Legal Department Colorado Virtual Academy 165 South Union Blvd, Suite 777 Lakewood, CO 80228 303-255-4650 legal@ColoradoEd.orgXI. Enforcement and Dispute Resolution As part of ColoradoEd’s annual certification process, ColoradoEd will review ColoradoEd’s compliance with this Policy. If you are an Employee and have any questions, complaints, or disputes regarding the manner in which ColoradoEd handles or protects your Personal Data, please bring it to the attention of your local Human Resources representative. Complaints or disputes that cannot be remedied by your local Human Resources representative should be forwarded to the ColoradoEd Legal Department at the address above. If you are a Customer and have any questions, complaints, or disputes regarding the manner in which ColoradoEd handles or protects your Personal Data, please bring it to the attention of the ColoradoEd Legal Department at the address above. With respect to any complaints regarding this Policy received from any Employee concerning EU Employee Personal Data that cannot be resolved through ColoradoEd’s internal processes, ColoradoEd agrees to cooperate and comply with the primary EU data protection authority for the data controller in question, and, where required, to take appropriate steps to address any adverse effects and assure future compliance. With respect to any complaints regarding this Policy received from any Customer that cannot be resolved through ColoradoEd’s internal process, ColoradoEd agrees to participate in the dispute resolution procedures set forth by Judicial Arbitration and Mediation Services. In the event that ColoradoEd or Judicial Arbitration and Mediation Services concludes that ColoradoEd did not comply with the Policy, ColoradoEd will take appropriate steps to address any adverse effects and assure future compliance. ColoradoEd retains sole and absolute discretionary authority to resolve all questions relating to the administration, interpretation and application of this Policy. This authority includes construing the terms of this Policy, including any disputed or doubtful terms. XII. Compliance Failure to comply with this Policy, undergo related training, and abide by all applicable privacy, data protection, and data security laws will amount to a serious disciplinary offence, subject to disciplinary measures which may include termination of employment. Any questions about the applicability or administration of this Policy should be immediately brought to the attention of ColoradoEd’s Legal Department. XIII. Defined Terms Capitalized terms in this Policy have the following meanings: “Customer” means any parent, legal guardian or student that is a prospective, current, or past Customer of ColoradoEd that stores personal data on equipment in the EU, the EEA, or Switzerland. “Data Subject” means an identified or identifiable natural living person, and includes ColoradoEd Customers and Employees. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, psychological, mental, economic, cultural or social identity. “European Affiliate” means a ColoradoEd affiliate located in the EU, elsewhere in the EEA, or in Switzerland. “Employee” means an employee (whether temporary, permanent, part-time or contract), former employee, independent contractor, or job applicant of ColoradoEd or any of its affiliates, who is also a resident of the EU, another EEA member country, or Switzerland. “Personal Data” means data that personally identifies a Data Subject or that may be used to personally identify a Data Subject (such as an identification number that identifies a Data Subject). Personal Data includes data such as an individual’s name, address, phone number, e-mail address, user ID and password, and any other information that is combined with Personal Data (such as country of birth, marital status, emergency contact, salary information, performance information, terms of employment, and job qualifications (such as educational degrees earned). Personal Data does not include data that is unreadable or anonymized, or publicly available information that has not been combined with non-public Personal Data. “Sensitive Data” means Personal Data that discloses a Data Subject’s medical or health condition; race or ethnicity; criminal convictions; political, religious, or philosophical affiliations or opinions; sexual orientation; or trade union membership.