Common use of Disposition of Data Clause in Contracts

Disposition of Data. Provider shall dispose or delete all personally identifiable data obtained under the DPA when it is no longer needed for the purpose for which it was obtained and transfer/migrate said data to LEA or LEA’s designee within sixty (60) days of the date of termination and according to a schedule and procedure as the Parties may reasonably agree in a readable and usable format. This copy of all Student Data will be provided in a standard format with standard delimiters and a matching data dictionary, mutually agreeable and sufficient to enable efficient transfer of the Student Data to a new system. It must include all Student Data which may have been re-disclosed to or held by subprocessors or agents of the Provider. Nothing in the DPA authorizes Provider to maintain personally identifiable data obtained under any other writing beyond the time period reasonably needed to complete the disposition. Disposition shall include (1) the shredding of any hard copies of any Pupil Records; (2) Erasing; or (3) Otherwise modifying the personal information in those records to make it unreadable or indecipherable. Permanent destruction of this Confidential Data must be non-recoverable and meet DoD standard 5220.22-M and processes recommended by NIST Special Publication 800-88. Provider shall provide written notification to LEA when the Data has been disposed within ninety (90) days. The duty to dispose of Student Data shall not extend to data that has been de-identified or placed in a separate Student account, pursuant to the other terms of the DPA. The LEA may employ a “Request for Return or Deletion of Student Data” FORM, A Copy of which is attached hereto as Exhibit “D”). Upon receipt of a request from the LEA, the Provider will immediately provide the LEA with any specified portion of the Student Data within three (3) calendar days of receipt of said request. The Provider shall ensure that such transfer/migration uses facilities and methods that are compatible with the relevant systems of the LEA or its transferee, and to the extent technologically feasible, that the LEA will have reasonable access to Student Data during the transition.

Disposition of Data. To the extent feasible, Provider shall dispose or delete all personally identifiable data obtained under Student Data and Teacher Data stored by Provider pursuant to the DPA Underlying Agreement when it is no longer needed for the purpose for which it was obtained obtained, and transfer/migrate transfer said data in a standard data format to LEA or LEA’s designee within sixty (60) days of on the date of termination and of the Underlying Agreement according to a schedule and procedure as the Parties may reasonably agree in agree. Upon a readable and usable format. This copy written request of all the LEA, except for backups, the Provider will dispose or delete Student Data will be provided in a standard format with standard delimiters and a matching data dictionary, mutually agreeable and sufficient to enable efficient transfer of the Student Teacher Data to a new system. It must include all Student Data which may have been re-disclosed to or held by subprocessors or agents of the Providerwithin sixty days. Nothing in the DPA authorizes Provider to maintain personally identifiable data obtained under any other writing beyond the time period reasonably needed to complete the disposition, except for backups as outlined below. Disposition shall include (1) the shredding of any hard copies of any Pupil Records; (2) Erasing; or (3) Otherwise modifying the personal information in those records to make it unreadable or indecipherable. Permanent destruction of this Confidential Data must be non-recoverable and meet DoD standard 5220.22-M and processes recommended by NIST Special Publication 800-88. Provider shall provide written notification to LEA when the Student Data and Teacher Data has been disposed within ninety (90) daysdisposed. The duty to dispose of Student Data and Teacher Data shall not extend to data that has been de-identified or placed in a separate Student account, pursuant to the other terms of the DPA. All backups will be deleted within one year. Backups will receive the same protections as all other Student Data under this DPA and the LEA may request in writing at any time the status of backups. The LEA may request within one year of termination of this DPA, the status of a backup and may request deletion of any restored LEA data. The LEA may employ a “Request Directive for Return or Deletion Disposition of Student Data” FORMform, A Copy a copy of which is attached hereto as Exhibit “D”). Upon receipt of a request from the LEA, the Provider will immediately provide the LEA with any specified portion of the Student Data or Teacher Data in a standard file format within three ten (310) calendar business days of receipt of said request. The Provider shall ensure that such transfer/migration uses facilities and methods that are compatible with the relevant systems of the LEA or its transferee, and to the extent technologically feasible, that the LEA will have reasonable access to Student Data during the transition.

