Privacy Policy

Privacy Policy Statement

Kids Privacy Assured by PRIVO: COPPA Safe Harbor Certification


Language Testing International, Inc. is a member of the PRIVO Kids Privacy Assured COPPA safe harbor certification Program (“the Program”). The Program certification applies to the digital properties listed on the certification page that is viewable by clicking on the PRIVO Seal. PRIVO is an independent, third-party organization committed to safeguarding children's personal information collected online. The PRIVO COPPA safe harbor certification Seal posted on this page indicates Language Testing International, Inc. has established COPPA compliant privacy practices and has agreed to submit to

PRIVO’s oversight and consumer dispute resolution process. If you have questions or concerns about our privacy practices, please contact us at (800) 486-8444 or privacy@languagetesting.com. If you have further concerns after you have contacted us, you can contact PRIVO directly at privacy@privo.com.

Definitions

The following list defines acronyms and terms used throughout this document.

• Assessments provided by LTI and covered by this privacy policy:

     o AAPPL: ACTFL Assessment of Performance toward Proficiency in Languages®

     o ALIRA: ACTFL Latin Interpretive Reading Assessment®

     o APPT: ACTFL Proficiency Placement Test®

     o ACTFL TEP: ACTFL Test of English Proficiency®

     o LPT: ACTFL Listening Proficiency Test®

     o L&Rcat: ACTFL Listening and Reading Computer Adaptive Test®

     o OPI: ACTFL Speaking Assessment: The Oral Proficiency Interview®

     o OPIc: ACTFL Speaking Assessment: The Oral Proficiency Interview—computer®

     o OPI & WPT for the Seal of Biliteracy: ACTFL Oral Proficiency Interview & Writing Proficiency Test for the Seal of Biliteracy®

     o RPT: ACTFL Reading Proficiency Test®

     o WPT: ACTFL Writing Proficiency Test®

     o Proficiency Screener

          • Sometimes referred to as “Vocabulary Screener”

aggregated anonymous data: a set of anonymized data from multiple test takers that has been grouped together for the purpose of demonstrating trends or comparing the results of individuals or subsets of individuals against the entire set.

anonymized / deidentified / sanitized data: data that have had all customer personally identifiable information (PII) removed so that what remains cannot be traced back to the identity of the original owner.

candidate / test taker: someone who takes a test administered through LTI.

client / ordering entity / client organization / organization: any entity that orders a test administered through LTI. Usually this will be an academic, commercial, or government organization that orders tests for its students, employees, or potential employees via the Client Site. (See individual client below.)

Client Site: LTI’s proprietary, online test management system. Clients use it to do such things as order tests, review the status of ordered tests or to make changes, and receive test results.

COPPA: The Children's Online Privacy Protection Act imposes certain requirements on operators of websites or online services directed to children under 13 years of age.

customer: a candidate / test taker, client, or individual client.

DPA: A Data Privacy Agreement is a legally binding contract between LTI and a client (usually a school or school district) that defines, among other things, how PII and other data for that client’s test takers and administrative agents should be handled, stored, deidentified, or deleted.

FERPA: The Family Educational Rights and Privacy Act protects the privacy of K–12 student education records.

IDEA: The Individuals with Disabilities Education Act ensures that all children with disabilities have available to them a free appropriate public education that emphasizes special education and related services designed to meet their unique needs and prepare them for further education, employment, and independent living.

individual client / individual student: someone who orders their own test online via LTI’s website (independently of an ordering entity).

PII: Personally Identifiable Information is any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means.

service provider: a third-party entity who performs some service for LTI.

SOPIPA: The Student Online Personal Information Protection Act in California provides clear rules to ensure that children's personally identifiable information is securely collected and managed and not exploited for commercial or harmful purposes.

student: a candidate / test taker whose test was ordered for them by their teacher, school, school district, or state.

student-generated content: written or audio recorded responses that students submit during testing.

LTI Websites Covered by This Privacy Policy

This privacy policy applies to many LTI websites. By default, LTI’s websites are for “general adult audiences,” which means that LTI has taken care to restrict access to these websites only to those clients who are adults. In most cases, this includes LTI’s commercial clients, government clients, and adult academic clients (e.g., college students and staff; K–12 teachers; K–12 school, district, or state administrators; parents or legal guardians of K– 12 students; and K–12 eligible students). However, in order to comply with federal or some state data security laws or guidelines, some LTI websites have been designed and built for “child audiences.” Within this group are two subgroups: “for children under age 18” and “for children under age 13.” All websites in these two subgroups are compliant with FERPA, SOPIPA, and IDEA, as explained elsewhere in this document. Additionally, all “for children under age 13” websites are compliant with COPPA.

