Internet Privacy & Security

PTC and your school work together to protect the online privacy of all of your school community members that use PTC, including students, parents, teachers, and administrators.  PTC information collection, security, and privacy policies have been authorized by your school or teacher, and PTC strives to manage your school's internet services in a secure manner.  For example, PTC uses industry standard SSL (secure socket layer) encryption to transfer private, personal information, the same technology used by online banks.  Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure, and PTC can not ensure or warrant the security of any information managed by the site, whether transmitted to PTC by you, your school, or your teacher.   By agreeing to PTC's privacy policy and terms of use, you agree to use PTC at your own risk, and agree that PTC shall not be liable if a security breach occurs, if the site malfunctions, or if information is misused or mismanaged in any way to your detriment or the detriment of a third party, whether by PTC, your school, your teacher, or an unauthorized third party.


Information Collection & Disclosure

You authorize PTC to collect and store data on its computer, server or other system and to compile such data for purposes of analysis and marketing. PTC collects and analyzes data on how the service is used in the aggregate (how groups of people use PTC) for the purpose of improving and enhancing its service.    PTC does not analyze information on how particular individuals use the service as part of general reporting procedures or in the usual course of business. However, information on individual usage of the system, including but not limited to individual IP addresses, may be analyzed on a case-specific basis to resolve a technical difficulty or to assist in resolving or investigating any misuse of the service; also, such individual usage information may be furnished to your school if your school requests such information to assist in the investigation of fraudulent, abusive, or criminal activity or any other use of PTC that violates your school's rules or policies.

PTC does require that all users create a screen name and password, which is stored on the site, and may collect other basic information such as name, address, email, etc. depending on the needs of your school or the service.  This information is not given or sold to any third parties, unless required by your school as part of their information management efforts. For example, if your school uses a certain third party company to manage their classroom scheduling and attendance system, necessary information may be shared with that company to assist in those administrative tasks.

 

GDPR - Data held by PTC

We act as data processors for any data held on our system by you, your school, or end-users of your school (such as parents or teachers). Personal data includes, but is not limited to: student data, teacher data, and parent data. It is your obligation as the data controller to ensure there is lawful basis for processing. We do not share this data with third-parties, though we may access this data as part of making improvements to our service and providing support to schools when requested.
We also act as data controllers when we create aggregated statistical data which may be derived from personal data, but is not considered personal data in law as it cannot be used directly or indirectly to identify a person.


What personal data we hold

Student Data: first name, last name, database id, teacher associations
Contact Data: title, first name, last name, relationship to student, email address, phone number, database id
Teacher Data: title, first name, last name, email address, phone number, database id


Where data is held

All data held on the PTC System is within the United States.
We host data using Amazon Web Services cloud infrastructure. We maintain daily backups which are encrypted using AES-256.
Please click here for a list of sub-processors.

How data is kept secure
We employ appropriate technical and organisational security measures for the types of data we store.
We apply the latest patches to our servers keeping your data safe and secure with multiple levels of password protection - the servers themselves and the database each are password protected. Additionally the servers are behind firewalls.


Subject access requests from end-users

As data processors, we are obliged to pass on to the school any subject access request by an end-user and not respond directly to the end-user. An end-user could be a parent, student, teacher or administrator of the system. We will assist the school in responding to any subject access request. What happens if you stop using the system This section takes effect as of 25th May 2018 While it's rare for a school to stop using PTC Wizard, we only retain personal data for as long as necessary. You can retrieve a copy of all personal data using the export features within the administration panel while the system remains active during your trial period or paid licence period.

We delete personal data within 1 year following termination of your licence or after 1 year of inactivity if you have a trial system. We terminate the licence 60 days after the renewal date if no payment has been received for the renewal.

Features to help comply with GDPR


Syncing data with your school management system
Whenever you choose to sync data from your school information system (SIS), we add new data, update existing records with the latest information from your SIS, and delete records which are no longer relevant or no longer appear in your SIS. Most SIS suppliers are implementing controls to restrict sharing personal data via their API's where you, as the data controller, do not wish it to be shared with third parties. Please contact your SIS supplier directly with any questions.


Exports for data portability
It's possible to export data added to the PTC System to satisfy data portability. You can export all bookings for a particular parents' evening or event from the Appointments or Bookings pages retrospectively. This process can be repeated for each parents' evening & event for which you wish to export data for. It's also possible to export a list of parent details, including links to students.


Data held about Schools
We act as data controllers for any data we collect about customers in order to provide the Parents Evening System service and support to your school. Customer personal data includes, but is not limited to: technical contact details, finance contact details, phone call details, and the content & attachments of any emails sent to us.


Data Retention Policy

How long we retain your personal Data depends on the type of data and the purpose for which we process the data.
We will retain your Personal information for the period necessary to fulfill the purposes outlined in our Privacy Policy unless longer retention period is required or permitted by law.