Disposition of Data. Upon written request from LEA during the term of the Agreement, Provider shall dispose or delete all personally identifiable data Student Data obtained under the DPA when it is no longer needed for the purpose for which it was obtained and transfer/migrate said data to obtained. LEA or LEA’s designee within sixty shall have thirty (6030) days after termination or expiration (whichever is earlier) of the date of termination and according its Service Agreement with Provider to notify Provider in writing that LEA wishes Provider to make available or otherwise transfer data in either a schedule and procedure as the Parties may reasonably agree in a readable and usable CSV or other mutually-agreeable format. This copy of After such thirty (30) day time period has expired, Provider shall use commercially reasonable efforts to dispose or delete all Student Data will be provided in a standard format with standard delimiters and a matching data dictionary, mutually agreeable and sufficient to enable efficient transfer of obtained under the Student Data to a new system. It must include all Student Data which may have been re-disclosed to or held by subprocessors or agents of the ProviderService Agreement. Nothing in the DPA authorizes Provider to maintain personally identifiable data obtained under any other writing beyond the time period reasonably needed to complete the disposition. Disposition shall include commercially reasonable efforts to complete: (1) the shredding of any hard copies of any Pupil Records; (2) Erasing; or (3) Otherwise modifying the personal information in those records to make it unreadable or indecipherable. Permanent destruction of this Confidential Data must be non-recoverable and meet DoD standard 5220.22-M and processes recommended by NIST Special Publication 800-88. Provider shall provide written notification to LEA when the Data has been disposed within ninety (90) daysdisposed. The duty to dispose of Student Data shall not extend to data that has been de-identified or placed in a separate Student account, pursuant to the other terms of the DPA. The LEA may employ a “Request for Return or Deletion of Student Data” FORM, A Copy of which is attached hereto as Exhibit “D”). Upon receipt of a written request from the LEA, the Provider will immediately provide the LEA with any specified portion of the Student Data within three ten (310) calendar days of receipt of said request. The Provider shall ensure that such transfer/migration uses facilities and methods that are compatible with the relevant systems of the LEA or its transferee, and to the extent technologically feasible, that the LEA will have reasonable access to Student Data during the transition.

Disposition of Data. a. Upon written request from the LEA, Provider shall dispose or delete all personally identifiable data of Student Data obtained under the DPA Service Agreement. Provider shall respond to such a request for disposition in a reasonably timely manner (and pursuant to any time frame required under state law). Upon termination of the Service Agreement, if no written request from the LEA is received, individual user accounts will remain open and available for use for other educational purposes. The LEA may employ a “Directive for Disposition of Data” form, a copy of which is attached hereto as Exhibit “D”. If the LEA and Provider employ Exhibit “D,” no further written request or notice is required on the part of either party prior to the disposition of Student Data described in Exhibit “D." b. In addition to complying with disposition requests made by the LEA, Provider may dispose of Student Data: (i) when it the Student Data is no longer needed for the purpose for which it was obtained and transfer/migrate said data to LEA or LEA’s designee within sixty (60) days of the date of termination and according to a schedule and procedure as the Parties may reasonably agree in a readable and usable format. This copy of all Student Data will be provided in a standard format with standard delimiters and a matching data dictionary, mutually agreeable and sufficient to enable efficient transfer of the Student Data to a new system. It must include all Student Data which may have been re-disclosed to or held by subprocessors or agents of the Provider. Nothing in the DPA authorizes Provider to maintain personally identifiable data obtained under any other writing beyond the time period reasonably needed to complete the disposition. Disposition shall include (1) the shredding of any hard copies of any Pupil Recordsreceived; (2ii) Erasingin accordance with its disposition policy; or (3iii) Otherwise modifying the personal information in those records to make it unreadable or indecipherable. Permanent destruction of this Confidential Data must be non-recoverable and meet DoD standard 5220.22-M and processes recommended as required by NIST Special Publication 800-88. Provider shall provide written notification to LEA when the Data has been disposed within ninety (90) days. law. c. The duty to dispose of Student Data shall not extend to data Student Data that has been deDe-identified Identified or placed in an account controlled by a separate Student account, student or their parent pursuant to the other terms of the DPA. The LEA may employ a “Request for Return or Deletion Section II 3. d. Prior to disposition of Student Data” FORM, A Copy of which is attached hereto as Exhibit “D”). Upon receipt of a request from Data at the LEA, the Provider will immediately provide the LEA with any specified portion of the Student Data within three (3) calendar days of receipt of said request. The Provider shall ensure that such transfer/migration uses facilities and methods that are compatible with the relevant systems direction of the LEA under this section or its transfereeArticle II, and Section 3 (Separate Accounts), Provider may permit users or parents to maintain the extent technologically feasibleKhan Academy Website account as a personal account for purposes of retaining any content generated or provided by the user (including Learning activity). Certain account controls, including the ability to modify the account profile or delete the account, may be exercisable by the teacher that created the LEA account, by the student account holder or their parent. Requirements relating to transfer of data will have reasonable access be satisfied by the ability to Student Data during maintain a personal account or establish a personal login credential to allow the transitionstudent to maintain their account. Account transfer may not be available for some types of accounts due to limitations inherent in the functionality of the Services.