Here is an organizational listing of the LTI websites covered by this privacy policy.

Child Audience Websites for K–12 Academic Candidates under Age 13

Candidates under age 13 can access only the following websites, which are compliant with COPPA, FERPA, SOPIPA, and IDEA.

• AAPPL Student Test Portal: http://aappl2.actfltesting.org

• ALIRA Student Test Portal: https://actfllrhtml.actfltesting.org

• AAPPL Student Demo webpage: https://www.languagetesting.com/aappl2-demo

• ALIRA Student Demo test: https://alirademo.actfltesting.org/

Child Audience Websites for K–12 Academic Candidates under Age 18

Candidates under age 18 can access only the under age 13 websites above and the following two websites, which are compliant with FERPA, SOPIPA, and IDEA.

• AAPPL Remote Proctoring Test Portal: https://languagetesting.com/AutoRP

• ACTFL WPT for the Seal of Biliteracy Test Portal: https://wpt.actfltesting.org/

General Adult Audience Websites for K-12 Academic Clients

Academic clients can access the under age 13 and under age 18 websites above and the following websites. LTI’s main website and the AAPPL Registration Site are intended for teachers and school administrators. Parents, legal guardians, and eligible students can access the AAPPL Parent Portal once the school sets up their account and provides them with a access passcode.

For Teachers and School Administrators:

• LTI main website: https://www.languagetesting.com/

• AAPPL Registration Site: https://tms.languagetesting.com/AAPPLNew/

For Parents, Legal Guardians, and Eligible Students:

• AAPPL Parent Portal: https://tms.languagetesting.com/AAPPLStudentRegistration

General Adult Audience Websites for Commercial, Government, or Post-Secondary Academic Clients

Commercial, government, and post-secondary clients can access the following websites.

• LTI main website: https://www.languagetesting.com/

• ACTFL LPT Test Portal: https://actfllrhtml.actfltesting.org/

• ACTFL L&Rcat Test Portal: https://lrcat.actfltesting.org/

• ACTFL OPIc Test Portal: https://opic.actfltesting.org/

• ACTFL RPT Test Portal: https://actfllrhtml.actfltesting.org/

• ACTFL WPT Test Portal: https://wpt.actfltesting.org/

• APPT Test Portal: https://www.languagetesting.com/APPT

• ACTFL TEP Test Portal: The ACTFL TEP is bundle of the L&Rcat, OPIc, and WPT. Each component is accessible from its corresponding test portal (see above).

• Proficiency Screener: https://proficiencyscreener.languagetesting.com/

Use of Personally Identifiable Information (PII)

The PII collected by LTI depends on each customer’s role within LTI’s systems (e.g., test taker, account administrator) as well as the testing agreement established between LTI and that customer. The collected PII may include the following data types:

• First and Last Name

• Phone Number

• Mailing Address

• Email Address

• Test Scores

• Employer or Program Affiliation (for those who test through their organization or who are administrators for their organization)

• Job Title

• ID Number

• Spoken or Written Test Responses

The following disclosures and uses of customer PII are permitted under this policy.

• LTI will not disclose any of its customers’ PII except under the conditions outlined in this privacy policy.

• LTI may disclose customer PII to any person or entity as required by law, as required to protect the rights or safety of LTI or its customers, or in response to a specific court order.

• If a test taker’s employer or ordering entity contracts with LTI for a test, sends LTI a list of candidates who will be taking the test, and requests that each test taker self-register online via LTI’s website, LTI may share the test takers’ PII and test results with the ordering entity.

• LTI may provide customer PII to select service providers, as required to deliver our services. LTI will share only the minimum PII required by each service provider to facilitate the provision of their services. LTI requires service providers to sign a confidentiality agreement that prohibits them from using any customer PII for unauthorized purposes. If LTI becomes aware that a service provider is using or disclosing PII contrary to this policy, LTI will take the necessary steps to prevent or stop the misuse or disclosure and inform affected customers, as stipulated in its Incident Management & Response Policy.

     o Note: Test takers are strongly discouraged from including PII in their open-ended test responses. While LTI takes all reasonable action to protect and limit access to customer PII, test response information is, by its very nature, shared with those service providers who rate those open-ended responses. LTI maintains confidentiality agreements with all raters but cannot be held    responsible for the possible identification of a test taker by a rater during the rating process.

