1. Introduction

Your privacy is critically important to us. PLEASE READ THE FOLLOWING CAREFULLY.

This Privacy Policy describes how CLASI (The Collaborative for Leadership in Ayres Sensory Integration®, hereafter referred to as "CLASI," "we," "us," or "our") collects, uses, manages, stores, and may disclose data through the EASI Scoring Program (ESP).

If you do not agree with our Privacy Policy, please refrain from using the ESP or related services.

2. Statement of Data Privacy

The ESP provides scoring and reporting services exclusively for the Evaluation in Ayres Sensory Integration® (EASI). The data collected, processed, and stored within the ESP is entirely de-identified, meaning it contains no personal health information (PHI) or personal data that could link directly to an individual from other than the original tester.

The ESP was developed using Concerto, a platform created and managed by Cambridge University in the United Kingdom. ESP data storage is located exclusively within Amazon Web Services (AWS) in Ireland, ensuring compliance with stringent GDPR standards.

3. Types of Data Collected

The ESP stores de-identified demographic data and testing scores provided by authorized test administrators (clinicians and/or researchers). Stored information may include de-identified record IDs, date of birth, country, economic status, gender, and related demographic details. None of this data can independently identify an individual.

4. Consent and Notification

EASI administrators are required to inform parents or guardians via the "Parent Notification about the Evaluation in Ayres Sensory Integration®", clearly stating that anonymized data may be used in future research projects approved by CLASI. Parents and guardians are provided clear instructions to opt out, preventing the use of their child's data for future research.

5. GDPR Compliance

CLASI is committed to complying with the General Data Protection Regulation (GDPR) and relevant privacy laws. Test administrators are responsible for acquiring explicit consent and managing privacy rights communication with test participants and adhere to GDPR laws and other relevant privacy laws in their locations.

6. HIPAA Compliance

As a Business Associate under HIPAA, CLASI supports Covered Entities (clinicians/institutions) in safeguarding all personal health information. The ESP does not store or process identifiable PHI, thus significantly limiting exposure and ensuring compliance.

7. Data Security

CLASI employs rigorous data protection measures, including but not limited to secure encryption standards, multi-factor authentication (MFA) for user access, regular security audits and updates, and administrative and technical safeguards aligned with industry best practices.

8. International Data Transfers

Test administrators can access only data they directly entered and reports generated by the ESP. De-identified data may be transferred internationally to approved researchers, following secure and controlled methods. Researchers cannot re-identify any individual from the provided data.

9. Data Retention

We retain data only as long as necessary to fulfill the purpose for which it was collected, to comply with applicable laws, contractual obligations, or professional standards. De-identified data used for research may be retained indefinitely.

10. Use of Cookies and Web Tracking

The ESP's online interface utilizes cookies and tracking technologies solely to enhance user experience, security, and functionality. Cookies required for site functionality are activated by default and cannot be disabled. Optional cookies (e.g., analytics, performance cookies) are activated only with user consent.

11. Rights of Parents, Guardians or Tutors

Although ESP does not directly hold identifiable personal information, Parents, Guardians or Tutors have the right to:

• Be informed about data collection and usage.

• Access computed results of their child performance (e.g. EASI graph).

• Object to data processing or data usage in research.

• Have their child data deleted via request to the tester, institution where assessment was conducted or the ESP Administration.

12. Rights of Testers

Testers have the right to:

• Securely access the EASI Scoring Program (ESP) to perform assessments, input scoring data, and generate reports, strictly in accordance with these Terms of Service and applicable privacy regulations.

• Own and control of all original client assessment data they enter into the ESP. CLASI will not claim ownership or proprietary rights over any identifiable data.

• Expect strict confidentiality regarding any client data entered into the ESP. CLASI will uphold robust data security measures and comply with relevant confidentiality standards and regulations.

13. Data Breach Notifications

In the unlikely event of a data breach, CLASI will promptly notify relevant authorities and involved testers according to GDPR and HIPAA requirements.

14. Changes to this Privacy Policy

We reserve the right to update this policy. Any changes will be posted online with a revised effective date.

15. Contact Information

For any questions or concerns regarding this Privacy Policy or data practices related to ESP, please contact:

Marco Leao  

ESP Coordinator  

Email: esp@easitests.com  

Website: www.easitests.com

16. Effective Date

This Privacy Policy was last updated on April 23, 2025.