Disposition of Data. To the extent feasible, Provider shall dispose or delete all personally identifiable data obtained under Student Data and Teacher Data stored by Provider pursuant to the DPA Underlying Agreement when it is no longer needed for the purpose for which it was obtained obtained, and transfer/migrate transfer said data in a standard data format to LEA or LEA▇▇▇’s designee within sixty (60) days of on the date of termination and of the Underlying Agreement according to a schedule and procedure as the Parties may reasonably agree in agree. Upon a readable and usable format. This copy written request of all the LEA, except for backups, the Provider will dispose or delete Student Data will be provided in a standard format with standard delimiters and a matching data dictionary, mutually agreeable and sufficient to enable efficient transfer of the Student Teacher Data to a new system. It must include all Student Data which may have been re-disclosed to or held by subprocessors or agents of the Providerwithin sixty days. Nothing in the DPA authorizes Provider to maintain personally identifiable data obtained under any other writing beyond the time period reasonably needed to complete the disposition, except for backups as outlined below. Disposition shall include (1) the shredding of any hard copies of any Pupil Records; (2) Erasing; or (3) Otherwise modifying the personal information in those records to make it unreadable or indecipherable. Permanent destruction of this Confidential Data must be non-recoverable and meet DoD standard 5220.22-M and processes recommended by NIST Special Publication 800-88. Provider shall provide written notification to LEA when the Student Data and Teacher Data has been disposed within ninety (90) daysdisposed. The duty to dispose of Student Data and Teacher Data shall not extend to data that has been de-identified or placed in a separate Student account, pursuant to the other terms of the DPA. All backups will be deleted within one year. Backups will receive the same protections as all other Student Data under this DPA and the LEA may request in writing at any time the status of backups. The LEA may request within one year of termination of this DPA, the status of a backup and may request deletion of any restored LEA data. The LEA may employ a “Request Directive for Return or Deletion Disposition of Student Data” FORMform, A Copy a copy of which is attached hereto as Exhibit “D”). Upon receipt of a request from the LEA, the Provider will immediately provide the LEA with any specified portion of the Student Data or Teacher Data in a standard file format within three ten (310) calendar business days of receipt of said request. The Provider shall ensure that such transfer/migration uses facilities and methods that are compatible with the relevant systems of the LEA or its transferee, and to the extent technologically feasible, that the LEA will have reasonable access to Student Data during the transition.