• Some foreign countries’ security regulations may require LTI to provide foreign and domestic government agencies with access to customer PII.

• LTI may use aggregated anonymous information about its customers for internal research or to update and maintain its systems. However, LTI does not sell, rent, or loan any PII to any third parties that are not authorized service providers, or who are not clients with whom LTI has signed confidentiality agreements concerning the use of PII.

Candidates who test through our remote proctoring service providers are also required to verify their identity for testing integrity purposes by showing their government-issued photo ID to the live human remote proctor, who verifies it against their account details. Alternatively, some remotely proctored tests require that test takers photograph their ID prior to taking their test, which is later verified before test scores are released. Candidates that test with remote proctoring are recorded via their webcam while the content on their screen is also recorded throughout the remotely proctored session. LTI has purge policies in place with all of its remote proctoring providers to ensure that candidate data are stored for no more than 30 days to allow for review of any reported issues. After that period, all user data are automatically purged from the remote proctoring providers’ systems.

Note: In the event that an integrity issue is confirmed, LTI will download a copy of the video and images and store the files on LTI servers (not the remote proctor’s servers). These downloads will serve as evidence of the issue should any claims or disputes be raised by the candidate or client. Any such downloads are automatically deleted two (2) years after the download date.

LTI Website

Visitor Information

Note: The following information applies only to adult-directed pages of the LTI website. It does not apply to any student-directed pages.

To better serve customers, the LTI website may internally track aggregated, anonymous information about its visitors. LTI and select, contracted service providers use such information to compile statistics about the daily number of visitors to its sites, the daily requests received for services and products, and what countries those requests originate from.

LTI collects the following technical information automatically from visitors to its website. This information is only used for internal analytics to improve the functionality of the products and services provided by LTI.

Device information: information about the device used to access LTI’s website, including IP address, browser information, model, and operating system.

Usage information: LTI employs third-party services, including cookies, to collect information about page visits such as logins, frequency of visits, time on page, links clicked, features used, products and services requested, what countries those requests come from, and websites visited before and after accessing LTI’s website. Visitors may disable cookies through their browser settings if desired; however, without cookies, some aspects of the LTI website may not function as intended.

The LTI website does include an optional support chat feature in which, if they choose, visitors may introduce PII such as name, email address, and phone number when sending their inquiries to LTI’s customer support team.

This information is always introduced voluntarily by the visitor and is never collected passively by the LTI website or its features. The support chat feature is completely disabled, as are all analytics, for those pages on the LTI website that are directed toward visitors under the age of 18.

General Use

Access to and use of the LTI website, including individual client test data, is at the risk of the visitor. Under no circumstances, including but not limited to negligence, shall LTI, its officers, directors, owners, employees, agents, and any other party involved in creating, producing, or delivering the website and any content on the website, be liable for any damages whatsoever (including, without limitation, any direct, incidental, consequential, indirect, or punitive damages) arising out of or related to any individual's access to, use of, inability to access or use the website for any reason (e.g., failure of performance or operation, any interruption of service, computer virus), any unauthorized use or access to a customer's files, or any damages to their computer equipment, programs, files, or other property, even if LTI has been advised of the possibility of such damages.

Occasionally, LTI may provide an external link from its website to a third-party affiliated with LTI. LTI is not responsible for the contents of any on-site or off-site pages referenced through such links, nor is LTI liable for any defamatory, offensive, or illegal conduct that may occur from or through such third-party links. Links to other websites do not constitute an endorsement of that site by LTI.

Security

Protecting PII is an important priority for LTI. LTI employees who violate its confidentiality and security policies and procedures are subject to disciplinary action. Service providers or affiliates that receive PII are required to preserve the confidentiality of that information under the terms of legal confidentiality agreements. LTI also maintains physical, electronic, and procedural safeguards in accordance with industry standards that are designed to keep unauthorized persons from accessing PII stored on LTI systems, as well as protecting it from loss or destruction, misuse, alteration, or disclosure.

