Last Updated: November 1, 2023
About This Statement
Marcia Brenner Associates, LLC (“MBA”, “we” or “us” or “our”) wants to make sure you understand how we collect and use personal information when you provide it to us through our web site, https://mba-link.com (the “Site”) or our mobile applications and/or by using our software products (individually and collectively, the “Services”).
Herein, the word “you” refers to adult individuals and to our customers, as appropriate to the context. The word “you” is not intended to refer to students. MBA’s statements in connection with the National Data Privacy Agreement are available on request. Please email email@example.com
Users of our software products (individual and collectively, the “Plugins”) must hold valid licenses and keep the software updated by paying for annual support. MBA EXPRESSLY DISCLAIMS ALL LIABILITY AND OBLIGATIONS ARISING FROM THE USE OF ANY PLUGIN BY UNLICENSED OR OTHERWISE UNAUTHORIZED USERS, AND FROM THE USE OF OUT-OF-DATE PLUGIN SOFTWARE. The definition of “Services” in this Privacy Statement is for purposes of convenience only, and does not affect the fundamental nature of Plugins as software products subject to licensing requirements.
MBA develops and licenses Plugins to enhance school districts’ use of the PowerSchool® Student Information System (“PowerSchool”). The Plugins that MBA makes available are listed here: https://mba-link.com/powerschool-plugins
This Statement does not apply to the privacy practices of PowerSchool Group LLC or any of its affiliates. This Statement does not apply to the privacy practices of any school district or MBA customer. For information about the privacy practices of any of the foregoing, please consult those entities’ specific, individual privacy statements.
This Statement does not apply to information collected directly or indirectly by our third party service providers, such as credit card processors. Our credit card processing provider is WePay. WePay is part of the JPMorgan Chase & Co. family of companies (“J.P. Morgan”). J.P. Morgan’s privacy statement is available here. MBA makes no representations regarding J.P. Morgan’s security policies or procedures. We encourage you to contact J.P. Morgan directly to obtain such information. WePay’s URL is: https://go.wepay.com.
If you provide your information directly to us, e.g., by visiting the Site, requesting information, purchasing Services, or otherwise communicating directly with us, we are considered a “data controller.” If you are a Plugin end-user and you are using a Plugin through our customer (you, your school or school district) we are considered a “data processor.”
YOUR USE AND ACCESS TO PLUGINS IS CONDITIONED UPON YOUR AGREEMENT WITH THIS PRIVACY STATEMENT, ALONG WITH THE APPLICABLE END USER LICENSE AGREEMENT. BY USING OR ACCESSING ANY PLUGIN YOU EXPRESSLY AGREE TO THE TERMS OF THIS PRIVACY STATEMENT, AS IT MAY BE AMENDED FROM TIME TO TIME. IF YOU DO NOT AGREE WITH THIS PRIVACY STATEMENT, PLEASE DO NOT USE OR ACCESS THE PLUGIN. PLEASE PRINT A COPY OF THIS PRIVACY STATEMENT FOR YOUR RECORDS.
The legal landscape governing privacy and data security changes rapidly and frequently. Accordingly, we are likely to change this Privacy Statement from time to time. When this happens, we will revise the “Last Updated” date on this page. We will not reduce or eliminate any of our material obligations under this Privacy Statement without your explicit consent. We encourage you to review this page periodically for the latest information on our privacy practices. Your continued use of the Services following the posting of changes to this Statement will mean that you accept such changes. If by law, regulation or contractual obligation you are required to receive advance notice of Privacy Statement changes, please contact us at firstname.lastname@example.org to arrange for advance notice.
The nature of the personal information we collect and how we use it depends on the context in which we collect the information.
Student Personal Information.
Excepting the information collected in connection with our mobile applications, described below, MBA relays but does not knowingly collect “Student Data” as that term is defined in the Student Data Privacy Consortium’s National Data Privacy Agreement (“NDPA”).
MBA is a data processor with respect to Student Data. Our customers (schools or school districts) are the data controllers with respect to Student Data. All Student Data remains the property of and is controlled by our customers. Excepting the Student Data we expressly identify herein as being retained by us: please contact your institution to exercise applicable rights of access, rectification, erasure, or restriction of use of Student Data.
MBA does not host the Plugins. The Plugins are not cloud-based and are not delivered or made available as “software as a service.” Upon execution of a customer’s End User License Agreement (“EULA”) the customer downloads an executable copy of the Plugin(s) to its own servers. The customer’s use of the Plugin(s) takes place on its own local servers.