Disposition of Data. In accordance with the applicable terms in subsection (a) or (b) below, and upon a written request from the LEA, Provider shall dispose or delete all personally identifiable data obtained Student Data and Teacher Data under the DPA within thirty (30) days of the date of receipt of such written request. If no written request is received, Provider shall dispose or delete all Personally Identifiable Information contained in Student Data at the earliest of (a) when it is no longer needed for the purpose for which it was obtained and transfer/migrate said data to LEA or LEA’s designee within sixty (60b) days of the date of termination and according to a schedule and procedure as the Parties may reasonably agree in a readable and usable format. This copy of all Student Data will be provided in a standard format with standard delimiters and a matching data dictionary, mutually agreeable and sufficient to enable efficient transfer of the Student Data to a new system. It must include all Student Data which may have been re-disclosed to or held required by subprocessors or agents of the Providerapplicable law. Nothing in the DPA authorizes Provider to maintain personally identifiable data PII or Teacher Data obtained under any other writing beyond the time period reasonably needed to complete the dispositiondisposition unless a student, parent or legal guardian of a student chooses to establish a separate contractual relationship with the Provider and provides written consent for the transfer of the Student Data. Disposition shall include (1) the shredding of any hard copies of any Pupil RecordsStudent Data and Teacher Data; (2) ErasingErasing any Personally Identifiable Information; or (3) Otherwise modifying the personal information Personally Identifiable Information in those records to make it unreadable or indecipherable. Permanent destruction of this Confidential Data must be non-recoverable and meet DoD standard 5220.22-M and processes recommended by NIST Special Publication 800-88. Provider shall provide written notification to LEA when the Student Data and Teacher Data has been disposed within ninety (90) daysdisposed. The duty to dispose Upon receipt of a request from the LEA, the Provider will also immediately provide the LEA with any specified portion of the Student Data shall not extend to data that has been de-identified or placed in a separate Student account, pursuant to the other terms Teacher Data within ten (10) calendar days of the DPAreceipt of said request. The LEA may also employ a “Request for Return or Deletion of Student Data” FORM, A a Copy of which is attached hereto as Exhibit “D”). Upon receipt of a request from ) for the LEA, the Provider will immediately provide the LEA with any specified portion of the Student Data within three (3) calendar days of receipt of said written request. The Provider shall ensure that such transfer/migration uses facilities and methods that are compatible with the relevant systems of the LEA or its transferee, and to the extent technologically feasible, that the LEA will have reasonable access to Student Data during the transition.

Disposition of Data. Provider shall dispose or delete all personally identifiable data obtained under the DPA when it is no longer needed for the purpose for which it was obtained and transfer/migrate transfer said data to LEA or LEA’s designee within sixty (60) days of the date of termination and according to a schedule and procedure as the Parties may reasonably agree agree. The LEA will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion. Return or transfer of data, other than the names, responses, results and grades obtained by students in their assignments, to LEA shall not apply if proven to be incompatible with the Service, technically impossible or to involve a disproportionate effort for Provider. In such events, and upon written request by LEA, Provider shall proceed to deletion of personally identifiable information in a readable and usable format. This copy manner consistent with the terms of all Student Data will this DPA, unless prohibited from deletion or required to be provided in a standard format with standard delimiters and a matching data dictionary, mutually agreeable and sufficient to enable efficient transfer of the Student Data to a new system. It must include all Student Data which may have been re-disclosed to retained under state or held by subprocessors or agents of the Providerfederal law. Nothing in the DPA authorizes Provider to maintain personally identifiable data obtained under any other writing beyond the time period reasonably needed to complete the disposition. Nevertheless, Provider may keep copies and/or backups of personally identifiable information as part of its disaster recovery storage system, provided personally identifiable data is (a) inaccessible to the public; (b) unable to be used in the normal course of business by Provider; and (c) deleted after a maximum term of thirteen (13) months since the creation of said copies and/or backups. In case such copies and/or backups are used by Provider to repopulate accessible data following a disaster recovery, the Provider will provide fifteen (15) days’ notice to the LEA and the LEA shall be entitled to demand from Provider the immediate deletion of said copies and/or backups, by sending a written request by either regular or electronic mail at ▇▇▇▇▇▇▇@▇▇▇▇▇▇▇▇.▇▇▇. Disposition shall include (1) the shredding of any hard copies of any Pupil Records; (2) Erasing; or (3) Otherwise modifying the personal information in those records to make it unreadable or indecipherable. Permanent destruction of this Confidential Data must be non-recoverable and meet DoD standard 5220.22-M and processes recommended Provider agrees, upon written request by NIST Special Publication 800-88. Provider shall LEA, to provide written notification of data destruction to LEA when the Data has been disposed within ninety (90) daysLEA. The duty to dispose of Student Data shall not extend to data that has been de-identified or placed in a separate Student account, pursuant to the other terms of the DPA. The LEA may employ a “Request for Return or Deletion of Student Data” FORM, A Copy of which is attached hereto as Exhibit “D”). Upon Where applicable, upon receipt of a request from the LEA, the Provider will immediately provide the LEA with any specified portion of the Student Data within three ten (310) calendar days of receipt of said request. The Provider shall ensure that such transfer/migration uses facilities and methods that are compatible with the relevant systems of the LEA or its transferee, and to the extent technologically feasible, that the LEA will have reasonable access to Student Data during the transition.

