www.pendalearning.com is owned and operated by Learning 2020, Inc. Penda Learning is a cloud-based instructional management system and configurable gaming network for educational purposes. The platform provides a full suite of instructional management tools. Students, teachers and school/district administrators can access Pendalearning.com through an account created via their school or school district’s account.
- Learning 2020, Inc., DBA Penda Learning, is a registered corporation, FEI/EIN Number 84-2197909, with registered address: Learning 2020, Inc., 2400 SE Federal Highway, Fourth Floor, Stuart, FL. 34994
- Penda Learning is registered with the State of Florida - Department of State: Document Number P19000050555
- All data is held within Amazon Web Services
- You retain full control over what data we can access
- All data is transmitted using SSL/TLS encryption
- Data at rest is encrypted with AES
- All data is processed for the purpose of running Penda Learning
- All personal data is anonymized or deleted (your choice) at the end of the school’s subscription - if we receive no instructions, we anonymize all data within 90 days
Penda Learning requires schools, districts, or teachers (on behalf of the parents or legal guardians of students under the age of 13) to provide consent for the online collection of personal information of the student under the age of 13 through Penda Learning. In order to register to use Penda Learning, students must use an access created and provided to them by their school district.
What data does Penda Learning require schools to share?We require all schools to share learner first and last name, grade level, gender, date of birth, student ID number, and classes. This data is needed in order to properly provision learner accounts as well as Penda Learning services.
In addition to the above data, a school may choose to share data on the following learner characteristics: lower quartile, students of economic disadvantage, English limited language, students with disabilities, and ethnicity status. This data is needed to allow filtering and analysis based on these learner characteristics. Specifically, for schools on a Response To Intervention (RTI) contract, this includes enabling advanced functionality as listed:
- Advanced learner data filters for progress-monitoring enabled
- Teacher/school admin detailed customized reports enabled, including an intervention-focus report
Teachers and school administrators who wish to use Penda Learning are required to share their first and last name, job title and email address. This data is needed in order to properly provision teacher/admin accounts as well as Penda Learning services.
We also store the address and contact details of the school.
How is this data gathered by Penda Learning?Learner data is shared one of three ways over which the district and/or school has full control:
- A District/School Administrator manually uploading a data file to our secure servers by SSL 3.3/TLS 1.2 encryption
- A District/School IT Manager authorizing, installing and provisioning a custom student information system (SIS) application that, once setup, automatically syncs via SFTP to our secure servers by SSL 3.3/TLS 1.2 encryption
- A District/School IT Manager installing and authorizing an auto data-rostering application (such as ClassLink) that, once set up, automatically syncs nightly to our secure servers by SSL 3.3/TLS 1.2 encryption.
Teacher and school administrator data is inputted manually by the user as part of their registration process.
What is the lawful basis for storing this data?This data is required for learners, teachers and school admin to be able to use the Penda Learning platform for intervention support, supplemental curriculum support, classroom use and homework, in accordance with the school’s contractual agreement with Penda Learning.
Where and how is this data stored?The data is stored on Penda Learning’s servers in data centers in Virginia, USA, provided by Amazon Web Services (AWS). AWS data centers are compliant with the international information security standard, ISO 27001.
For more information about AWS’s ISO 27001 certification, please VISIT THIS WEBPAGE.
For more information about AWS security, please VISIT THIS WEBPAGE.
In choosing AWS to store data, Penda Learning is subject to its Shared Responsibility Model. The division of these responsibilities and how Penda Learning specifically meets those responsibilities as an AWS customer is outlined below:
|Responsibility of Penda Learning
|Responsibility of Amazon Web Services
Preventing or detecting when an AWS account has been compromised:
Preventing or detecting a privileged or regular AWS user behaving in an insecure manner
Configuring AWS services (except AWS Managed Services) in a secure manner:
Restricting access to AWS services or custom applications to only those
Updating Guest Operating Systems and applying security patches
Ensuring AWS and custom applications are being used in a manner compliant with internal and external policies
Ensuring network security (DoS, MITM, port scanning)
|Configuring AWS Managed Services in a secure manner
|Providing physical access control to hardware/software
|Providing environmental security assurance against things like mass power outages, earthquakes, floods, and other natural disasters
|Protecting against AWS zero day exploits and other vulnerabilities
|Business continuity management (availability, incident response)
Related to disaster recovery, how is data backed up?Data is backed up daily by AWS Virginia, USA data centers. All backups are encrypted and are stored for 30-days.
How is data encrypted between the clients and your AWS servers? Which version(s) of SSL/TLS and other encryption are supported?Data is encrypted using SSL 3.3 / TLS 1.2 encryption between clients and our AWS servers.
Are Penda Learning personnel background checked?All Penda Learning personnel are background checked, including criminal history, and legal employment within the United States upon employment commencement. Additionally, all Penda Learning personnel working within schools are background-checked and finger-printed, maintained by the State of Florida. Annually, personnel are checked/verified as part of internal HR processes and Penda Learning audit processes.
