Children's Online Privacy Protection Act (COPPA)

Children's Online Privacy Protection Act (COPPA)

Nelnet Business Solutions dba FACTS Management Company: COPPA Direct Notice to Schools Acting as Agents for Parents With Children Under the Age of 13 With Respect to Student Information System Accounts

Under the Children’s Online Privacy Protection Act (COPPA), 15 U.S.C. § 6501 et seq. and implementing regulations, 16 C.F.R. 312, online operators such as Nelnet Business Solutions, Inc. dba FACTS Management Company (“FACTS,” “we,” “our,” “us) must provide direct parental notification (“Direct Notice”) and obtain verifiable parental consent before collecting personal information from children under the age of 13 (“Students”). However, where an educational institution has contracted with an operator to collect personal information from students for the use and benefit of the school, and for no other commercial purpose, the operator is not required to obtain consent directly from parents under COPPA, and can presume that (1) the school is acting as an agent for parents and (2) the school’s authorization for the collection of students’ personal information is based upon the school having obtained the parents’ consent. In this case, the operator must provide the school with Direct Notice of its collection, use, and disclosure practices.

This notice serves as FACTS’s Direct Notice to educational institutions (“schools,” “you”) of our information collection use and disclosure practices with respect to Students registered for Student Information System (“SIS”) accounts.

When a Student uses or interacts with our online services, the Student may provide us with personal information. In connection with administering an SIS account, the student may provide us with:

  • First and last name
  • Home address
  • Telephone number
  • Birth date
  • Email address
  • Username and Password
  • Student Identification Number

During the Student’s use of our services, we may collect certain information using various automated technologies, such as cookies, log files, web beacons, and other technologies. This information includes: IP address, identifiers associated with the Student’s devices, web browser characteristics, device characteristics, language preferences, referring/exit pages, clickstream data and dates and times of visits to our website and services.

We may disclose information as follows:

  • We may disclose information to third-party companies and individuals to facilitate our services, provide the services on our behalf, perform website-related services, assist us in analyzing how our website and services are used, or perform other services.
  • We may share information with companies that are affiliated with us, such as our direct or indirect subsidiaries or parent or sister companies.
  • We also may share information when you ask or permit us to do so; in response to subpoenas or court orders; when we suspect fraud or criminal activity; to protect our property and rights or those of a third party; to protect the safety of the public or any person; or to prevent or stop activity we may consider to be, or to pose a risk of being, illegal, unethical, or legally actionable.

For more information about our privacy practices with respect to children, please read our Children’s Privacy Policy.

It is your responsibility to ensure Students’ parents receive copies of this Direct Notice and our Children’s Privacy Policy.

Upon your request, FACTS will provide (1) a description of the types of personal information collected, (2) an opportunity to review a Student’s personal information, (3) the right to have a Student’s personal information deleted, and (4) the opportunity to prevent further use or online collection of a Student’s personal information.