Disposition of Data. Provider shall dispose or delete all personally identifiable data obtained under the DPA when it is no longer needed for the purpose for which it was obtained and transfer/migrate said data to LEA or LEA▇▇▇’s designee within sixty (60) days of the date of termination and according to a schedule and procedure as the Parties may reasonably agree in a readable and usable format. This copy of all Student Data will be provided in a standard format with standard delimiters and a matching data dictionary, mutually agreeable and sufficient to enable efficient transfer of the Student Data to a new system. It must include all Student Data which may have been re-disclosed to or held by subprocessors or agents of the Provider. Nothing in the DPA authorizes Provider to maintain personally identifiable data obtained under any other writing beyond the time period reasonably needed to complete the disposition. Disposition shall include (1) the shredding of any hard copies of any Pupil Records; (2) Erasing; or (3) Otherwise modifying the personal information in those records to make it unreadable or indecipherable. Permanent destruction of this Confidential Data must be non-recoverable and meet DoD standard 5220.22-M and processes recommended by NIST Special Publication 800-88. Provider shall provide written notification to LEA when the Data has been disposed within ninety (90) days. The duty to dispose of Student Data shall not extend to data that has been de-identified or placed in a separate Student account, pursuant to the other terms of the DPA. The LEA may employ a “Request for Return or Deletion of Student Data” FORM, A Copy of which is attached hereto as Exhibit “D”). Upon receipt of a request from the LEA, the Provider will immediately provide the LEA with any specified portion of the Student Data within three (3) calendar days of receipt of said request. The Provider shall ensure that such transfer/migration uses facilities and methods that are compatible with the relevant systems of the LEA or its transferee, and to the extent technologically feasible, that the LEA will have reasonable access to Student Data during the transition.

Disposition of Data. Provider shall dispose or shall, at LEA’s request, delete all personally identifiable data Personally Identifiable Information contained in Student Data obtained under the DPA upon termination within thirty (30) days for the data and within sixty-five (65) day for any back-ups, according to a schedule and procedure as the Parties may reasonably agree. If no written request is received, Provider shall dispose of or delete all Personally Identifiable Information contained in Student Data at the earliest of (a) when it is no longer needed for the purpose for which it was obtained and transfer/migrate said data to LEA or LEA’s designee within sixty (60b) days of the date of termination and according to a schedule and procedure as the Parties may reasonably agree in a readable and usable format. This copy of all Student Data will be provided in a standard format with standard delimiters and a matching data dictionary, mutually agreeable and sufficient to enable efficient transfer of the Student Data to a new system. It must include all Student Data which may have been re-disclosed to or held required by subprocessors or agents of the Providerapplicable law. Nothing in the DPA authorizes Provider to maintain personally identifiable data Personally Identifiable Information contained in Student Data obtained under any other writing beyond the time period reasonably needed to complete the disposition, unless a student, parent or legal guardian of a student chooses to establish and maintain a separate account with Provider for the purpose of storing Pupil- Generated Content. Disposition shall include (1) the shredding of any hard copies of any Pupil RecordsPersonally Identifiable Information contained in Student Data; (2) Erasingerasing any Personally Identifiable Information contained in Student Data; or (3) Otherwise otherwise modifying the personal information Personally Identifiable Information in those records Student Data to make it unreadable or indecipherable. Permanent destruction of this Confidential Data must be nonindecipherable or De-recoverable and meet DoD standard 5220.22-M and processes recommended by NIST Special Publication 800-88Identified. Provider shall provide written notification to LEA when the Student Data has been disposed within ninety (90) dayspursuant to LEA’s request for deletion. The duty to dispose of Student Data shall not extend to data Student Data that has been deDe-identified Identified or placed in a separate Student account, pursuant to the other terms of the DPA. The LEA may employ a “Request for Return or Deletion of Student Data” FORM, A Copy of which is attached hereto as Exhibit “D”). Upon receipt of a request from the LEA, the Provider will immediately provide the LEA with any specified portion of the Student Data within three (3) calendar days of receipt of said request. The Provider shall ensure that such transfer/migration uses facilities and methods that are compatible with the relevant systems of the LEA or its transferee, and to the extent technologically feasible, that the LEA will have reasonable access to Student Data during the transition.