Do you share our school data with any third-party organizations?We share limited data with our customer support software, ZenDesk, including teacher and school admin’ names, school names and email addresses. This allows us to help with any technical problems or support requests quickly and easily, via email, by telephone or by an online chat system.
We do not share learner data with ZenDesk unless a learner emails us directly, in which case we store their first and last name, school name and email address. ZenDesk is based in the USA.
For our digital marketing (email campaigns) system, we use MailChimp. We share limited data with MailChimp, including teacher and school admin first and last names and email addresses. This allows us to send communications regarding any platform downtime, scheduled maintenance, new features/functionality, platform enhancements, implementation strategies and support services available.
Emails contain tracking facilities within the actual email. Tracked activities include: the opening of emails; the clicking of links within the email content; times, dates and frequency of activity; how you access and view the emails (web browser version, OS version). You have the right to opt out of digital marketing (email campaigns) at any time: you can opt out using the ‘Unsubscribe’ link at the bottom of each email we send or you can email firstname.lastname@example.org and request to be removed. MailChimp is based in the USA.
For our customer relation management system, we use Solve360 and store a history of your district/school’s contractual relationship with Penda Learning, including subscription history, product history, data upload history and a record of communications with Penda Learning. Solve360 is based in the USA.
Four our accountancy system, we use QuickBooks by Intuit. We store school addresses, the name and email of our contacts (e.g. finance office), invoices/ transactions, payment terms and payment history. Intuit is based in the USA.
How long will the data be kept?During the subscription period, if a learner is withdrawn, their account and all associated data is anonymized within 90 days. All personal data is anonymized or deleted (your choice) within 90 days after the school subscription ends - if we receive no instructions, we anonymize all data within 90 days.
Upon request, we can destroy a school’s data within 24 hours.
How will the data be anonymized?Learner, teacher and admin (school admin) data will be anonymized as follows:
Learner first names are replaced with ‘Anonymous’ and last names are replaced with ‘Learner-’ along with a random string of 6 numbers/letters. For example, Albert Einstein would become ‘Anonymous Learner-BFHPIL’. This is carried out so that we can continue to improve our understanding of program efficacy and impact evaluation, while ensuring anonymity. Below is a full listing of learner data fields and treatments applied:
|Regenerated using new random DoB and Anonymized name
|Memorable question answer
|Penda Learning activity scores
|Penda Learning points earned
|Gamification: avatar and clothes
|Reset to default
|Gamification: World buddies
|‘Learner-’ + 6-character randomized string of numbers and/or letters
|Date of birth
|Randomized (with parameter that new learner age must be between 7 and 40)
|Student ID number
|‘Reg group-’ + 6-character randomized string of numbers and/or letters
|‘Class-’ + 6-character randomized string of numbers and/or letters
Teacher first names are replaced with ‘Anonymous’ and last names are replaced with ‘Teacher-’ along with a random string of 6 numbers/letters. For example, Johnny Appleseed would become ‘Anonymous Teacher-HLZWQY’. Below is a full listing of teacher data fields and treatments applied:
|‘Teacher-’ + 6-character randomized string of numbers and/or letters
|Link between teacher and subjects deleted
|‘Class-’ + 6-character randomized string of numbers and/or letters
|‘Group-’ + 6-character randomized string of numbers and/or letters
|‘Task-’ + 6-character randomized string of numbers and/or letters
|Regenerated using Anonymized name
School Admin Accounts
School admin first names are replaced with ‘Anonymous’ and last names are replaced with ‘Admin-’ along with a random string of 6 numbers/letters. For example, Johnny Appleseed would become ‘Anonymous Admin-VBXMPZ’. Below is a full listing of admin account data fields and the treatments applied. Any additional teachers who have an account with admin permissions are treated the same as a standard teacher account (above).
|‘Admin-’ + 6-character randomized string of numbers and/or letters
|Retained as ‘Admin’
On request we can delete all data, removing it from our servers completely.
What other information do you store about users once they use Penda Learning?We store information about their use of Penda Learning.
For learners, we store their total platform usage (hours:minutes), activity history, activity scores, Penda Learning gamification points earned, gamification trophies earned, gamification avatar clothes selected and gamification Penda World buddies selected.
For teachers and school admin we store the date they last logged in, total number of logins since the beginning of the academic year, total number of assignments set, classroom intervention groups created and activities they have created using our authoring tool Activity Builder.
For the purpose of improving and enhancing its service, Penda Learning collects and analyzes data on how the platform used in the aggregate (how groups of people use Penda Learning). As true of most Web Sites, we gather certain information automatically and store it in log files. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data. We also use tracking technologies from third party service providers (as described below) to gather information regarding the date and time of your visit and the information you interacted with. We may link this automatically collected data to personally identifiable information. We do not share this information with third parties - for more information on third party service providers, see section below.
