Student Data Privacy Policy

INTRODUCTION

PK-12 Virtual Academy, a Florida-based virtual school, is committed to upholding the privacy and data security of our students, parents, and guardians. This comprehensive policy explains what personal data we collect, why we collect it, how we use it, and with whom it may be shared. It also outlines the rights of students and parents regarding their personal data. By accessing or using any PK-12 Virtual Academy service, platform, or application, you agree to the terms of this Privacy Policy.

We recognize the importance of protecting sensitive data in an increasingly digital world. Our policy reflects a commitment to ethical data use, transparency, and robust digital safeguards.

LEGAL COMPLIANCE

PK-12 Virtual Academy adheres to all federal and Florida state laws and regulations, including:

• Family Educational Rights and Privacy Act (FERPA)
• Children’s Online Privacy Protection Act (COPPA)
• Protection of Pupil Rights Amendment (PPRA)
• Florida Education Statutes
• General Data Protection Regulation (GDPR) – when applicable
• California Consumer Privacy Act (CCPA) – when applicable
• Student Online Personal Information Protection Act (SOPIPA)
• Health Insurance Portability and Accountability Act (HIPAA) – when applicable

DEFINITIONS

• Personal Data: Any data that identifies or could reasonably identify a student or guardian (e.g., name, student ID, IP address, photo).
• Aggregated Data: Data combined from many individuals and stripped of identifying information.
• De-identified Data: Data from which personal identifiers have been removed.
• Directory Information: Data that can be released without prior consent unless opted out, such as honors and awards.
• Biometric Data: Physical characteristics used for identification, such as fingerprints or facial recognition (not collected unless explicitly stated).

TYPES OF DATA WE COLLECT

• Student and Parent Contact Information
• Student ID Numbers and Education Records
• Attendance and Assessment Data
• Course Preferences and Performance
• Enrollment and Demographic Data
• Special Program Indicators (IEP, ELL, etc.)
• Student Work and Communications
• Device and Browser Data (via cookies)
• Behavioral, Conduct, and Discipline Reports
• Application and Learning Management System Usage Data
• Survey Responses and Feedback
• Emergency Contact and Health Information (if applicable)

HOW DATA IS COLLECTED

• During registration and enrollment
• Via educational platforms and tools
• Through communications (phone, email, social media)
• Automatically from devices (cookies, analytics)
• From prior schools and public education systems
• From surveys, assignments, and assessments
• Through optional programs and consent forms

PARENTAL CONSENT

Parental or guardian consent is required for students under the age of 18 or those not legally eligible to give consent. We strictly comply with COPPA for students under 13 years of age. Eligible students may exercise control over their records once they turn 18. ” A Parentally placed private school student with a disability does not have an individual right to receive some or all of the special education and related services that the student would receive if enrolled in a public school under the Individuals with Disabilities Education Act“

Consent is also required for:

• Participation in optional programs
• Media release (photos/videos)
• Research or survey participation

DATA USE AND PURPOSE

• Educational instruction and personalized learning
• Legal compliance and accountability reporting
• Assessments and progress tracking
• Enrollment verification and records management
• Communication between school, students, and parents
• Academic improvement, research, and analytics
• Emergency notifications and health/safety interventions
• Course placement and guidance counseling

WHAT WE DO NOT DO

• We do not sell personal data.
• We do not use data for third-party advertising.
• We do not publish student data without written consent.
• We do not disclose data beyond what is legally required.
• We do not track or profile students beyond educational interests.
• We do not store data beyond legal retention periods.

COOKIES & DEVICE DATA

We use cookies to enhance site functionality, monitor performance, and troubleshoot issues. We do not use cookies for targeted advertising. Cookies may be session-based or persistent and may collect device information such as:

• IP address
• Browser version
• Operating system
• Login timestamps

THIRD-PARTY ACCESS & SHARING

We may share information with:

• Educational service providers (bound by contract)
• State and federal education departments
• Law enforcement (under court order or legal necessity)
• Emergency response or medical personnel in critical cases
• Technology providers supporting school infrastructure
• Legal auditors, regulatory reviewers, and accreditation agencies

STUDENT RIGHTS

• Access and Review: Students and parents may inspect and review education records.
• Correction: Request corrections to inaccurate or misleading records.
• Withdrawal of Consent: Opt-out of optional data sharing at any time.
• Data Portability: Request transfer of transcripts or records.
• Erasure: Request deletion when legally permissible.
• File a Complaint: Contact the U.S. Department of Education for FERPA violations.
• Non-Discrimination: No student will be penalized for exercising privacy rights.

DATA RETENTION

We retain student data as required by:

• Florida Department of Education
• Federal privacy and educational statutes
• Internal school policies on transcript and academic history retention

Special programs (e.g., IEP, ELL, health) may have specific retention requirements. Data no longer needed for educational or legal purposes is securely deleted.

SECURITY MEASURES

• Multi-factor authentication and access controls
• Encrypted data storage and secure transmission
• Background checks for staff and contractors
• Privacy and security training for all employees
• Regular vulnerability assessments and penetration testing
• Comprehensive incident response plans
• Daily data backups and secure off-site storage
• System monitoring and intrusion detection software

RESEARCH & ANALYTICS

We may use de-identified or aggregated data for educational research and improvement. Any research involving personal information will require separate written consent. We do not share data with unaffiliated researchers without a signed data-sharing agreement and institutional review board (IRB) approval when applicable.

MEDIA & COMMUNICATION CONSENT

No student media (photos, videos, audio) will be published without prior written consent. Parents and students can opt in or out of:

• Yearbook or award acknowledgments
• School promotional materials
• Social media content (internal and external)

INCIDENT RESPONSE

In the event of a data breach:

• Affected parties will be notified promptly (within 72 hours of confirmation)
• Incident logs and investigative details will be documented
• Corrective and preventive actions will be implemented immediately

CONTACT INFORMATION

For privacy concerns or assistance with exercising your rights:

PK-12 Virtual Academy
Attn: Privacy Office
Email: privacy@pk12virtual.com
Phone: 954-224-9699
Website: www.pk12virtual.com

For formal complaints related to FERPA violations, contact: U.S. Department of Education
Student Privacy Policy Office
400 Maryland Avenue SW
Washington, D.C. 20202-8520
Website: https://studentprivacy.ed.gov

Thank you for trusting PK-12 Virtual Academy with your child’s education and data protection.