1. Core Privacy and Security Principles
ENA considers and acknowledges all data that ENA may gather from an institution or the devices it owns and manages is the property of the customer institution. ENA’s customers have complete and unequivocal rights to their data and how they wish their data to be utilized.
Non-Disclosure to Third Parties:
ENA does not sell, provide, or disclose any personally identifiable information to any third parties. ENA is a trusted steward of the data of the users and institutions we serve. Data received from our customers is used solely for purposes of providing ENA services.
ENA uses significant security measures to protect the privacy of our users’ data. These security protections include, but are not limited to, de-identification of certain personally identifiable information, encryption of all data at rest, and encryption of all data in transit.
2. How and What Information is Collected by ENA
ENA generally does not collect a significant amount of personally identifiable information, as described below, from users. No other company or organization collects personally identifiable information through ENA’s Services.
Information Provided by Customer Institutions or Through Computers Used at Customer Locations
Our Customer Institutions provide ENA with most of the personal information necessary to allow users to use ENA’s Services. Users of computers at customer locations may also directly provide ENA with personally identifiable information necessary to allow users to use ENA’s Services. ENA relies on customer institutions to obtain and presumes that they have obtained any required parental or other necessary consent or permission before their users may have access to or otherwise utilize ENA’s Services at customer locations or through customer computers. In the particular case of Schools or School Districts, many of which ENA serves, Schools must notify parents (or guardians) and obtain parental consent before children under the age of 13 may use ENA’s Services.
Information Provided Through Computers Used Outside Customer Locations
Certain users, primarily customer IT staff, administrators, or other authorized staff members, may be able to access ENA’s Services from computers or smart devices outside of their customer locations. Such access is only available for persons affiliated with a customer institution. Users accessing ENA’s Services outside of a customer location may be asked to provide personally identifiable information, such as address and phone number, in addition to the information described above to set up and use an ENA account or ENA services. No person under the age of 13 is permitted to access ENA’s Services from computers or smart devices outside a customer location.
We also want you to be aware that certain information related to telecommunications services provided to you by ENA, commonly referred to as “Customer Proprietary Network Information” or “CPNI,” is subject to special Federal laws and regulations, with which we are fully committed to comply, both in the on-line environment and in all other respects.
CPNI relates to the quantity, technical configuration, type, destination, and amount of use of a telecommunications service subscribed to by any customer of a telecommunications carrier, and that is made available to the carrier solely by virtue of the customer-carrier-relationship; and information contained in all the bills pertaining to telephone exchange service or telephone toll service received by a customer of a carrier.
Aggregate customer information or ACI is collective data that relates to a group or category of services or customers, from which individual customers and identities have been removed.
It is the policy of ENA to protect all proprietary information belonging to or in the control of ENA, including, without limitation, information about its customers and the services and products provided to those customers by ENA. It is further the policy of ENA to treat all CPNI and ACI in a confidential manner and to limit access, disclosure and use of such information in a manner consistent and in compliance with all requirements imposed by the 1996 Telecommunications Act and by the FCC.
All employees or representatives of ENA, including those who have access to or use CPNI or ACI, receive mandatory annual CPNI training, including, without limitation, training with respect to when they are and are not authorized to access and use CPNI or ACI.
Failure by any of our employees to comply with ENA’s policies concerning CPNI is subject to disciplinary actions which may, depending upon the severity of the failure, result in termination of employment.
Annual Customer Proprietary Network Information Certification
As required by Rule 64.2009(e) set forth at 47 CFR Part 64, the compliance certification and supporting statement of ENA Services, LLC is publicly available at the offices of ENA, 618 Grassmere Park Drive, Suite 12, Nashville, TN 37211.
3. How Information is Used by ENA
ENA uses the information we collect to provide our contracted connectivity, communications, security, cloud, and/or other related services.
ENA uses personally identifiable information obtained from users to assign usernames, passwords and Email addresses, when requested, so that access can be limited to appropriate and authorized users. ENA also delivers the instant messages, Emails, message board comments, and chat messages that users create. ENA does not read or disclose information contained in Emails, chat rooms, instant messages, or message boards, unless required to do so by law, if we fear for the safety of one of our users, or for a reason described in the Legal Disclosures section below. Users, however, should be aware that messages and information posted publicly or provided to others could be seen or used by others.
An IP address is a number assigned to a computer for use with the World Wide Web and the Internet. ENA collects IP addresses to assist in system and network administration, collect aggregate information, track trends and audit use of ENA’s Services. ENA does not associate personally identifiable information with IP addresses.
ENA may supplement information provided by customer institutions or users with information obtained from outside sources. For example, For instance, for education agencies, ENA may match school codes with a database or other information as to which schools are located in which school districts.