All customer communication and files in digital format are stored on a secure network, accessible only by approved staff. LTI uses 256-bit AES encryption or higher encryption technology to protect data while in motion or at rest in its custody. All critical systems and servers are separately housed within LTI's secure facilities, or secure cloud vendor, and are accessible only by authorized personnel. LTI's physical premises are protected by live security surveillance methods, and all off-hour entry is logged through an access control system.

LTI has policies in effect in the event of a breach or unauthorized disclosure of PII. These policies include a plan for notifying clients and specify a required timeline for doing so, based on the severity of the breach as determined by the National Vulnerability Database’s Common Vulnerability Scoring System, which is an open framework for communicating the characteristics and severity of software vulnerabilities.

Please see the Student Privacy Policy section below for information on our plan for notifying clients in the event of a breach containing data related to the AAPPL, ALIRA, or ACTFL OPI & WPT for the Seal of Biliteracy, which may involve data related to customers under the age of 18.

Copyright Protection and Use of LTI Information

The testing products and services provided by LTI are protected by copyright as a collective work and/or compilation, pursuant to U.S. copyright laws, international conventions, and other copyright laws. Company names, logos, and trademarks may not be used by any individual member of the public or any client or customer in any manner without the prior written consent of ACTFL, LTI, or the respective licensor. Users should assume,

unless specifically noted, that all content on the LTI website and any files or programming related to the website and/or testing products and services provided by LTI are protected by such rights owned exclusively by ACTFL, LTI, or the respective licensor. Therefore, users may not recopy, distribute, publicly display, modify, transmit, reuse, repost, or use for public or commercial purposes any of the contents of the website without the express written permission of the content owner, obtained in advance of such use. Permission requests should be sent to: info@languagetesting.com.

Please note that content contained within the LTI Blog, though part of languagetesting.com, is exempt from the requirement to obtain permission before reposting and may be shared without the need to contact LTI in advance. Blog posts can be identified by the /blog/ that is part of their page URLs and the special note in the page footer that specifies that the content is part of the exception to this privacy policy.

Data Deidentification Policy

This Data Deidentification Policy is based on the standards defined by the General Data Protection Regulation (GDPR) as it establishes the “right to be forgotten.”

Note: Individual clients and client organizations who request deidentification of their data within LTI’s systems must accept that the procedure is permanent and irreversible. Once the process has begun, it is not possible to restore or reidentify the data in any way.

Test Takers from an LTI Client Organization

Test Takers Over 18 Years of Age

Test takers of majority age whose PII was provided to LTI by one of LTI’s client organizations must contact the organization and have it initiate the request to LTI for data deidentification. The organization may contact privacy@languagetesting.com

Note: In some cases, a client organization may have a previously executed Data Privacy Agreement (DPA) in place with LTI. In such cases, LTI will follow any data deidentification or disposition terms agreed to in the DPA. Any exceptions to those terms should be requested in writing by the client organization and subsequently agreed to by LTI.

Test Takers Under 18 years of age

If a test taker whose PII was provided to LTI through one of LTI’s client organizations is under the age of 18, the test taker’s parent or legal guardian must contact the organization and have it initiate the request to LTI for data deidentification.

Individual Clients

Individual clients who purchased a test on their own via the LTI website (independent of a client organization) must send a request for PII deidentification that includes the following information of the person whose PII is to be deidentified:

• Full Name

• Mailing Address

• Contact Telephone Number

• Email Address

Such requests should be sent to privacy@languagetesting.com, and should originate from the same email address that LTI already has in its systems, that is, the same email address that the requestor used to set up an account on

LTI’s website. If this is not possible due to loss of access to the original email address, other means will be used to verify the identity of the requestor prior to proceeding with data deidentification.

Once the identity of the requestor has been confirmed, LTI will proceed to deidentify the data in all of its systems. LTI will also request deidentification of the data in the systems of any service providers who received the requestor’s PII as part of the testing process.

Based on the following terms, LTI will comply with any requests from individual clients to (1) deidentify PII that is intentionally provided to it through the test ordering process, (2) destroy PII, or (3) dispose of test responses before the usual 10-year disposal date.

• All requests for de-identification, deletion, or disposal require a period of 75 days for LTI to complete.

• If no request for de-identification, deletion, or disposal is received by LTI, all PII, test data, and test responses will remain in its original state (not de-identified) within LTI’s secure, encrypted systems for 10 years.

