In the event of merger or acquisition, we will seek to ensure the successor entity honors the privacy commitments in this Policy and our contracts.
1. What Information We Collect
We collect PII about any student, school staff member, employee, visitor, or volunteer that enters a Customer’s building. Depending on the Service we are providing, we may collect such PII in a number of ways, when you voluntarily use the Services at a Customer location, when our Customer provides the information to us or provides us with access to such PII as a result of using the Services. If you have questions about Customer control in relation to the Services, please contact the Customer who provided you with access to the Service. In other cases, we collect PII independent of our Customers. PII can include, but is not limited to, the following categories of information:
- Your first and last name, job title, organization and contact information (such as physical address, email address and phone number), student status;
- Government-issued identification, such as a national identification number (e.g., passport number, permanent resident card number, military ID), state or local identification number (e.g., driver’s license of state ID number), an image of the relevant identification card and the information that may be contained on the card, and a copy of information that may be readable through a barcode on the relevant ID card;
- Service credentials provided to you by Customers for support purposes;
- Your username, password, and other credentials associated with Services;
- Information about your use of the Services
- If you are affiliated with a Customer, information provided to us by the Customer about you, which may include your email address, job title, and other contact information;
- Any other information that you have provided to our Customer or that our Customer has asked us to collect from you on their behalf
- Information described in Section 5 (Mobile Practices) below.
We also receive PII about you from other sources, including third parties who share your PII with us, and combine this data with PII we already have about you. This helps us to properly support integrations between our Services and the services of a third party for our Customers and allows us to improve our existing Services, develop new Services, and engage in analytics. If you provide us with PII about others, or if others give us your PII, we will only use that information for the specific reason it was provided to us. Examples of the types of information that may be obtained from third parties and combined with PII we already have about you may include your use of third party services that are integrated with our Services.
In our capacity as a processor for our Customers, we may also collect from you the following PII about your contacts:
- Email address of an individual to be copied on a customer support ticket; and
- First and last name when changing the main contact on a customer support ticket.
When you provide PII about your contacts, we will only process this information in accordance with the specific reason for which it was provided and as part of the Services we provide to our Customers. If you believe that one of your contacts has provided your PII and you would like to request that it be removed, please contact our Customer, the data controller. Upon their request to us, we may remove the PII accordingly.
1.1. Student PII collected by Us
- Our Services may require basic information about students which may include name, grade level, school ID number, class schedule, parent, legal guardian and other student information as required by our Customers to use the Services. This is provided to us by our Customers either directly via manual entry from their Student Information System (SIS) or other systems with appropriate information
- We may also collect personal information about a student’s parent or legal guardian, an employee’s emergency contacts and other information. This information is provided by our Customers
- Our Customers may also choose to provide additional student information to us for enabling additional reporting capabilities through our Services.
1.2. Passive Collection and Tracking Technologies
Students and visitors are not included in the collection and tracking technologies (such as cookies) as they are indirect consumers or users of the Services.
We collect other information automatically in connection with our Services. This information may include Internet Protocol (IP) addresses, browser type, Internet Service Providers (ISP), referring/exit pages, the files viewed (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate and administer our Services.
2. How We Use Information
We use PII to provide our Services as directed by our Customers, including to respond to and act upon customer support inquiries and requests from our Customers, to provide information to our Customers (including reports and analytics about use of the Service), and to accomplish the actions or transactions you initiate through the Service.
In addition, we use PII for our business-oriented purposes, including to administer our Customer accounts, fulfill our contractual obligations with our Customers, improve our existing Services, develop new Services, engage in analytics, comply with legal or regulatory requirements, protect our rights and interests, and communicate with you about Services that may be of interest to you.
Student PII is only used in accordance with Services contracted with our Customers. We do not sell any of the information we collect through our Services, and we do not engage in profiling or the behavioral targeting of advertisements
3. How We Share Information
We may share PII about individuals with third parties in support of contracted Services or at the instruction of our Customers. These third parties are evaluated to our own standards and policies of security and privacy.
When we share PII with our own service providers to provide the Services and engage in the uses of PII permitted by this Policy, these third party services may include:
- Providing communication, customer support and ticketing tools;
- Providing telemetry in support of our Services;
- Providing cloud computing solutions.
Our service providers are only authorized to use your PII as necessary to provide these third party services to us. We do not share student PII for purposes beyond authorization and support of the Services provided.
Furthermore, our Customers may direct us to integrate a Service with an offering, software, or application provided by a third party. In those cases, we will share PII with third parties at the Customer’s direction. If you have questions about Customer-directed sharing with third parties, please contact our Customer, the data controller.
