Kimono gathers and stores four types of information:
• Student personal Information: personally identifiable information and other data about students associated with a school or other entity (the Organization) that utilizes Kimono’s Services.
• Other personal Information: personally identifiable information and other data about faculty, staff, parents and other people associated with a school or other entity (the Organization) that utilizes Kimono’s Services. Other personal information may become User personal data when staff becomes users of Kimono’s Services.
• User personal data: information about the users of our system - those people at a school or other entity (the Organization) who interact with Kimono LLC and who have account login credentials to access Kimono’s Services. These users use our Services on behalf of their Organizations and communicate with Kimono for business purposes.
• Kimono Business personal data: business-contact personal data which is not Student, Other, or User personal data. This includes people we serve or work with, actual and prospective customers, alliance and channel partners, contractors, vendors, and other parties interested in Kimono or its products and services.
For example, if a User works for a school and uses Kimono to send student records from one educational application to another, then that record information may include student names and other privacy-sensitive information; such records would constitute “Student Personal Information” while the User’s own name, email address, and password would constitute “User Information.” Records with personally identifiable information about parents or staff would be “Other Personal Information.” Personal data of an individual contacting Kimono for a demonstration and asking to be on the contact list for future events would be Kimono Business personal data.
How We Collect, Use, and Share Your Personal Data
Kimono uses Student and Other personal data to provide Kimono Services contracted for by Organizations. Other than as necessary to provide these services, we do not review it, we do not look at it, we do not copy all or any part of it. For sake of clarity, Student and Other personal data will not be reviewed, analyzed, or used by Kimono or its business partners and subcontractors for any data mining or marketing purpose, and we will only share this data with third parties as directed by the Organization.
Occasionally, while assisting a User, a Kimono employee may see or use specific Student or Other personal data to help diagnose a problem. Kimono will not record or keep that Student personal data apart from the Organization’s designated space in Kimono’s systems. Kimono employees are trained to not copy, transmit, share, or otherwise use that Student or Other personal data except while providing specific assistance to the User. Once the problem is resolved, Kimono deletes any personal data temporarily stored by the support person.
Kimono may gather User and Kimono Business personal data in the process of providing services to you, and/or through our website and marketing efforts. We may use your personal data to respond to your requests, tailor content for you, provide Services and/or information to you, market product, services, or events, verify your account and/or users, and other purposes. Kimono may share User and Kimono Business personal data as directed by the Organization or with your consent. We may also share this data with business partners, subcontractors, third party analytic providers, resellers, and law enforcement or government as required by law.
Accessing, Updating, and Removing Your Personal Data
Upon request, Kimono will provide you with information about whether we hold any of your personal data. We will respond to any request to access your personal data within 30 days.
If you have an account with Kimono, you can access, correct, update, or request deletion of your personal data accessible at one of our accounts by logging into your account. If we communicate with you for marketing purposes, you may use the unsubscribe link in any email communication to ask us to discontinue emailing you for marketing purposes. Other requests for access, correction, amendment, restriction on use, or deletion should be sent to email@example.com. If your personal data is information provided to us by an Organization, you should direct your requests or questions about processing of personal data to the Organization.
Kimono takes strong, industry standard, commercially reasonable measures to protect the privacy of all persons associated with your efforts, especially personally identifiable information. User names and passwords are used as credentials for Users and Kimono employees with a need and proper authorization to access the Kimono Services. When using Kimono Services to share Student or Other personal data between software applications, we encrypt the transmissions. If you have any questions about our security, you can contact us at firstname.lastname@example.org.
If the United States Family Educational Rights and Privacy Act (FERPA) as amended applies to any of an Organization’s data, Kimono is to be considered that Organization’s agent. Under FERPA, Kimono LLC (“Kimono”) is an agent of the Organization (a school district or other education agency) for purposes of transmitting student records that include personally identifiable information. Kimono is a contractor as described in Title 34, Chapter 99 of the Code of Federal Regulations; the specific reference is 34 CFR 99.31(a)(1)(i)(B). FERPA allows the Organization to transmit such records via Kimono under certain conditions; the rest of this statement sets forth how Kimono meets those conditions. To see the requirements imposed on service providers, please review Responsibilities of Third-Party Service Providers under FERPA.
• As a contractor, Kimono has the right to transmit such records to fulfill the purposes for which the Organization has engaged Kimono’s services.
• The Kimono platform operates to transmit electronic information between other data systems, which are under the control or direction of the Organizaton.
• The Organization is responsible for setting internal policies to ensure FERPA compliance; Kimono is responsible for helping the Organization follow its policies when using Kimono services.
• Except for incidental viewing during extended system administration and troubleshooting tasks, a user of the Kimono platform’s web console does not typically see individual student records, Student personal information, or Other personal information.
• The Kimono platform isolates customers such that users from one Organization have no access to data from other Organizations except as authorized.
• Kimono trains its personnel to not disclose any data to any other party without the prior consent of the parent or eligible student, in accordance with 34 CFR 99:33(a).
• The Organization is responsible for securing the systems that exchange data with Kimono.
How to Contact Us
Chief Privacy Officer
35 West Broadway Suite 103
Salt Lake City, UT
Version 1.0; last modified 5/1/2018