Student Privacy Policy

This section of the LTI Privacy Policy outlines special considerations for the handling of student data and applies only to those candidates for whom language testing is conducted through an educational institution, whether at the K–12 or post-secondary level. LTI is committed to protecting all of its customers’ information. As part of this commitment, it works to ensure that student data are handled in a manner consistent with FERPA and COPPA, as outlined below.

LTI’s Privacy Policy protects the data and right to privacy for all students. In this regard, this policy applies to students who test through their educational institution after reaching the age of 18 (or the age of majority in states in which that age is lower than 18). This policy also applies to the protection of student education records under the Individuals with Disabilities Education Act (IDEA).

Students Aged 18 and Over

LTI’s Privacy Policy applies to all PII collected from students aged 18 and over who test through their educational institutions, as described in the Use of Personally Identifiable Information section above. Additionally, such students’ data are protected by FERPA. LTI personnel will not communicate about student PII or other aspects of the student educational record with any party other than with eligible students themselves or with verified LTI Client Site users associated with the educational institution through which testing is conducted. Otherwise, all terms of the privacy policy above apply to these users.

Students Under the Age of 18

LTI collects some PII for students under the age of 18 from the teachers, schools, school districts, and states that purchase tests provided by LTI. It limits the use of such PII to only those educational contexts authorized by the teacher, school, school district, or state.

LTI administers some tests to students under 13 years of age, but it should be understood that LTI applies the rigorous data privacy standards required for students under 13 years of age to all students under the age of 18.

Tests provided by LTI to students under the age of 18 include:

• ACTFL Assessment of Performance toward Proficiency in Languages (AAPPL)

• ACTFL Latin Interpretive Reading Assessment (ALIRA)

• ACTFL Oral Proficiency Interview (OPI) & Writing Proficiency Test (WPT) for the Seal of Biliteracy

     o Note: The ACTFL OPI & WPT for the Seal of Biliteracy is intended only for students in grades 11 and 12 for the purpose of attaining their state's Seal of Biliteracy prior to their high school graduation. As such, there are no privacy considerations related to this test for students under 13 years of age.

These tests are used to measure students’ proficiency in a language and can also measure their longitudinal progress toward achieving educational outcomes. At no time does LTI ask students under age 18 to participate in any survey that could reveal PII or any other protected category of information.

The AAPPL, ALIRA, and ACTFL WPT for the Seal of Biliteracy are administered over the Internet using a computer or tablet. The ACTFL WPT for the Seal of Biliteracy can be administered in a pencil/paper (booklet) version if requested by the teacher, school, school district, or state. The ACTFL OPI for the Seal of Biliteracy is administered over the telephone. In all cases, the tests are proctored by a teacher, school employee, parent/guardian, or via a computer-based proctoring service, as requested by the teacher, school, school district, or state. (See the Privacy Considerations Related to Computer-Based Proctoring section below.)

For human-proctored tests, proctors are directed to enter the URL of the appropriate testing platform for students just before they are to begin their tests.

• AAPPL Student Test Portal: http://aappl2.actfltesting.org

• ALIRA Student Test Portal: https://actfllrhtml.actfltesting.org

• ACTFL WPT for the Seal of Biliteracy Test Portal: https://wpt.actfltesting.org/

Through this privacy policy, LTI provides each school with all notices required under COPPA. Any parent/guardian of a student under the age of 18 who wishes to request access to their child’s PII in order to review and/or have it deleted must do so by contacting their child’s school, which will then contact LTI, as described below in the Parent / Legal Guardian Access to Student PII and Requests for Deletion section.

The products and services provided by LTI do not enable students under age 18 to make their PII publicly available.

Receipt, Collection, and Use of Student PII

Since all students under age 18 are registered for testing by their teacher, school, school district, or state, no email or contact information is collected directly from students. Access to student PII within LTI’s secure systems is limited to select LTI employees and agents of the school, school district, or state who require access as specified in their LTI Client Site account. Information provided by the teacher, school, school district, or state about students, which is encrypted by LTI, may include:

• first and last name

• gender

• preferred gender pronouns

• identification number

• school where a student is enrolled

• grade (or course level/years of study)

• testing accommodations requests, when applicable

• school district and state

• first and last name and email of the teacher, principal, or other agent of the school, school district, or state who ordered the student’s test

Information that LTI collects prior to or during the test taking process include:

• written answers and audio responses, depending on the form and scope of the test

• information captured by our systems (login timestamps, operating system, browser, IP address, item submission timestamps, error timestamps)

Teachers, schools, school districts, or states, receive individual student score reports from LTI, and they disseminate that information and/or a certificate to students.