We collect information from our customers that is necessary to provide the Plugin(s). The information collected depends on the specific Plugin and what is needed to integrate with the customer’s systems and to set up and maintain accounts and functionality. Such information can include customer account and technical information and employee account information including usernames, email addresses and titles.
PowerSchool transfers some information that is not Student Data, to our EZ Update server. EZ Update provides links to relevant Plugin documentation, notifies users when Plugin updates are available, and verifies that the customer has a valid license to use the Plugin. Such information includes school district name and number, state, country, enrollment count, PowerSchool version, information about installed MBA Plugins, and district schools in the PowerSchool environment.
We use the information collected to provide the features and functionality of Plugins, as well as to communicate directly with our customers. We do not provide personally identifiable information to third parties for marketing purposes.
Mobile Applications. MBA makes mobile applications available for certain Plugins, to facilitate direct individual use of the Plugin, including by students. In order for mobile applications to function properly, data from the fields described below remain on our relay server. Any other Student Data requested by the user of the mobile application may flow through, but does not remain on, our servers.
Data that our servers retain. An authorization process is required before the user of a mobile application can log in to the application. During that process, data is transferred from our customer’s PowerSchool server, through our relay application, and then onto the user’s mobile device. The following data must remain on our relay server in order for the mobile application to function:
- Device ID. A unique ID retrieved from the user’s mobile device.
- Device Code. A 6-digit code randomly generated by our relay server for purposes of authorizing use of the mobile application with PowerSchool.
- User ID. The mobile user’s ID within PowerSchool.
- User Dcid. The internal dcid in PowerSchool, similar to User ID.
- User Type. Indication of what type of user is using the mobile application (e.g., student, staff, etc.)
At present, MBA offers a mobile application for one Plugin only: Adaptive Scheduler.
For an updated list of mobile applications please contact us: email@example.com
Customization and Training.
From time to time, Plugin licensees engage us to customize a Plugin and/or to provide training on the use of a Plugin (the “Consulting Services”). In order to provide the Consulting Services, our employees may require access to the customer’s local servers and may, accordingly, have access to Student Data.
If you request such services, it is your responsibility to ensure that our access to your servers is strictly password protected. Passwords must be issued by you, and remain under your control.
Although we may have password-protected access to Student Data while performing Consulting Services, at no time does custody or control of Student Data transfer from you to MBA.
If you believe MBA has acquired custody or control of Student Data, inadvertently or otherwise, MBA will dispose of or provide a mechanism for transferring such Student Data back to you, within thirty (30) days of your written request. To make such a request, please contact us at firstname.lastname@example.org .
Information you provide directly to us.
We collect personal information that you provide to us when you express interest in obtaining information about MBA or our Services. The personal information we collect depends on the nature and context of your interaction with us and our Services. Such information can include:
- Your name, address, email address(es) and phone number(s)
- Organization/School District information
- Job title/Role/Profession
- Financial information
- Social media account name
- Information you supply in chat and support discussions
We use the information collected to provide and improve our Services and to analyze usage information for sales and marketing purposes. We also use the information collected to communicate with you and to provide you with the content, information, and Services you have requested.
Information Automatically Collected.
Information from Other Sources
We sometimes supplement the information that we collect with information from other sources. Such outside information may include (but is not limited to) updated delivery and address information from carriers or third parties; page-view information; search term and search result information; Services usage; credit history and relevant information from credit bureaus.
If you create or log into your account through a social media site, we will have access to certain information from that site, such as your name, account information and friends lists, in accordance with the authorization procedures determined by such social media site.
We use Zoho Desk to provide an accounting and support portal for our customers. We collect the customer user’s name, email, and company name when they use Zoho Desk. This Statement does not apply to the privacy practices of Zoho Desk. For information about the privacy practices of Zoho Desk, please consult the Zoho Desk individual privacy statements, which appear here.
In addition to uses described elsewhere in this Statement, we may share information about you:
- With vendors, consultants and other service providers who need access to such information to carry out work on our behalf.
- In response to a request for information if we believe disclosure is in accordance with any applicable law, regulation or legal process.