On various web pages, users can contact ENA directly through Email links to ask questions or make comments. ENA reads such messages and endeavors to respond promptly. ENA may file some comments or questions to improve ENA’s Services or ENA may discard them. ENA will not disclose any personally identifiable information contained in such questions and comments to any third parties.
We may use your non-personally identifiable information, including as aggregated with other users’ information, to analyze use of our services, including obtaining demographic information on our users and their subscribing institutions generally. We do not retain personal information for longer than necessary to deliver services.
ENA may also use the information provided by customer institutions or collected through our delivery of services to customer institutions to help us deliver the services the institution has requested, or to design or offer specific products or services that we believe will be useful to the institutions we serve. While we may use such information to contact you or to send materials to you for marketing purposes, we will take commercially reasonable steps to safeguard such information from unauthorized access by any other parties.
4. Disclosure of Information
Unless we specifically disclose it to you at the time of collection or subsequently obtain your approval, we will not make visitor or customer-specific information that is gathered on our site or through the delivery or provisioning of our services available to any third party for any reason. At no time will we sell data to advertisers or other third parties for payment.
Certain federal, state and local laws or government regulations may require us to disclose non-public personal information about you. In these circumstances, we will use reasonable efforts to disclose only the information required by law, subpoena or court order to be disclosed.
ENA does not share personally identifiable information with any outside companies or third parties or make such information publicly available. ENA does not advertise or market to children using ENA’s Services. ENA does not use any information about how individual users surf the Internet or our sites to help sell our products. ENA, however, may use aggregate information (i.e., anonymous and not tied to any personal information) for our own research purposes and to analyze the efficiency of our network and services, which may include sharing aggregated, anonymous information with our partners and sponsors.
In addition to the policies stated above, ENA has adopted special policies to protect the privacy of children under the age of 13 consistent with the Children’s Online Privacy Protection Act (“COPPA”). Parents and teachers are encouraged to discuss online protection with children.
ENA does not use personally identifiable information collected about children under the age of 13 for any marketing or promotional purposes. ENA does not condition a child’s participation in an activity on the child disclosing more personal information than is reasonably necessary to participate in such activity.
ENA may use online contact information, such as an Email, from a child under the age of 13 only to respond to a one-time specific request from a child; to respond more than once directly to a specific request from the child (such as for a forgotten password) and not re-contact the child beyond the scope of the request; to collect a child’s, parent’s or teacher’s Email address to provide notice and comment; or to collect a child’s name or online contact information to protect the security or liability of the site or to respond to law enforcement, if necessary (in which case ENA will not use the information for any other purpose). When the information is used to contact the child more than once, ENA will use reasonable efforts to notify the child’s parent, school administrator or teacher (to stop the communication before sending or delivering a second communication to a child).
Parents or guardians can review, correct, or delete a student’s registration information if they wish to do so. A parent or guardian may do so by contacting his or her School’s System Administrator for ENA, or ENA directly by phone, Email, or mail at the contact information below. Parents can also refuse to permit further collection or use of the child’s information by ENA.
Additionally, we acknowledge that the schools and associated users we serve are subject to the Family Educational Rights and Privacy Act (20 U.S.C. 12332(g)) (FERPA), which law and supporting regulations generally address certain obligations of an educational agency or institution that receives federal funds regarding disclosure of personally identifiable information in education records. ENA has been authorized by the subscribing school or similar institution as a “school official” under FERPA and has a legitimate educational interest in personally identifiable information from education records because We: (1) provide a service or function for which the users, schools and districts would otherwise use employees; (2) is under the direct control of the users, schools and districts with respect to the use and maintenance of education records; and (3) is subject to the requirements of FERPA governing the use and redisclosure of personally identifiable information from education records.
6. Other Important Information
We use industry best practice security technology, including next generation firewalls, network access controls, and DDoS mitigation, to protect against access, loss, misuse, or alteration of user information. All data resides in SOC 2-compliant data centers in the United States. If you are accessing ENA services from another jurisdiction, you hereby consent to the transfer and processing of your information in the United States.
In the event of a breach of security affecting personal information, we will take such notification and other steps as may be required under applicable law. We ask that you do not ever send us or otherwise provide us highly sensitive information, such as social security numbers, personal health information, Driver’s License numbers and the like. We will not be liable for the use or disclosure of any such information if provided to us without our consent.
Third Party Sites
Social Media Sites
We may have pages or other presence on various social networking sites or services, such as Facebook, Twitter and the like. Any information you post or provide through such sites and services will be subject to the policies of those sites and services.
7. ENA’s Contact Information
618 Grassmere Park Drive, Suite 12
Nashville, TN 37211
By phone: (615) 312-6000
By fax: (615) 312-6099