The privacy of our clients’ data is paramount. In the course of providing services, we receive, store and manage data that may contain personally identifiable information that may be restricted from disclosure under one or more provisions such as FERPA (US Family Educational Rights and Privacy Act), or HIPAA (US Health Insurance Portability and Accountability Act) or rules such as COPPA (US FTC’s Child Online Privacy Protection Act). We treat ALL information from our clients as confidential. We protect client information with the same measures we use to protect our own information. We do not share any client information with anyone without express written permission from you.
1.1. Privacy compliance
1.1.1. Your data are considered to be confidential and will not be shared beyond CritiqueIt without your express written permission, as regulated by law.
1.1.2. We agree to comply with all state and federal privacy and security legislation as required by law.
1.1.3. The Confidentiality Agreement of the CritiqueIt Employee Handbook requires all CritiqueIt employees to protect Your Confidential Information and Your Covered Content from all unauthorized exposure as part of Our terms of employment. CritiqueIt employees must immediately report any observed, attempted or suspected security incidents to a CritiqueIt manager including theft, loss or misplacement of media, computing equipment or devices, unauthorized access or disclosure of information, or notification of malware on a CritiqueIt owned and/or managed system.
1.1.4. We will report, either orally or in writing, to You any use or disclosure of Your Confidential Information or Your Covered Content not authorized by this Agreement or in writing by You, including any reasonable belief that an unauthorized individual has accessed Your Confidential Information or Your Covered Content. We will make the report to You immediately upon discovery of the unauthorized disclosure, but in no event more than one (1) business day after We reasonably believe there has been such unauthorized use or disclosure. Our report shall identify: (i) the nature of the unauthorized use or disclosure, (ii) the Confidential Information or Covered Content used or disclosed, (iii) who made the unauthorized use or received the unauthorized disclosure, (iv) what We have done or will do to mitigate any deleterious effect of the unauthorized use or disclosure, and (v) what corrective action We have taken or will take to prevent future similar unauthorized use or disclosure. We will provide such other information, including a written report, as reasonably requested by You.
1.1.5. In the course of providing services during the term of this Agreement, CritiqueIt may have access to student education records that are subject to the US Family Educational Rights and Privacy Act (FERPA), 20 U.S.C. 1232g, et seq., to personal information that is subject to protections under the US Health Insurance Portability and Accountability Act (HIPAA), or to personal information that falls under the guidelines of the US Child Online Privacy Protection Act (COPPA). All such information is considered confidential and is therefore protected. To the extent that CritiqueIt has access to personal information under this Agreement, we are deemed a “school official,” as defined under FERPA, or as an “operator” under COPPA (FAQs Section M1-M5). We shall not use such personal information for any purpose other than in the performance of this Agreement. Except as required by law, we will not disclose or share personal information with any third party unless permitted by the terms of the Agreement or to subcontractors who have agreed to maintain the confidentiality of the personal information to the same extent required of Us under this Agreement.
1.1.6. In the event any person(s) seek to access Your Confidential Information or Your Covered Content, whether in accordance with FERPA, HIPAA, COPPA or other State, Federal, or relevant international law or regulations, we will inform You immediately of such request in writing if allowed by law or judicial and/or administrative order. We will not provide direct access to such data or information or respond to individual requests. We will only retrieve such data or information upon receipt of, and in accordance with, written directions by You and shall only provide such data and information to You. It shall be Your sole responsibility to respond to requests for data or information received by Us regarding Your data or information. Should We receive a court order or lawfully issued subpoena seeking the release of such data or information, We will provide immediate notification to You of receipt of such court order or lawfully issued subpoena and will immediately provide You with a copy of such court order or lawfully issued subpoena prior to releasing the requested data or information, if allowed by law or judicial and/or administrative order.
1.1.7. If we experience a security breach concerning any of Your Confidential Information or Your Covered Content, then we will notify You within 24 hours of discovery of the breach and take immediate steps to limit and mitigate such security breach to the extent possible.
1.2. Online engagement
1.2.2. Web beacons, tags and scripts may be used in our websites or in emails. These assist Us in delivering cookies, counting visits to our websites, understanding usage and campaign effectiveness and determining whether an email has been opened and acted upon. We may receive reports based on the use of these technologies by our service providers on an individual and aggregated basis.
1.2.3. We own and operate several online platforms, including but not limited to websites in the critiqueit.com domain, Facebook.com and Twitter.com. By tagging @, #, or other sponsored terms or by commenting, liking, posting or otherwise engaging with the CritiqueIt brand, You grant a nonexclusive, royalty-free, perpetual, transferable, irrevocable and fully sub-licensable right to use, reproduce, modify, distribute, publish, create derivative works from and publicly display such content that You post in any media, now known or hereafter devised, for any purpose. You also permit to use the name that You submit in connection with such content. The connecting content will be treated as non-confidential and non-proprietary. We take no responsibility for any content submitted by other users that uses the aforementioned terms or is otherwise submitted to and is not liable for said content.
1.3. Data storage and retention
1.3.1. Daily backups of systems, files and data will be done on a cyclical basis, so that any restoration of the system will not result in more than 24 hours of data loss provided We are notified immediately. CritiqueIt shall retain backup sets remotely for thirty (30) days after creation.
1.3.2. CritiqueIt shall maintain a separate Disaster Recovery Plan and share the appropriate elements of the Plan with You at Your request.
1.3.3. CritiqueIt’s data retention policy is part of our terms of service and ensures that We will securely transfer to You or You may securely retrieve a complete copy of Your Covered Content as long as you have paid all subscription fees, and that We will completely expunge Your Covered Content from all CritiqueIt Service servers within sixty (60) days after the Termination Date.
1.4.1. We will present evidence of General Liability Insurance–Limits of Liability $2,000,000 General Aggregate $1,000,000 Each Occurrence–combined single limit for bodily injury and property damage.
1.5. Changes to the policy
1.5.1. This policy may be updated from time to time. Updates will become effective as soon as they are published at www.critiqueit.com If there are any material changes to these policies, You will be notified by email prior to the change being published and becoming effective. Your continued use of CritiqueIt Services or websites constitutes your agreement to be bound by such changes to the policy. Your only remedy, if you do not accept the updated terms of a CritiqueIt policy, is to discontinue use of the CritiqueIt Service and CritiqueIt websites.
1.6.1. Confidential Information: means the information that you have provided to us as part of the contracting or purchasing process. By example, this would include names, addresses, email addresses, phone numbers, account numbers, purchase orders, and other information that is not included in Your Covered Content. Confidential Information would also include the terms and pricing of the CritiqueIt Service under this Agreement, Your Covered Content and all information clearly identified as confidential at the time of its disclosure.
1.6.2. Your Covered Content: means all CritiqueIt service data that you, your agents or your end users provide to us as part of the process of annotating and peer reviewing documents, and detecting and reporting plagiarism, as applicable. By example, this may include the student name or identifier, student email address, student submissions, course names, grades, comments and annotations that may be attached to report results.
1.6.3. Us, We, Our and related terms means the company named CritiqueIt, Inc. who developed and hosts the CritiqueIt Service, as represented by Our employees and independent contractors.
1.6.4. You, Your and related terms means the subscribing entity and all affiliated personnel who use the CritiqueIt Service. By example, You would mean the college, school district, university or company whose Agents and End Users access the CritiqueIt Service.
Last updated May 25, 2017