In certain situations, we may be required to disclose PII in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We also may share your PII as required by law, including in response to a court order, subpoena, or other legal process or, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others; to investigate fraud; or to respond to a government request.
We may also disclose your PII with your prior consent.
4. Your Choices and Access to Information
We often do not interact directly with you or do so only at our Customer’s direction as a processor. Our Customers may provide you with notice and updates to this Policy and, where appropriate, provide you with access (including the ability to confirm whether our Customer holds any of your PII and access, correct, or request deletion of your PII) as well as your choices in connection with our Services. We notify our Customers via the Service in the event of significant changes to this Policy. If you have questions about your use of our Services, please contact the Customer who has provided you with access—this may be a school, your employer, government entity, corporation or someone else. We will work with our Customer to address any questions or requests brought to our attention within a reasonable timeframe, but we might not interact directly with you.
Upon request, we will provide you with information about whether we hold any of your PII, if we control such information. You may access, correct, or request deletion of your PII by emailing us at email@example.com. We will respond to your request within a reasonable timeframe.
5. Mobile Practices
When you download and use our mobile application-based Services, we may automatically collect information about the type of device you use, operating system version, and the device identifier (or “UDID”). We may track any geolocation-based information from your mobile device with use of certain Services that utilize geofencing technology related to emergency situations.
We may use mobile analytics software to allow us to better understand the functionality of our mobile software on your mobile device. This software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from. We do not link the information we store within the analytics software to any PII you submit within the mobile application.
We follow NIST Cybersecurity Framework and NIST Privacy Framework to employ commercially reasonable physical, electronic, and procedural safeguards to provide privacy, confidentiality, integrity, and availability of your data and our Services. These same principles are incorporated into the ongoing development of our Services. Our product development practices include the limiting of data collection to only what is required to fulfill the needs of our Customers. We perform periodic risk assessments of our products and have a robust information security program that prioritizes the remediation of identified security vulnerabilities and enforces secure configuration standards such as: encryption of data at rest and in transit, multi-factor authentication, and secure web development.
7. Data Retention
We will retain student, school staff, employee, visitor, volunteer, or any other PII for the period necessary to fulfil the purposes outlined in this Policy and our agreements with our Customers. Upon notice from our Customers, we will return, delete, or destroy student, school staff, employee, visitor, volunteer and any other PII stored by us in accordance with applicable law and our Customer’s requirements. Customers may request for production or deletion of data through our support channel at firstname.lastname@example.org.
8. Contact Information
You may contact us with questions about this Policy or our privacy practices at email@example.com, or write to us at, as applicable, Raptor Technologies, LLC or LobbyGuard, LLC at the address below:
- Raptor Technologies, LLC
- 2900 North Loop West Suite 900
- Houston, Texas 77092
- Attention: Privacy Officer
- LobbyGuard Solutions, LLC
- 2900 North Loop West Suite 900
- Houston, Texas 77092
- Attention: Privacy Officer
We do not modify, correct or delete the data of students, school staff, employees, visitors, volunteers or other individuals that we process for our Customers without instructions from our Customers to do so. Accordingly, please direct such requests to the Customer with which you are dealing directly. We will work with our Customer to address any questions or requests that the Customer raises with us.
9. Your State Privacy Rights
State consumer privacy laws may provide their residents with additional rights regarding our use of their personal information. To learn more about California residents' privacy rights, visit the California Consumer Privacy Act site here. California's "Shine the Light" law (Civil Code Section § 1798.83) permits users of our App that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to firstname.lastname@example.org.
Colorado, Connecticut, Virginia, and Utah each provide their state residents with rights to:
- Confirm whether we process their personal information;
- Access and delete certain personal information;
- Data portability;
- Opt-out of personal data processing for targeted advertising and sales.
Colorado, Connecticut, and Virginia also provide their state residents with rights to:
- Correct inaccuracies in their personal information, taking into account the information's nature processing purpose;
- Opt-out of profiling in furtherance of decisions that produce legal or similarly significant effects.
To exercise any of these rights or to appeal a decision regarding a consumer rights request please send an email to email@example.com. Nevada provides its residents with a limited right to opt-out of certain personal information sales. Residents who wish to exercise this sale opt-out rights may submit a request to firstname.lastname@example.org. However, please know we do not currently sell data triggering that statute's opt-out requirements. Residents of certain states, such as California, Nevada, Colorado, Virginia, and Utah may have additional personal information rights and choices.
10. Updates to this Policy
We reserve the right to change or amend this Policy at any time. We will provide a revised version of this Policy to our Customers upon any changes taking effect and/or notice of any changes.
Effective date: September 14, 2022