Note: Alternatively, if a teacher, school, school district, or state wishes to send that information and/or certificate directly to a parent / legal guardian of each student, they may do so by using a feature within the Client Site that releases scores and certificates to users that are registered and validated through a secure web portal.

LTI does not communicate directly with parents / legal guardians or students; any requests to review the information that LTI has received about a particular student must be communicated to LTI by their teacher, school, school district, or state. If required by the teacher, school, school district, or state, LTI will delete or correct an individual student record. However, since actual test items are proprietary and must be kept confidential, they are never disclosed.

In addition to the uses of customer PII mentioned in the Use of Personally Identifiable Information section near the beginning of this document, LTI may use student test response data to…

• provide reports to teachers or administrators at the school, school district, or state level.

• investigate information security, test security, and information asset protection-related incidents.

• support teachers or school, school district, or state administrators in implementing products or services it provides.

• monitor the use of the products it provides and perform such analyses as might be necessary or helpful in improving product performance, efficiency, and security.

• perform analyses directed at improving the educational effectiveness of the products and services it provides and to contribute to general knowledge about student achievement in languages.

• provide training to language proficiency raters who score the AAPPL, ALIRA, and ACTFL OPI & WPT for the Seal of Biliteracy.

• research and develop new test products and services.

LTI does not sell or use any PII for students under the age of 18 for marketing purposes.

The school, school district, or state through which AAPPL, ALIRA, or the ACTFL OPI & WPT for the Seal of Biliteracy tests are ordered and administered may report student scores to third parties for purposes of awarding the Seal of Biliteracy or to others as determined and agreed upon at the school, school district, or state level. LTI is not responsible for student PII that is shared by teachers, schools, school districts, or states to third parties.

LTI Service Providers

LTI may rely on service providers that support the internal operations of its digital properties, such as hosting the website, designing and/or operating the features of its digital property, tracking analytics, or performing other administrative services. These service providers are held to the same obligations as LTI with regard to PII from students under age 18. They may not disclose or use PII for any purpose other than those for which they are contracted, and they are subject to the terms of this privacy policy. If any of these uses involves LTI’s licensor, ACTFL, or a service provider, LTI requires that ACTFL and such service providers sign a confidentiality agreement ensuring that all PII that is shared will be protected to the same degree that LTI protects it.

Below is a list of the service providers used by LTI, the services they provide, and links to their respective privacy policies.

Providers Who May Service Students Under 18 Years of Age

Amazon Web Services (AWS): Cloud data storage for all student data, including for students under age 13

Verificient Technologies, Inc.: Remote computer-based proctoring, available only to students aged 13 and over

Learnosity: Content editing

Providers Who May Service Website Visitors and Candidates Aged 18 and Over

Amazon Web Services (AWS): Cloud data storage

Verificient Technologies, Inc.: Remote computer-based proctoring

Learnosity: Content editing

Examity: Remote computer-based proctoring

Prometric: Remote computer-based proctoring

ProctorU (Meazure Learning): Remote computer-based proctoring

WebFx: Collection of aggregated, anonymous visitor information on adult-directed webpages

Google Analytics: Collection of aggregated, anonymous visitor information on adult-directed webpages

Prevaj: Access to LTI website visitor information for consulting purposes. (Contracted consultant, secured by a non-disclosure agreement.)

Intercom: Provider of the customer self-service chatbot on the LTI main website

Use of Aggregated, Anonymous Student Data

LTI may use the aggregated, anonymous student data it collects to…

• analyze test results, outcomes, and preferences.

• improve testing services it provides to meet customer and student needs.

• monitor test usage and perform analyses to improve product performance, efficiency, and security.

• research how students use the products and services it provides.

• analyze the educational effectiveness of the products and services it provides.

• contribute to the general knowledge about students’ achievement in language via external academic

research and scholarship.

• enforce its Terms of Use.

Additionally, LTI may use the information as may be required or permitted by legal, regulatory, industry self-regulatory, audit, or security requirements.

