Document Tracking Service, Inc.
Document Tracking Service, LLC (“DTS”) has been working with K-12 public school districts, schools, and other organizations since 2005. DTS is primarily used by district and school staff to develop compliance reports which are available for the public via request from districts and schools.
This Policy covers DTS’ policies regarding the collection, use, and disclosure of Data when Clients, Administrators, and Users use the Service and the choices Clients, Administrators, and Users have associated with that Data. By using the Service, Clients, Administrators, and Users agree to the collection and use of information in accordance with this Policy. This Policy does not apply to the practices of companies that DTS does not own or control or to people that DTS does not employ or manage.
Definition of Terms
“Private Data” includes all Personally Identifiable Information and other non-public information including, but not limited to, student data, staff data, metadata, and user content.
“Public Data” includes all data that is available to the public via request from districts and schools, including, but not limited to, aggregated student data, budget numbers and narrative content.
Unless specified as Private or Public, use of the word “Data” refers to both Private and Public Data.
“Client” is any entity or organization with an agreement authorizing access to DTS.
“Administrator” is the primary contact for as established by a Client.
“User” is anyone with authorized access to DTS granted by an Administrator.
- DTS does not show advertising to any User.
- DTS will permanently delete Data from DTS servers upon request from a DTS Client.
- DTS maintains comprehensive security standards.
- DTS is transparent about collection and use of Data.
Scope of Policy
All Data collected using the Services is transparent and available for view by Clients. DTS does not collect any additional information other than basic analytics needed to: (1) provide and maintain the Service; (2) to monitor the usage of the Service; (3) provide Clients, Administrators, and Users care and support; and (4) to detect, prevent and address technical issues.
DTS will not use email addresses or other Personally Identifiable Information to send commercial or marketing messages not affiliated with DTS or DTS Services. DTS may, however, use Clients, Administrators, and Users email addresses without further consent for transactional or administrative purposes, such as notifying Clients, Administrators, and Users of a new feature or service, a major website changes, or for customer service purposes.
Information DTS Collects
While using the Service, DTS may ask Clients, Administrators, and Users to provide certain Personally Identifiable Information that can be used to contact or identify individuals. Personally Identifiable Information may include, but is not limited to: (1) email addresses, (2) first name and last name, (3) phone numbers, (4) address, state, province, zip/postal code, city, and (4) cookies and usage Data.
DTS may also collect information that does not personally identify individuals which is commonly collected on the Internet. For example, DTS may collect information that a Client, Administrator, or User’s browser sends whenever the Client, Administrator, or User accesses the Service on a computer or when a Client, Administrator, or User access the Service by or through a mobile device (“Usage Data”). Usage Data may include information such a Client, Administrator, or User computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of DTS Service that are visited, the time and date of such visit, the time spent on those pages, unique device identifiers and other diagnostic data.
When a Client, Administrator, or User accesses the Service by or through a mobile device, this Usage Data may include information such as the type of mobile device used, the mobile device unique device identifiers, the Internet Protocol address of the mobile device, the mobile operating system, the type of mobile Internet browser used and other diagnostic data.
DTS uses information that is collected for ordinary business purposes, such as to measure web page flow and also to customize features.
Purpose of Data Collection & Ownership
DTS will keep Data while a Client is engaged in an active agreement with DTS. Thereafter, DTS will keep a Client’s Data for as long as is necessary:
- To respond to any questions, complaints or claims made by a Client or on the Client’s behalf;
- To show a Client was treated fairly;
- To keep records as required by law.
Private Data is the property of the Client and remains in the Client’s control throughout the duration of any agreement and/or contract with DTS.
Role of District and School Administrators
DTS’ primary goal is not to store Private Data unless expressly requested by a Client. In such cases, DTS expects Administrators and Users to treat Private Data with confidentiality. DTS strongly discourages transferring Private Data over email and strongly discourages Clients from granting access to Private Data to anyone other than authorized Administrators or Users. Granting or allowing access, means both intentional actions, such as an Administrator authorizing a teacher or support staff as a User, as well as unintentional actions and consequences that may result from, a Client's failure to maintain sufficient Data governance or security practices.
