PRIVACY / COPPA / FERPA Data Protection Policy and Information Security Program
MY TECH HIGH, INC.
Last Updated: April 4, 2021
We care deeply about your and your child’s privacy as such, we want you to feel both secure and safe as you or your child interacts with us. We take your privacy and all information that you share with us seriously. Your information will not be sold or shared with other third parties.
Contractor is subject to all FERPA laws and all school policies governing 34 CFR §99.33(a) related to the use and redisclosure of personally identifiable information from education records.
FERPA guarantees parents the right to access their child’s education records, including those maintained by providers on behalf of the school or district, upon request within 45 days. Parental access to their child’s education records should be seamless, with providers giving the requested records to the school or district, who can confirm the parents’ identity and provide them access to the records.
Utah law does not specifically apply to a third-party contractor if the third-party contractor obtains authorization from the following individual, in writing, to waive that provision as done by the parent via the Enrollment Packet in InfoCenter.
COPPA (Children Online Privacy Protection Act)
When it comes to the collection of personal information from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online. We do not specifically market to children under the age of 13 years old.
WHAT WE COLLECT
We get information about you and your child under the age of 13 in a range of ways.
Information You Give Us. We collect parent name, postal address, email address, phone number, fax number, username, password, demographic information (such as your gender and occupation) as well as other information you directly give us on our Site. For the purpose of providing an educational experience, we also collect each student’s first name and last name and the corresponding course of enrollment. Once within the course, students have the option of changing their profile picture and adding an email, but neither are required. Students are also invited to provide a brief introduction about themselves in a forum only accessible to those participating in the course, but are specifically asked NOT to provide any personally identifiable information. If such information is shared in the forum, it is deleted immediately. We do not share student information with any other party without explicit parental approval. If needed, we use the credit card authorization process required to purchase a course as the parental approval and verifiable parental consent of information. We only retain personal information collected online from a child for only as long as is necessary to fulfill the purpose for which it was collected and we delete the information using reasonable measures to protect against its unauthorized access or use.
Information We Get From Others. We may get information about you from other sources. We may add this to information we get from this Site.
Information Automatically Collected. We automatically log information about you and your computer and your child’s progress in the course. For example, when visiting our Site, we log your computer operating system type, browser type, browser language, the website you visited before browsing to our Site, pages you viewed, how long you spent on a page, access times and information about your use of and actions on our Site.
Cookies. We may log information using "cookies." Cookies are small data files stored on your hard drive by a website. We may use both session Cookies (which expire once you close your web browser) and persistent Cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on our Site. This type of information is collected to make the Site more useful to you and to tailor the experience with us to meet your special interests and needs.
USE OF PERSONAL INFORMATION
We use your and your child’s personal information as follows:
- We use your personal information to operate, maintain, and improve our sites, products, and services.
- We use your personal information to respond to comments and questions and provide customer service.
- We use your personal information to send information including confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages.
- We use your personal information to communicate about upcoming events, and other news about products and services offered by us and our selected partners.
- We use your personal information to link or combine user information with other personal information.
- We use your personal information to protect, investigate, and deter against fraudulent, unauthorized, or illegal activity.
- We use your personal information to provide and deliver products and services customers request.
SHARING OF PERSONAL INFORMATION
We may share personal information as follows:
- We may share personal information, but only with your consent. For example, you may let us share personal information with others for their own marketing uses. Those uses will be subject to their privacy policies. All requests to share information with others about your child are explicitly prohibited unless specific parental approval is received.
- We may share personal information when we do a business deal, or negotiate a business deal, involving the sale or transfer of all or a part of our business or assets. These deals can include any merger, financing, acquisition, or bankruptcy transaction or proceeding.
- We may share personal information for legal, protection, and safety purposes.
- We may share information to comply with laws.
- We may share information to respond to lawful requests and legal processes.
- We may share information in an emergency. This includes protecting the safety of our employees and agents, our customers, or any person.