Special Reporting or Research Agreements

In some cases, teachers, schools, school districts, or state administrators who register students for tests may include an agreement with LTI for additional information that they wish to include in their data for specific reporting purposes. Some of these data could potentially be linked to an individual student based on such demographic categories as ethnicity, first language, free or reduced lunch status. When such agreements are in place, reports containing this aggregated anonymous information are provided only to the teachers, school, school district, or state administrators authorized to receive that information. In such cases, data are held securely and only LTI employees directly involved in producing these reports have access to the student PII.

LTI does not collect or maintain any demographic, academic or other school record information about students, teachers, or school, school district, or state administrators unless it has a separate reporting or research agreement with a school, school district, or state, as described above.

Student-Directed Content on LTI's Website

Certain pages hosted on LTI’s website include student-directed content that is intended to assist students in preparing for the AAPPL or ALIRA. As a means of ensuring compliance with COPPA regarding data collection for

students under the age of 13, such pages are considered to contain student-directed content and do not collect or track information about visitors. Additionally, LTI’s support chat feature is disabled on those pages to prevent the introduction of PII by students under the age of 18 and there are no links back to the LTI website from the student-directed pages. Students are provided the direct URLs to those student-directed pages by their teachers or school administrators.

PII in Student-Generated Content for Students Under Age 18

Collection

Student-generated content, or students’ recorded or written responses to open-ended prompts within the AAPPL or ACTFL OPI & WPT for Seal of Biliteracy, is collected as part of the standard process of administering those two tests. (The ALIRA does not include any open-ended prompts and, therefore, does not collect any student-generated content.) While it is possible that some students may include personal details as part of the content they generate while responding to the aforementioned open-ended prompts on the AAPPL or ACTFL OPI & WPT for Seal of Biliteracy, these tests do not explicitly request such information from students. Any details that students opt to share are incidental and not intentionally collected by LTI.

Use

Student-generated content for the AAPPL ILS and PW components is reviewed by certified test raters and used exclusively for the purpose of providing test ratings to the teachers, schools, school districts, and states that order tests for their students. Authorized users of the LTI Client Site can review student responses to the AAPPL ILS and PW components for 60 days after the date of administration of the test, after which the response data are automatically removed from the Client Site portal. Only authorized users who are logged into the secure site can access these data and the site provides no mechanism with which to download the student-generated content.

Student-generated content for the ACTFL OPI & WPT for the Seal of Biliteracy is never made available except to the certified test raters who score the tests through LTI’s secure rating platform.

LTI does facilitate some student-generated content to its licensor, ACTFL, for purposes of rater renorming and certification. These are necessary programs that ACTFL delivers to ensure consistent and accurate rating and scoring procedures.

Note 1: Any student-generated content that LTI shares with ACTFL for rater training purposes is reviewed to ensure that it does not include PII.

Note 2: When student-generated content is shared with ACTFL for rater training purposes, it is done so without connection to the PII that the teacher, school, district, or state provided when ordering the tests. That is, the associated test record is deidentified prior to providing ACTFL with access to the student- generated content.

Note 3: In the event that a teacher, school, district, or state enters into an agreement with LTI that specifies that student-generated content associated with their account may not be used by ACTFL for its training purposes, LTI ensures that that content is not shared.

Retention

Unless otherwise requested, student-generated content for the AAPPL, ALIRA, or ACTFL OPI & WPT for the Seal of Biliteracy is retained in LTI’s secure and encrypted systems for up to 10 years.

De-identification, Deletion, or Disposal

Based on the following terms, LTI complies with any requests to (1) deidentify PII that is intentionally provided to it through the test ordering process, (2) destroy PII, or (3) dispose of student-generated content before the usual 10-year disposal date.

1. All requests for de-identification, deletion, or disposal require a period of 75 days for LTI to complete.

2. The 75-day period may only commence once all tests ordered by the teacher, school, school district, or state have been administered, rated, and confirmed; and, after any outstanding invoices from LTI for the tests administrated have been paid by the school, school district, or state.

3. Requests for de-identification, deletion, or disposal can be stipulated in a previously executed data privacy agreement (DPA) between LTI and the school, school district, or state that ordered the tests.

4. If a school, school district, or state that ordered the tests wishes to amend the de-identification, deletion, or disposal request stipulated in their DPA, or if they never had a DPA; they may make such a request in writing at any time. (See the LTI Contact Information at the bottom of this document.)

