Description of the purpose(s) for which Return To Venice, LLC will receive/access PII

Return to Venice, LLC (RTV) has created an immersive, social studies digital program entitled “In the Footsteps of History” for K-12 standards-aligned educational purposes. RTVs dashboard integrates with multiple other known platforms for SSO and rostering. Student first name, last name and email address and teacher first name, last name, and email address may, subject to either LMS integration processes or manual roster uploads, be used for the purposes of logging into the RTV dashboard and licensing students so that all proprietary games, activities and pedagogy relating to our programming may be accessed by those students and teachers. Student identification is also associated with any student work assignment submissions to allow Teachers to easily associate the work with the student. RTV does not have access to any user-created passwords used to access our dashboard.

Subcontractor Written Agreement Requirement

RTV does not currently utilize subcontractors. In the event that it shall in the future, a written contract shall be issued requiring the subcontractors to adhere to, at a minimum, materially similar data protection obligations imposed on RTV by state and federal laws and regulations, and the Contract.

Data Transition and Secure Destruction

Upon expiration or termination of the Contract, RTV shall securely delete and destroy all data. Upon request by the Educational Agency (EA) RTV shall securely transfer data to EA, or a successor contractor at the EA’s option and written discretion, in a format agreed to by the parties.

Challenges to Data Accuracy

Parents, teachers, or principals who seek to challenge the accuracy of PII will do so by contacting the EA. If a correction to data is deemed necessary, the EA will notify RTV. RTV agrees to facilitate such corrections within 21 days of receiving the EA’s written request.

Secure Storage and Data Security

PII will be stored and protected using both RTV-owned and hosted solutions and third party cloud or infrastructure owned and hosted solutions. by third parties. Third parties currently include Cloud66, Inc., DigitalOcean, LLC and Ednition (1Edtech partner).

Data security and privacy risk mitigation processes

RTVs proprietary dashboard is owned and controlled by RTV and hosted on Cloud servers (Cloud66 and DigitalOcean). All authorization for student access is conducted internally through RTVs proprietary in-house controlled software. For the sake of clarity, the hosting provider cannot access the servers or any of the data on those servers that they provide to RTV.

Encryption

Data will be encrypted while in motion and at rest.

Data Security Implementation

RTV employs a continuous compliance program including: regular security assessments, ongoing policy updates, consistent monitoring, periodic compliance audits, and enforcement of all data protection controls throughout the contract lifecycle.

Safeguards & Practices

RTV employs a continuous compliance program including: regular security assessments, ongoing policy updates, consistent monitoring, periodic compliance audits, and enforcement of all data protection controls throughout the contract lifecycle.

Training Program

All employees and contractors are provided with privacy training documents published by the U.S. Department of Education’s Privacy Technical Assistance Center (PTAC), including Protecting Student Privacy While Using Online Educational Services and Best Practices for Data Destruction.

Written agreements include confidentiality terms, data handling requirements, security obligations, incident reporting protocols, and compliance enforcement procedures. All agreements are legally reviewed and tracked.

Incident Management

RTVs incident response plan includes: breach detection, documented response procedures, investigation protocols, and post-incident analysis processes.

Data Transition

Data transition follows a documented protocol: inventory verification, secure transfer in agreed format, transfer confirmation, and transition completion certification.

Data Destruction

Secure destruction process includes: data identification, secure deletion using industry standards, and formal certification of destruction per US Department of Education’s PTAC Best Practices for Data Destruction.

Policy Alignment

RTVs policies align with EA requirements through regular policy review, gap analysis, compliance mapping, and policy update processes.