PAPERbasket PRIVACY POLICY

Last Updated February 1, 2018

Are you a parent for a district adopting PAPERbasket? Please download the attached 1-page guide for parents regarding privacy.

PAPERbasket is committed to ensuring that your information is secure and your privacy is protected. The information below outlines our privacy and security policies. In order to prevent unauthorized access or disclosure, we have put in place physical, electronic and managerial procedures to safeguard and secure the information we store. Our security protocols are detailed further in this document.

Accessibility and Notice – We maintain a copy of our latest privacy policy at https://paperbasket.com/about-us/privacy/. If we make changes in the way we use Personal Information or Children’s Personal Information, we will update our Privacy Policy page with this update, and advise the district administrator of each school system actively subscribed to our service through their dashboard notices. You will have the choice to consent to the new changes.

How we use PAPERbasket TRACK

TRACK is a small file/extension which is installed on your computer’s hard drive by authorized district personnel only. Once installed, the application/extension collects a list of all web sites or applications used, as well as measuring their time actively used. That information is uploaded daily to PAPERbasket cloud dashboard, when your computing device is able to make an internet connection. Once uploaded to our online dashboard, the usage record stored on your device is cleared. At any given time, the file on your device only maintains usage data since the last automatic upload. Once installed by district officials, only authorized district officials may remove that software.

Our guiding principles on personal data

• What We Collect: We only collect the following information on each user, as defined by their role in the academic institution.
  • Students: PAPERbasket only collects a student identification number, user ID or other reference identification method provided by the academic customer to track the users particular activities. We do not collect names, email addresses, personal addresses, phone numbers, photos or any other personally identifiable information on students or users under the age of 18.
  • Staff Members With Administrative Access to PAPERbasket: Only staff members authorized by school officials to access PAPERbasket will additional personally identifiable information be collected. This may include, but is not limited to, name, email address, work phone number and the school/department they are assigned to. This information is collected solely to assist that authroized user with customer and technical support should they contact PAPERbasket for assistance with their user account.
  • Other Employees without Administrative Access to PAPERbasket: PAPERbasket only collects a user identification number or other reference number provided by the academic customer to track the users particular activities. We do not collect names, email addresses, personal addresses, phone numbers, photos or any other personally identifiable information on other users.
• Data Ownership – Personal Information: PAPERbasket acknowledges that all personally identifiable information about students, teachers, administrators, and other authorized users is the property of the educational agencies PAPERbasket serves.
• Purpose: PAPERbasket is a trusted steward of personal data. While we make every effort to NOT collect ANY personally identifiable user data, we have implemented these privacy procedures in the event a school customer does, in fact, input personally identifiable information in our system. Any personal data received from educational agencies is to be used solely for purposes of providing educational services. Such personally identifiable data will NOT be sold or used for marketing purposes.
• Type of Data Maintained in PAPERbasket: We have designed our software to collect and track usage information on school devices. To do so, PAPERbasket only requires a user identification code as established by the education customer (this may be a Student ID number). We do not collect or track any personally identifiable information about the user of that device, whether a student, teacher or other user. Authorized users of that education institution granted access to the internal dashboards may be asked to provide their name, phone number and email address, solely for customer support purposes. We encourage our education customers to maintain that information locally, outside of the PAPERbasket platform for privacy and confidentiality. PAPERbasket does not generally maintain information such as mailing address, gender, date of birth, and other personal demographic data.
• Protection: PAPERbasket keeps all personal data confidential and secure. PAPERbasket team members are bound by contractual non-disclosure agreements. PAPERbasket’s data security protections include: internal data management policies and procedures, limitations on access to personal data, data systems monitoring, incident response plans, and safeguards to ensure personal data is not accessed by unauthorized persons when transmitted over communication networks.
• Disposal of Data: PAPERbasket permanently deletes any personal identifiable data after the termination of a contract, when no longer needed, or when advised to do so by the educational agency.
• Discovery of a security breach that results in unauthorized release of personally identifiable data: PAPERbasket shall promptly notify affected educational agencies of such breach, shall conduct an investigation, and shall restore the integrity of its data systems as soon as possible. PAPERbasket will fully cooperate and assist with required notices to those individuals affected by such breach.
• Third Parties (Personally Identifiable Information) – We will only share personal information stored on behalf of our customers with third parties if authorized by the relevant School District or SEA customer and in the following situations, to the extent we believe in good faith it is necessary or appropriate and permitted by law:
  • To comply with the law, respond to requests in legal or government enforcement proceedings (such as complying with a subpoena), protect our rights in a legal dispute, or seek assistance of law enforcement in the event of a threat to our rights, security or property or that of our affiliates, customers, end users or others;
  • To work with third parties who conduct studies or assist us in providing and improving our products and services, such as platform, infrastructure, software and other types of service providers, agents, partners and researchers. We contractually bind such parties to protect personal information by, for example, not using the information for any purpose other than to carry out the services they are performing for PAPERbasket; and
  • We may also share information collected or stored in PAPERbasket systems with affiliated education companies your academic institution has also contracted with, as directed by your institution, provided that such disclosure is used solely for the benefit of the academic institution and is not shared with unauthorized additional third parties.
• Third Parties (Non-Identifiable Usage Data ONLY): PAPERbasket may collect and compile de-identified, aggregate usage data across all of its customers for the limited use of research and other business purposes. PAPERbasket may evaluate platform and application utilization to identify usage trends and system capacity. During the course of these evaluations, including if/when reports are provided to third-parties, at no time does PAPERbasket retrieve, collect, or share end-user information. The only data collected will be the applications and web sites visited and the amount of time used. NO identifiable information pertaining to the identity of the school institution or any of its users (adults or children) will be collected or used in the scope of this limited use. This information will NOT be used for ad tracking purposes.
• Successor Entities: In the case we sell, transfer, or merge our business with another entity, we will only transfer personally identifiable data about our Clients if the mentioned entity agrees to a data privacy policy similar or stricter than ours. We will also notify you at least 30 days in advance and provide you the Privacy Policy of the new entity to give you the opportunity of opting out of the transfer and our service.