- We may share information with those who need it to do work for us.
- We may also share aggregated and/or anonymized data with others for their own uses.
DATA PRIVACY AND SECURITY
- School of enrollment is in direct control over the Contractor with respect to use and maintenance of student records.
- Contractor is subject to all FERPA laws and all school policies governing 34 CFR §99.33(a) related to the use and redisclosure of personally identifiable information from education records.
- Contractor will regularly verify parent FERPA rights and permissions, including any changes to the student photo and school directory permissions.
- Contractor will send an email notification to the School Registrar of any changes to parent or student contact information.
- School continues to maintain custody of all official student records in the event the contract is terminated.
- All documents are transferred using an encrypted data system with these security features:
- Use of modern encryption methods to both transfer and store data
- Secure Sockets Layer (SSL)/Transport Layer Security (TLS) to protect data in transit
- Files at rest are encrypted using 256-bit Advanced Encryption Standard (AES)
- SSL/TSL creates a secure tunnel protected by 128-bit or higher Advanced Encryption Standard (AES) encryption
- System is regularly tested for security vulnerabilities and hardened to enhance security and protect against attacks.
- Two-step verification is available for an extra layer of security at login.
- System is designed with multiple layers of protection, including secure data transfer, encryption, network configuration, and application- and user-level controls that are distributed across a scalable, secure infrastructure
Here's a diagram of how the secure file transfer service works:
Additionally, InfoCenter is hosted on AWS which is vigilant about privacy. AWS has a world-class team of security experts monitoring our systems 24x7 to protect data. With AWS, we are built on the most secure global infrastructure, knowing you always own your data. We have the ability to encrypt it, move it, and manage retention. All data flowing across the AWS global network that interconnects the data centers and regions is automatically encrypted at the physical layer before it leaves the secured AWS facilities. Additional encryption layers exist as well; for example, all VPC cross-region peering traffic, and customer or service-to-service TLS connections. AWS provides tools to easily encrypt data in transit and at rest to help ensure that only authorized users can access it, using keys managed by our AWS Key Management System (KMS) or managing our own encryption keys with CloudHSM using FIPS 140-2 Level 3 validated HSMs. We also give the control and visibility needed to help demonstrate compliance with regional and local data privacy laws and regulations. The design of the AWS global infrastructure allows users to retain complete control over the regions in which your data is physically located, helping to meet data residency requirements.
AWS supports more security standards and compliance certifications than any other offering, including PCI-DSS, HIPAA/HITECH, FedRAMP, GDPR, FIPS 140-2, and NIST 800-171, helping satisfy compliance requirements for virtually every regulatory agency around the globe.
AWS security services and solutions are focused on delivering the following key strategic benefits critical to helping you implement your organization’s optimal security posture:
Fair Information Practices
The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.
In the unlikely case of a data breach, view this Incident Response Plan for details. Additionally, we conduct periodic reviews of who has access to data to ensure the security and confidentiality of the data are being followed. Upon contract termination, an electronic letter certifying the data destruction is sent to the school of enrollment.
INFORMATION CHOICES AND CHANGES
Our marketing emails tell you how to “opt-out.” If you opt out, we may still send you non-marketing emails. Non-marketing emails include emails about your accounts and our business or program dealings with you.
You may send requests about personal information to our Contact Information below. You can request to change contact choices, opt-out of our sharing with others, and update your personal information. These requests are also available for any information collected about your underage children.
You can typically remove and reject cookies from our Site with your browser settings. Many browsers are set to accept cookies until you change your settings. If you remove or reject our cookies, it could affect how our Site works for you.
My Tech High, Inc.
224 S Main, #438
Springville, UT 84663
Email: help <@> mytechhigh.com
California Online Privacy Protection Act
According to The California Online Privacy Protection Act (CalOPPA), we agree to the following:
- Users can visit our site anonymously.
- You can change your personal information via the following:
If you have questions, please reach out!