Disposition of Data. Provider shall dispose or delete all personally identifiable data obtained under the DPA when it is no longer needed for the purpose for which it was obtained and transfer/migrate said data to LEA or LEA’s designee within sixty (60) days of the date of termination and according to a schedule and procedure as the Parties may reasonably agree in a readable and usable format. This copy of all Student Data will be provided in a standard format with standard delimiters and a matching data dictionary, mutually agreeable and sufficient to enable efficient transfer of the Student Data to a new system. It must include all Student Data which may have been re-disclosed to or held by subprocessors or agents of the Provider. Nothing in the DPA authorizes Provider to maintain personally identifiable data obtained under any other writing beyond the time period reasonably needed to complete the disposition. Disposition shall include (1) the shredding of any hard copies of any Pupil Records; (2) Erasing; or (3) Otherwise modifying the personal information in those records to make it unreadable or indecipherable. Permanent destruction of this Confidential Data must be non-recoverable and meet DoD standard 5220.22-M and processes recommended by NIST Special Publication 800-88. Provider shall provide written notification to LEA when the Data has been disposed within ninety (90) days. The duty to dispose of Student Data shall not extend to data that has been de-identified or placed in a separate Student account, pursuant to the other terms of the DPA. The LEA may employ a “Request for Return or Deletion of Student Data” FORM, A Copy of which is attached hereto as Exhibit “D”). Upon receipt of a request from the LEA, the Provider will immediately provide the LEA with any specified portion of the Student Data within three ten (310) calendar days of receipt of said request. The Provider shall ensure that such transfer/migration uses facilities and methods that are compatible with the relevant systems of the LEA or its transferee, and to the extent technologically feasible, that the LEA will have reasonable access to Student Data during the transition.

Disposition of Data. Except as otherwise provided herein, upon confirmed receipt of LEA’s written request by Provider’s Data Protection Officer, Provider shall dispose or delete all personally identifiable data obtained under the DPA when it is no longer needed for the purpose for which it was obtained and transfer/migrate said data to LEA or LEA’s designee within sixty (60) days of the date of termination and according to a schedule and procedure as the Parties may reasonably agree in a readable and usable format. This copy of all Provider will make reasonable efforts toward providing the Student Data will be provided in a standard format with standard delimiters and a matching data dictionary, mutually agreeable and sufficient to enable efficient transfer of the Student Data to a new system. It must include all Student Data which may have been re-disclosed to or held by subprocessors or agents of the Provider. Nothing Except as otherwise provided herein, nothing in the DPA authorizes Provider to maintain personally identifiable data obtained under any other writing beyond the time period reasonably needed to complete the disposition. Disposition shall include (1) the shredding of any hard copies of any Pupil Records; (2) Erasing; or (3) Otherwise modifying the personal information in those records to make it unreadable or indecipherable. Permanent destruction of this Confidential Data must be non-recoverable and meet DoD standard 5220.22-M and processes recommended by NIST Special Publication 800-88. Provider shall provide written notification to LEA when the Data has been disposed within ninety (90) days. The duty to dispose of Student Data shall not extend to data (a) for which Provider has specifically obtained consent from the parent, legal guardian or eligible student to keep, through an agreement directly between the Provider and the student who is over eighteen (18) and/or parent/legal guardian (such separate agreement does not impact the Provider’s obligations to maintain and process Student Data in accordance with this DPA),, (b) that has been de-identified identified, or (c) is placed in a separate Student account, pursuant to the other terms of the DPA. The LEA may employ a “Request for Return or Deletion of Student Data” FORM, A Copy of which is attached hereto as Exhibit “D”). Upon receipt of a request from the LEA, the Provider will immediately provide the LEA with any specified portion of the Student Data within three (3) calendar days of receipt of said request. The Provider shall make reasonable efforts to ensure that such transfer/migration uses facilities and methods that are compatible with the relevant systems of the LEA or its transferee, and to the extent technologically feasible, that the LEA will have reasonable access to Student Data during the transition.