Website Privacy

PAPERbasket is committed to ensuring that your privacy is protected. Any information provided by users of this website to PAPERbasket is intended solely for the purposes of improving end-user experience and communications between end-users and PAPERbasket.  PAPERbasket does not share email addresses or user information with any third parties, other than noted in this policy.

Our publicly-accessible website, https://www.paperbasket.com uses Google Analytics to track site visitors for marketing and other research purposes. Please visit https://www.google.com/policies/privacy/ to understand Google’s privacy policy. Google Analytics are not used on the private dashboard accessed by authorized school officials, nor is Google Analytics used for any data uploaded from our TRACK software.

How we use cookies

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyze web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences. For authorized users accessing the PAPERbasket dashboards, cookies further help them customize and “remember” the formats of the reports when they log back in to the dashboard.

We use traffic log cookies to identify which pages are being used. This helps us analyze data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

Commitments to State/National/International Student Data Privacy Efforts

PAPERbasket is a trusted steward of personal data. To that end, we acknowledge our efforts to comply with the following student privacy efforts, as well as any other efforts introduced not reflected below.

International Student Privacy Pledge

As a signatory to the Student Privacy Pledge (https://studentprivacypledge.org/) our goal is to both support the effective use of student information and safeguard student privacy and information security. PAPERbasket maintains a comprehensive security program that is reasonably designed to protect the security of personal student information.

By signing this pledge, PAPERbasket will:

• Not sell student information
• Not behaviorally target advertising
• Use data for authorized education purposes only
• Not change privacy policies without notice and choice
• Enforce strict limits on data retention
• Support parental access to, and correction of errors in, their children’s information
• Provide comprehensive security standards
• Be transparent about collection and use of data

FERPA Compliance

The Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education. FERPA sets forth protocols for ensuring privacy and security of personally identifiable information of students. PAPERbasket adheres to the data protection protocols set forth in FERPA.