5. In all other cases, all PII, test data, and student-generated content will remain in its original state (not de- identified) within LTI’s secure, encrypted systems for 10 years.

Parent / Legal Guardian Access to Student PII and Requests for Deletion

In the event that parents or legal guardians of students under age 18 wish to review or request deletion of their children’s PII, they must directly contact the school, school district, or state that ordered the testing. The school, school district, or state will be responsible for verifying the identity of the requesting parents or legal guardians. If deletion is required, the school, school district, or state will forward the request to LTI, which will in turn handle the request and report back to the school, school district, or state. LTI will only communicate with the school, school district, or state.

Data Security Breach Notification for Students Under Age 18

In the event of a data security breach related to testing with the AAPPL, ALIRA, or ACTFL OPI & WPT for the Seal of Biliteracy, LTI will not contact parents, guardians, or test takers directly. Instead, it will notify the teacher, school, school district, or state that ordered the affected tests.

Privacy Considerations Related to Computer-Based Proctoring

In order to meet the remote testing needs of students aged 13 and over, LTI has partnered with a service provider for computer-based proctoring to enable secure testing away from school when necessary. Computer-based proctoring uses AI technology to monitor the student testing experience, ensuring that no human is viewing students while testing. In fact, as a protective measure, AI proctoring prevents students from having to interact with any human during the testing process. Videos are reviewed by select internal LTI employees only when tests are flagged for a potential security violation; video file access is restricted to pertinent LTI employees only.

Computer-based proctoring is not available for students under 13 years of age in compliance with COPPA regulations. As part of the computer-based proctoring onboarding process, students must enter their complete date of birth and acknowledge and agree to this policy. Students who enter a date of birth that reveals them to be younger than age 13 are blocked from proceeding to the computer-based proctoring system and directed to contact their teacher or administrator.

LTI passes to the computer-based proctoring service provider only the minimum amount of information required, which are the student’s first name and test ID.

The computer-based proctoring service provider collects the following additional information about students, all of which the student creates directly during the proctoring session:

• photograph of the student

• audio and video recordings of the student taking the test and of the test-room environment

• screen captures during test administration

LTI’s agreement with the computer-based proctoring service provider ensures that all student data (name, images, videos) are deleted in accordance with a 14-day data purge policy.

Lastly, because requirements for parental permission vary by state and district, LTI requests that teachers, schools, school districts, or states confirm that they have any necessary parental permission prior to ordering their students’ tests.

California Student Data Privacy Requirements

Related to the Student Online Personal Information Protection Act (SOPIPA) in California, LTI performs only testing services within a K–12 school that take place under the direction of a teacher, school, or school district. Therefore, the student profile that LTI receives is specifically related to each K–12 school or school district. LTI does not use any data it receives from K–12 students in California to conduct targeted advertising. That is, student email information is not collected nor are the home addresses of students or parents. At the request of the teacher, school, or school district that ordered a student’s test, LTI will remove the student’s information from its database. LTI does not sell student information covered by SOPIPA to any other entity, including any educational services operator that may be covered by the California law, nor does it disclose such student information to any of its service providers who are not also contractually bound to comply with SOPIPA. Finally, LTI may use aggregated, anonymous student data to develop and improve the tests and services it provides.

However, because of the proprietary and secure nature of the tests, students are not permitted to save or download copies of the tests or the responses they create.

LTI uses contractual terms and privacy policies to ensure that its service providers conform to all of these policies when any information subject to COPPA, FERPA, or SOPIPA may come into their possession. Those other terms and policies may modify any LTI policy for information received or released under those terms, but they will never contradict the policy terms described here.

Changes to the Privacy Policy

LTI may modify this privacy policy from time to time, as circumstances may dictate. If we make a material change to this policy that affects our collection or use of PII, we will post notice at the top of this policy prior to making the change. If we have your contact information, we will use it to notify you before we make the change. If you have any questions or concerns about the policy, please contact LTI at privacy@languagetesting.com or call (914) 963-7110 (or 800-486-8444), Option 1.

LTI Contact Information

Language Testing International, Inc.

580 White Plains Road, Suite 660

Tarrytown, NY 10591

(914) 963-7110 (or 800-486-8444), Option 1

privacy@languagetesting.com

 

Downloadable LTI Privacy Policy

Last updated: November 2022

Copyright © 2023 Language Testing International. All rights reserved.