- If we believe your actions are inconsistent with the spirit or language of a EULA, our policies, or to protect the rights, property and safety of MBA or others;
- In connection with, or in anticipation of, any merger, divestiture, consolidation, bankruptcy, sale of company assets, financing or acquisition of all or a portion of our business to another company, or other significant corporate event (in which case the acquiring entity will use the information pursuant to its own privacy policies and procedures, which we cannot anticipate and do not control).
- With your consent or at your direction, including if we notify you through our Services that the information you provide will be shared in a particular manner and you provide such information.
- We may also share aggregated or anonymized information that does not directly identify you.
We may use your information, by way of example:
- To communicate with you about the Services.
- To respond to your inquiries.
- To inform you about changes to Services or new Services.
- To inform you about changes to our terms and policies.
- To ask you to participate in surveys or testimonials about the Services.
- To send you marketing and promotional communications from us .
- To communicate with third parties whose information you supplied to us.
- To enforce a EULA or our policies.
- To respond to legal requests and to prevent harm.
- For other business purposes such as (but not limited to) data analysis; identifying usage trends; determining the effectiveness of promotional campaigns; and to evaluate and improve our Services.
We do not knowingly collect any information from children under the age of 16 unless and until our customer (a school or school district) has provided authorization for a student under 16 to use a Plugin and for us to collect personal information from such student (see, Complying With COPPA: Frequently Asked Questions, Section N). Please contact us at email@example.com if you believe that we have inadvertently collected personal information from a child under 16 without proper consent. This will allow us to delete such information as soon as possible.
The laws in some jurisdictions require companies to tell you about the legal grounds that allow them to process or disclose your personal information. Where those laws apply, our legal grounds are:
- Legitimate interests: We sometimes process personal information because it furthers the legitimate interests of MBA in activities such as the ones listed below, and because that processing does not unduly impact your interests, rights, and freedoms:
- Facilitating education
- Providing customer service
- Analyzing and improving business activities
- Protecting business activities, individuals, and property (for example, protecting against abuse of our Services)
- Managing risks and legal issues
- Complying with our legal obligations
- Exercising or defending legal claims
- To honor our contractual commitments: Some of our information processing is necessary to meet our contractual obligations, or to take steps at a person’s request because we are planning to enter into a contract with them. For example, when we process payment data, we are relying on this basis.
- If the law requires consent, and in some other cases, we handle personal data on the basis of consent.
- If the law allows, we may be able to infer consent from the circumstances.
You may update, correct, amend, or delete your personally identifiable information by editing your account information; you may also send requests for the same by contacting us at firstname.lastname@example.org, using DATA ACCESS REQUEST in the subject line. We may retain certain information as required by law or for legitimate business purposes.
We have implemented technical and organizational security measures designed to protect the security of the personal information we process. MBA has chosen to pursue, and is making commercially reasonable efforts toward full implementation of, the NIST Cybersecurity Framework Version 1.1. We will provide a report and update on MBA’s progress toward full compliance, upon written request.
Please remember that we cannot guarantee that the online environment is 100% secure. Although we do our best to protect your information, transmission of personal information to and from any service (including our Services) is done at your own risk. Only access the internet and our Services from a secure environment.
We store the information we collect for as long as is necessary for the purpose(s) outlined in this Privacy Statement, unless applicable law requires us to keep it for a longer period of time. Information in copies made for backup and business continuity may remain for longer than the original data. Certain financial information must be retained for specified periods of time, for tax compliance reasons.
Our Services may contain links to other sites. This Privacy Statement does not supersede or affect the terms of any statement or agreement between you and any third party with whom you share personal information or data. MBA is not responsible for the privacy practices of other sites or vendors. Please make sure that you read and understand the terms of any privacy statements that affect you involving parties other than MBA, as those statements – and not this Statement – explain how information is used by such other parties.
We encourage our users to be aware and to read the privacy statements of all other sites that collect or process personally identifiable information.
The law of your jurisdiction may give you additional rights to make certain requests with respect to your personal data. This is the case, for example, for residents of the European Economic Area and Switzerland, and US jurisdictions with state-specific privacy rules. Perfect compliance with the laws of every jurisdiction is impossible. Our preference, however, is to treat requests from all users in a similar way, regardless of where they live, to the extent that doing so is practicable and legally feasible. If you believe we are not in compliance with the law of a particular jurisdiction that applies to you, please contact us at email@example.com .
If you have any questions about this Privacy Statement, our information handling practices, or any other aspects of your privacy and the security of your information, please contact us at firstname.lastname@example.org .