In cases where the Family Educational Rights and Privacy Act (“FERPA”) applies, access to certain student information remains the legal responsibility of the applicable Client. The use of DTS is very specific and therefore, access to DTS is limited to Administrator and Users. That said, it is the Client’s responsibility to only grant access to those with a legitimate need for access to the Services and only grant access to those authorized to view Data stored in the Client’s account.
FERPA and Education Records
Although FERPA was enacted decades ago, and certainly well before Internet-based services became ubiquitous in academic settings, one of FERPA’s core tenets was and remains the protection of the privacy of Personally Identifiable Information in students' Education Records. As defined in FERPA, “Education Records” are “those records, files, documents and other materials which (i) contain information directly related to a student; and (ii) are maintained by an educational agency or institution or by a person acting for such agency or institution.” Personally Identifiable Information from Education Records includes information, such as a student's name or identification number, which can be used to distinguish or trace an individual's identity, either directly or indirectly through linkages with other information.
FERPA requires that educational institutions and agencies that receive certain federal funds, such as public schools, get prior consent from a parent or legal guardian before disclosing a minor student’s Education Records to a third party. Consequently, before a Client may enter, upload or access any Data concerning a minor student, the Client must confirm that the Client’s agency or institution has (1) obtained appropriate consent from the parent or guardian of that minor student or (2) determined that one of the limited exceptions to the parent or legal guardian consent requirement applies.
DTS only collects Private Data when explicitly requested by a Client. DTS will collect Private Data only when a Client requests a template and/or form and the template/form is then used by the Client to collect Data, which is stored on DTS servers. DTS will not share, reuse or sell Private Data.
COPPA and Children Under the Age of 13
The Children’s Online Privacy Protection Act (“COPPA”) is a federal law designed to protect the privacy of children under 13 years old. COPPA requires DTS provide parents or legal guardians with notice concerning what personal information is collected from children and how it is used or shared.
DTS is in compliance with the Children’s Online Privacy Protection Act of 1998.
- Individual children are not permitted to sign up for DTS.
- Private Data is only collected when explicitly requested by a Client. Each Client is then responsible for determining what Private Data is collected and who the Data is provided by.
Data Security and Protection of Data, Including Personal Identifiable Information
DTS has implemented measures designed to secure Private Data from accidental loss and unauthorized access, use, alteration and disclosure. All Private Data is transmitted to and from DTS using SSL technology. Private Data is stored in multiple databases with redundancy and maintained at data centers located in multiple geographically dispersed states within the United States. The transmission of information via the Internet is not completely secure and, although DTS uses reasonable efforts to protect Private Data, neither DTS nor any other hosted service provider can guarantee the security of all Personally Identifiable Information.
Data integrity and accuracy is achieved through strict restrictions on how Data may be accessed, and by whom. Audit logs are kept to track Data modification. Additional security measures are in place to prevent and identify Data tampering. In the case of a Data breach, DTS will immediately notify all Clients affected using the primary email address of the Client’s Administrator. It is the responsibility of Clients to contact parents or legal guardians of minor students regarding a Data breach.
Expiration of Agreement and Disposal of Data, Including Personal
Upon the cancelation of any agreement between a Client and DTS, DTS will keep Private Data for up to thirty (30) days except in cases where state laws require a longer duration. DTS will delete a Client’s Data from DTS servers upon the Client’s request at any time.
DTS is in compliance with California AB 1584.
Correction of Data
DTS only accepts requests to make changes to Data from the main contact of a Client or an Administrator. Parents or legal guardians who need to request changes to Data should contact the particular DTS Client or Administrator.
Changes to this Policy
California Shine the Light Law
California Civil Code Section 1798.83 permits California residents to request and obtain once a year, free of charge, a list of the third parties to whom DTS have disclosed Personal Information (as defined under that statute) of that California resident, for direct marketing purposes in the preceding calendar year and the categories of that kind of Personal Information that was disclosed to the third party. If a Client, Administrator, or User is a California resident and wishes to make such a request they may contact DTS by using the contact information in the “Contact Us” section of this Policy.
For more information about DTS’ privacy practices contact:
Document Tracking Service, LLC
10225 Barnes Canyon Road, A200
San Diego, CA 92101
Phone: (858) 784-0967