Disposition of Data. Upon written request from the LEA, Provider shall dispose or delete all personally identifiable data of or, subject to the terms set forth herein and to the extent it is severable from Provider’s services, return Student Data obtained under the DPA when it is no longer needed for the purpose for which it was obtained and transfer/migrate said data to LEA or LEA’s designee Service Agreement within sixty (60) days of the date of termination said request and according to a schedule and procedure as the Parties may reasonably agree agree. Regarding return of Student Data, ▇▇▇ will have the ability to download names, responses, results and grades obtained by students in their assignments (“Student Gradebooks”) at any point prior to end­user account deletion. Student Gradebooks will be exported in a readable and usable standard electronic legible format, such as, but not limited to, .csv or .json. This copy Other data, information or content besides Student Gradebooks is hereby considered as not severable from the services. Where return of data is not feasible, Provider shall proceed to data disposal in te terms outlined below. Upon termination of this DPA, if no written request from the LEA is received, Provider shall dispose of all Student Data will be provided in a standard format with standard delimiters and a matching data dictionary, mutually agreeable and sufficient to enable efficient transfer upon eighteen (18) months of the Student Data to a new system. It must include all Student Data which may have been re-disclosed to or held by subprocessors or agents of the Provider. Nothing in the DPA authorizes Provider to maintain personally identifiable data obtained under any other writing beyond the time period reasonably needed to complete the disposition. Disposition shall include (1) the shredding of any hard copies of any Pupil Records; (2) Erasing; or (3) Otherwise modifying the personal information in those records to make it unreadable or indecipherable. Permanent destruction of this Confidential Data must be non-recoverable and meet DoD standard 5220.22-M and processes recommended by NIST Special Publication 800-88. Provider shall provide written notification to LEA when the Data has been disposed within ninety (90) daysend­user account inactivity. The duty to dispose of Student Data shall not extend to data Student Data that has had been de-identified De­Identified, or placed in a separate to backups of Student accountData that are part of Provider’s disaster recovery storage system. Backups of Student Data may be retained by the Provider for an additional term of thirteen (13) months after termination of Services, pursuant provided such backups remain inaccessible to the other terms public and are unable to be used by the Provider in the normal course of its business. If the Provider restores backups containing Student Data after the LEA has terminated the services or requested deletion of Student Data, the Provider will provide the LEA written notice so it can request deletion of the DPAStudent Data. The LEA may employ a “Request Directive for Return or Deletion Disposition of Student Data” FORMform, A Copy a copy of which is attached hereto as Exhibit “D”). Upon receipt of a request from the LEA, the Provider will immediately provide If the LEA with any specified portion and Provider employ Exhibit “D,” no further written request or notice is required on the part of either party prior to the disposition of Student Data within three (3) calendar days of receipt of said request. The Provider shall ensure that such transfer/migration uses facilities and methods that are compatible with the relevant systems of the LEA or its transferee, and to the extent technologically feasible, that the LEA will have reasonable access to Student Data during the transition.described in Exhibit “D.

Disposition of Data. Provider shall dispose or delete all personally identifiable data obtained under the DPA when it is no longer needed for the purpose for which it was obtained and transfer/migrate said data to LEA or LEA’s designee within sixty (60) days of the date of termination and according to a schedule and procedure as the Parties may reasonably agree in a readable and usable format. This copy of all Student Data will be provided in a standard format with standard delimiters and a matching data dictionary, mutually agreeable and sufficient to enable efficient transfer of the Student Data to a new system. It must include all Student Data which may have been re-disclosed to or held by subprocessors or agents of the Provider. Nothing in the DPA authorizes Provider to maintain personally identifiable data obtained under any other writing beyond the time period reasonably needed to complete the disposition. Disposition shall include (1) the shredding of any hard copies of any Pupil Records; (2) Erasing; or (3) Otherwise modifying the personal information in those records to make it unreadable or indecipherable. Permanent destruction of this Confidential Data must be non-recoverable and meet DoD standard 5220.22-M and processes recommended by NIST Special Publication 800-88. Provider shall provide written notification to LEA when the Data has been disposed within ninety (90) days. The duty to dispose of Student Data shall not extend to data that has been de-identified or placed in a separate Student account, pursuant to the other terms of the DPA. The LEA may employ a “Request for Return or Deletion of Student Data” FORM, A Copy of which is attached hereto as Exhibit “D”). Upon receipt of a request from the LEA, the Provider will immediately provide the LEA with any specified portion of the Student Data within three ten (310) calendar days of receipt of said request. The Provider shall ensure that such transfer/migration uses facilities and methods that are compatible with the relevant systems of the LEA or its transferee, and to the extent technologically feasible, that the LEA will have reasonable access to Student Data during the transition.