designated the privacy officer:
Kari Fraser Park
Co-Founder, Clevr
(P) 613.966.6806
(C) 613.848.0434
kfraser@clevr.ca
All privacy concerns related to Clevr processes, software features or functionality should be addressed to Clevr’s privacy officer.
Principle 2: Identifying Purposes
The purposes for which personal information is collected shall be identified by the organization at or before the time the information is collected.
In accordance with this principle:
Clevr collects data for the purpose of providing access to our clients so that they may execute their duties with regards to their functions.
In partnership with our clients, Clevr identifies changes in data collection when the integration definitions change from the client’s source systems.
Principle 3: Consent
The knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate.
In partnership with the school boards, Clevr works with selected board members to gather the appropriate minimal information to access the Clevr software. Consent is not required as the information collected to access the system is not considered personal.
Principle 4: Limiting Collection
The collection of personal information shall be limited to that which is necessary for the purposes identified by the organization. Information shall be collected by fair and lawful means.
Clevr’s solution ensures that minimal information is collected to access the clevr software.
Principle 5: Limiting Use, Disclosure, and Retention
Use
Only information required to effectively use Clevr and deemed necessary by the board’s Clevr implementation team and the privacy officer is transferred from the SIS server and hosted on the Clevr server.
It is Clevr’s policy to encrypt all user data files using AES 256 Encryption.
Disclosure
Teacher, client, and student data is never shared with third parties. Clevr does not sell, use or share student personal information or content for marketing or advertising purposes.
Retention
Backup archives are encrypted using AES 256 Encryption. These backups would be used to rebuild the Clevr server in case of disaster will contain archival data. Archives are retained in accordance with Clevr’s backup and retention policy. Clevr will delete personal information at the direction or request of the board.
Principle 6: Accuracy
Clevr software imports data regularly from the SIS of the school board. Data accuracy is provided from that upstream provider. Should a data inaccuracy be identified, Clevr will notify the provider and initiator immediately. When Clevr has been notified of the correction, a new manual import will be initiated.
Should an individual request access to the data on the Clevr servers, the Clevr privacy officer will collaborate with the individual to work with the board to ensure access to, and accuracy of, stored data as chosen by the board’s information privacy officer.
Principle 7: Safeguards (Data Security)
Clevr maintains numerous safeguards on the personal data that is hosted on the servers. These safeguards include but are not limited to:
Encryption
- Data is encrypted both in transit and at rest
Virtual Private Networks
- Clevr data and system backups are stored in regional centres. For US customers, data and backups reside in the US regional data centers. For Canadian customers, data and backups reside in the Canadian regional data centers. The data centres are fully redundant with multiple data centres within the respective country.
Backups
- All data is suitably backed up in accordance with Clevr’s disaster recovery plan
User Account Access
- All users are granted access through assigned, monitored user accounts
Login Names and Passwords
- Login names and passwords are controlled by Clevr
- Strong password policy
Employee Training and Awareness
- Upon hire and annually
Principle 8: Openness
An organization shall make readily available to individuals specific information about its policies and practices relating to the management of personal information.
For all information privacy inquiries, please contact the privacy officer.
Kari Fraser Park
Co-Founder, Clevr
(P) 613.966.6806
(C) 613.848.0434
kfraser@clevr.ca
Principle 9: Individual Access
Upon request, an individual shall be informed of the existence, use, and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
For all information privacy inquiries, please contact the privacy officer.
Kari Fraser Park
Co-Founder, Clevr
(P) 613.966.6806
(C) 613.848.0434
kfraser@clevr.ca
Data stored on the Clevr servers is directed and chosen by upstream data providers. Should an individual request access to the data on the Clevr servers, the Clevr privacy officer will collaborate with the individual to work with the board to ensure access to, and accuracy of, stored data as chosen by the board’s information privacy officer.
Any requests to Clevr for access to data stored on the server will be directed to the Clevr privacy officer. The privacy officer will:
- Authenticate the identity of the requester.
- Contact the requester to co-ordinate the data request.
- If required the privacy officer will coordinate a request to the source school board’s privacy officer and facilitate an individual access request.
Principle 10 Challenging Compliance
An individual shall be able to address a challenge concerning compliance with the above principles to the designated individual or individuals accountable for the organization’s compliance.
For all compliance policy challenges or inquiries, please contact the privacy officer.
Kari Fraser Park
Co-Founder, Clevr
(P) 613.966.6806
(C) 613.848.0434
kfraser@clevr.ca
Clevr maintains a full suite of policies that pertain to data and security.
Privacy Policy Statement of Changes
As deemed necessary by the Privacy Officer, this policy will be updated. The Privacy Officer has the sole ownership of this document. Such changes may or may not be required to be communicated outside of Clevr. It is the responsibility of the Privacy Officer to distribute the revised policy as appropriate.
Revision: 20200515