COPPA Compliance

PAPERbasket is compliant with the regulations put forth by the Children’s Online Privacy Protection Act (COPPA). PAPERbasket collects and stores only that information which enables users to operate PAPERbasket products, such as name, username, and password. PAPERbasket does not intentionally collect and store personally identifying information of student users.

CIPA Compliance

The Children’s Internet Protection Act (CIPA) requires schools and libraries receiving certain e-Rate benefits from the Federal Communications Commission (FCC) to adhere to policies that provide safe internet experiences for minors. These include policies related to:

• Preventing access by minors to inappropriate matter on the Internet;
• The safety and security of minors when using electronic mail, chat rooms and other forms of direct electronic communications;
• Unauthorized access, including so-called “hacking,” and other unlawful activities by minors online;
• Unauthorized disclosure, use, and dissemination of personal information regarding minors; and
• Measures restricting minors’ access to materials harmful to them.

Although PAPERbasket does not itself prevent access to inappropriate websites, that burden belongs to the school or library, PAPERbasket can help by providing schools a means of tracking the use history of its devices, and helping school officials focus students on positive learning experiences.

U.S. State Data Privacy Acts

PAPERbasket is compliant with regulations put forth by the following states. This section may be updated to reflect any new state acts that apply to student data privacy.

• California – Chapter 22.2. Student Online Personal Information Protection Act (SOPIPA): In addition to the provisions above, PAPERbasket contracts with educational agencies in California are governed by and construed in accordance with the laws of the State of California. Additionally, educational agencies in the United States are serviced by PAPERbasket servers and database infrastructure that are based in the United States.
• Connecticut – Public Act No. 16-189, Student Data Privacy: In addition to the provisions above, PAPERbasket contracts with educational agencies in Connecticut are governed by and construed in accordance with the laws of the State of Connecticut. Additionally, educational agencies in the United States are serviced by PAPERbasket servers and database infrastructure that are based in the United States.
• Florida – Fla. Stat. § 1002.22, Education records and reports of K-12 students; rights of parents and students; notification; penalty (§1002.22); and Fla. Stat. § 1002.222, Limitations on collection of information and disclosure of confidential and exempt student records (§1002.222): PAPERbasket is compliant with the regulations put forth by Fla. Stat. § 1002.22, Education records and reports of K-12 students; rights of parents and students; notification; penalty (§1002.22); and Fla. Stat. § 1002.222, Limitations on collection of information and disclosure of confidential and exempt student records (§1002.222). In addition to the above guiding principles on personal data:
  • Biometric data of students, parents, and siblings: PAPERbasket does not collect biometric information as defined statute for students, parents, and siblings in Florida.
  • Location: PAPERbasket contracts with educational agencies in Florida are governed by and construed in accordance with the laws of the State of Florida. Additionally, educational agencies in the United States are serviced by PAPERbasket servers and database infrastructure that are based in the United States.
• New York– Education Law §2-d (Section 2-d) and the Personal Privacy Protection Law, Article 6- A of the Public Officers Law (PPPL): PAPERbasket is compliant with the regulations put forth by the Education Law §2-d and the Personal Privacy Protection Law (PPPL), Article 6-A of the Public Officers Law. In addition to the above guiding principles on personal data:
  • Location: PAPERbasket contracts with educational agencies in New York are governed by and construed in accordance with the laws of the State of New York. Additionally, educational agencies in the United States are serviced by PAPERbasket servers and database infrastructure that are based in the United States.
  • Parents’ Bill of Rights: PAPERbasket includes the following link to the NYS Parents’ Bill of Rights (http://www.p12.nysed.gov/docs/parents-bill-of-rights.pdf) to help schools and parents understand their rights.
  • Use of non-identifiable information is permitted as described in Section C-3. : “The confidentiality and privacy provisions of Education Law §2-d and FERPA extend only to PII, and not to student data that is not personally identifiable. Therefore, de-identified data (e.g., data regarding students that uses random identifiers), aggregated data (e.g., data reported at the school district level) or anonymized data that could not be used to identify a particular student is not considered to be PII and is not within the purview of Education Law §2-d or within the scope of this Parents’ Bill of Rights.”