Information on individual usage of the system, including but not limited to individual IP addresses, may be analyzed on a case-specific basis to resolve a technical difficulty or to assist in resolving or investigating any misuse of the service; also, such individual usage information may be furnished to your school if your school requests such information to assist in the investigation of fraudulent, abusive, or criminal activity or any other use of Penda Learning that violates your school’s rules or policies.
What is your policy for serious incidents such as data breaches?Should a school or subject (user) report a serious incident, such as a data breach, or should a serious incident be identified by Penda Learning, we will notify the impacted school’s school admin and any affected subjects within 48 hours. Following Penda Learning’s internal data breach protocol, we will work closely with all subjects impacted to minimize the incident and ensure it is fully resolved. To report a concern or possible incident involving Penda Learning, SUBMIT A SUPPORT TICKET, email email@example.com or call Penda Learning Customer Support at 1-888-919-0404 Monday-Friday from 8:00 a.m. to 5:00 p.m. ET. Should any issue not be resolved, they can be escalated to the Chief Executive Officer, Brad Baird, via firstname.lastname@example.org.
What are cookies and how do you use them?Cookies are small text files that are set by a website or app operator so that your browser or device may be recognized. Cookies track, save and store information about your interactions with and usage of a website. Penda Learning uses technologies such as cookies, beacons, tags and scripts. These technologies are used to make it easier for you to navigate our site, to store your passwords so you don’t have to enter it more than once, analyzing trends, administering the site, tracking users’ movements throughout the site and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis. Technologies such as cookies, beacons, tags and scripts are used by Penda Learning and our tracking utility partners who provide online customer support and video management. These technologies are used to make it easier for you to navigate our site, to store your passwords so you don’t have to enter it more than once, analyzing trends, administering the site, tracking users’ movements throughout the site and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis.
Penda Learning uses Dynatrace, which is an analytics service used to help analyze your use of our App and to improve it. We use the information we get from Dynatrace only to improve our App and our Services. Dynatrace does not share your information with any other third parties.
If you don’t want cookies to be stored on your device, you should make the necessary changes to your device, relevant browsers or apps.
How can access be revoked for members of staff who have left a school? District and/or School Admin with an active Penda Learning admin account can make a member of staff inactive, which will prevent them from having access to Penda Learning.
- Sign into the Penda Learning admin account
- Click ‘Profile’
- Click ‘Teacher Data’
- Find the member of staff from the list
- Change the corresponding bubble from ‘Active’ to ‘Inactive’
- Click Save
On request we can delete a teacher or admin account, removing the teacher/school admin and their data from our servers completely, within 24 hours.
How can learner data be removed when the learner withdraws from the school?If your school elected to manually upload learner data: at any time school admin with an active Penda Learning admin account can delete learner accounts using the Learners page of Penda Learning. This prevents those learners from accessing Penda Learning and immediately deletes all of that learner’s data from our servers completely.
- Sign into the Penda Learning admin account
- Click ‘Learners’
- Find the learner from the list
- Tick the corresponding checkbox next to the learner’s last name
- Click ‘Delete Learner’ found at the bottom of the page
- Confirm your selection
- Click Yes
If your school elected to provision learner data via custom SIS integration or via an auto data-rostering service: during the subscription period, if a learner withdraws, their account and all associated data is automatically anonymized within 90 days. On request we can delete the learner, removing the learner and their data from our servers completely, within 24 hours.
How can I access my data/my child’s data?Parents have the right to refuse the site further contact with their child and to have access to their child’s information and to have it deleted by contacting the school administrator. Parents have the right to consent to the site’s use of the child’s personal information without having to consent to its disclosure of that information to third parties by contacting the school administrator.
If yours or your child’s personally identifiable information changes, or if you no longer desire our service, you may correct, update, or delete it by SUBMITTING A SUPPORT TICKET or by emailing email@example.com. Upon authenticating the subject’s identity, we will correct, update, or delete all data we hold on the subject (or organization) within 30 days.
We will retain your information for as long as your account is active or as needed to provide you services. If you wish to cancel your account or request that we no longer use your information to provide you services, contact us at firstname.lastname@example.org. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
We reserve the right to modify this privacy statement at any time, so please review it frequently. If we make material changes to how we use your personal information or personal information collected from children under age 13, we will notify you prior to the change becoming effective, by email, by means of notice on our home page, and parents by email in order to obtain verifiable parental consent for the new uses of the child’s Personal Information if required.
DisclosureWe may disclose your or your child’s personally identifiable information in connection with business transfers and purchases. As we continue to develop our business we may buy or sell business divisions or companies, we may merge or combine with another company, or our company itself and/or all or a significant part of its assets may be acquired by another company. We may provide any information we have to a potential counter-party in any such potential transaction. If such a transaction is completed, your or your child’s personally identifiable information may be one of the transferred and shared business assets. In the event that information is shared in this manner, notice will be posted on our Site.
We may also share de-identified and/or aggregated data with others for their own uses.
We reserve the right to disclose your or your child’s personally identifiable information as required by law and when we believe that disclosure is necessary to protect our rights and/or to comply with a judicial proceeding, court order, or legal process served on our Web site.