Campus Suite Privacy Policy

Campus Suite is FERPA certifiedThis Application collects some Personal Data from its Users and this Statement governs all our services that we provide directly to you. Whether you are browsing our websites, receiving our newsletters, or using our Campus Suite products. We take your privacy seriously so please take the time to review how we collect and use your information. By accessing or using the Service, you are consenting to the collection, use, disclosure and other handling of your information as described below. 

Additionally this Statement governs the use of personal information for all our products and services that we provide directly to you as a so-called ‘data controller.’

What personal information we collect and how we use it will depend on your relationship with us.  The following section is mainly for informational purposes and describes how your information is generally used when we provide products and services to you on behalf of a client. How your information is used depends on your institution, so you should read your institution’s privacy statement.

 

Student Submitted Information within Schools

Prior to a student submitting any information within a School environment by accessing Campus Suite for the purpose of using the notification system, publishing any Student PI on School Sponsored website as well as the Social Media Integration, the Teacher must certify that they have received the appropriate consent by either a) choosing to act as the agent of the Parent and consent on the Parents behalf which is commonly referred to as School Consent or b) collect the parental consent directly from the parent.

The first and simplest way is for teachers to agree to act as the parent's agent, and provide consent on their behalf to use Campus Suite solely in the educational context. This form is commonly referred to as "school consent". Under this type of consent, no Student PI or related content submitted by students will be shown publicly, unless parents give additional parental consent to School. Teachers, Staff or IT Administrators should not be publishing any Student PI without the appropriate parental consent.

 

Types of Data collected

Among the types of Personal Data that this Application collects, by itself or through third parties, there are: Cookies; Usage Data.

Complete details on each type of Personal Data collected are provided below, and in the dedicated sections of this privacy policy or by specific explanation texts displayed prior to the Data collection. Personal Data may be freely provided by the User, or, in case of Usage Data, collected automatically when using this Application.

For the purposes of sending notifications to parents, school staff, students and administrators, we receive the following PII from the school’s SIS system. Unless specified otherwise, all Data requested by this Application is mandatory and failure to provide this Data may make it impossible for this Application to provide its services. In cases where this Application specifically states that some Data is not mandatory, Users are free not to communicate this Data without consequences to the availability or the functioning of the Service.

PII data collected: First name, last name, email address, phone number, password and gender.

Other data collected: Language, country, grades

Any use of Cookies – or of other tracking tools – by this Application or by the owners of third-party services used by this Application serves the purpose of providing the Service required by the User, in addition to any other purposes described in the present document and in the Cookie Policy, if available.

Users logging into the platform are responsible for any third-party Personal Data obtained, published or shared through the platform and confirm that they have the third party's consent to provide the Data to the Owner.

We outsource some development of our software to a trusted third party for the purpose of processing the contact information coming from a school’s SIS and normalizing it into our system for email, text and voice communications. In this case, we have a signed NDA in place that includes our expectations of data handling, security and privacy.

Campus Suite allows end-users to change, at any time, email addresses and phone numbers that have been synchronized to us from the school. To change this personal information, log into the parent portal, review the information, and make the appropriate changes. This will result in an automatic notice sent to the school asking them to update the information in their SIS, Active Directory or system that is synchronizing data to us so that the proper contact information is correctly sent to us during the next synchronization.

 

Mode and place of processing the Data

Methods of processing

The Owner takes appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data.

The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to the Owner, in some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of this Application (administration, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Owner. The updated list of these parties may be requested from the Owner at any time.

If Campus Suite becomes aware of a systems security breach by an unauthorized party or that any user data was used for an unauthorized purpose, we will comply with relevant state and other data breach laws. We will notify users of any breach resulting in unauthorized release of data electronically, at minimum, and without unreasonable delay so that you can take appropriate steps. The notification will include: date of the breach, the types of information that were subject to the breach, general description of what occurred, and steps Campus Suite is taking to address the breach.

 

Legal basis of processing

The Owner may process Personal Data relating to Users if one of the following applies:

  • Users have given their consent for one or more specific purposes. Note: Under some legislations the Owner may be allowed to process Personal Data until the User objects to such processing (“opt-out”), without having to rely on consent or any other of the following legal bases. This, however, does not apply, whenever the processing of Personal Data is subject to European data protection law;
  • provision of Data is necessary for the performance of an agreement with the User and/or for any pre-contractual obligations thereof;
  • processing is necessary for compliance with a legal obligation to which the Owner is subject;
  • processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in the Owner;
  • processing is necessary for the purposes of the legitimate interests pursued by the Owner or by a third party.

In any case, the Owner will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

 

Requests to Review, Change or Remove Personal Data

Data is synchronized one-way from the school to Campus Suite in order for us to provide notifications services. Any party seeking access to their personal information stored by Campus Suite can make a request to the school sharing the data. 

Campus Suite allows end-users to change, at any time, email addresses and phone numbers that have been synchronized to us from the school. To change this personal information, log into the parent portal, review the information, and make the appropriate changes. This will result in an automatic notice sent to the school asking them to update the information in their SIS, Active Directory or system that is synchronizing data to us so that the proper contact information is correctly sent to us during the next synchronization.

Student information may be visible during Customer Support and/or Troubleshooting. Personally identifiable information such as Student Name, Student Email Address, login dates and times could be viewed by our Product Support Staff.

Educators can delete an account at your request by contacting them directly. When they delete your account, that information will not sync over during the next synchronization process, and the data in Campus Suite will be deleted. Please note that some content may not be deleted given various compliance and recordkeeping obligations schools have. Please contact your (or your child’s) school if you would like this content deleted. 

Below are some general user rights specified in the Campus Suite Privacy Policy:

The rights of Users

  • Object to processing of their Data. Users have the right to object to the processing of their Data if the processing is carried out on a legal basis other than consent. Further details are provided in the dedicated section below.
  • Access their Data. Users have the right to learn if Data is being processed by the Owner, obtain disclosure regarding certain aspects of the processing and obtain a copy of the Data undergoing processing.
  • Verify and seek rectification. Users have the right to verify the accuracy of their Data and ask for it to be updated or corrected.
  • Restrict the processing of their Data. Users have the right, under certain circumstances, to restrict the processing of their Data. In this case, the Owner will not process their Data for any purpose other than storing it.
  • Have their Personal Data deleted or otherwise removed. Users have the right, under certain circumstances, to obtain the erasure of their Data from the Owner.

 

Place

The Data is processed at the Owner's operating offices and in any other places where the parties involved in the processing are located.

Depending on the User's location, data transfers may involve transferring the User's Data to a country other than their own. To find out more about the place of processing of such transferred Data, Users can check the section containing details about the processing of Personal Data.

Users are also entitled to learn about the legal basis of Data transfers to a country outside the European Union or to any international organization governed by public international law or set up by two or more countries, such as the UN, and about the security measures taken by the Owner to safeguard their Data.

If any such transfer takes place, Users can find out more by checking the relevant sections of this document or inquire with the Owner using the information provided in the contact section.

 

Retention time

Personal Data shall be processed and stored for as long as required by the purpose they have been collected for.

Therefore:

  • Personal Data collected for purposes related to the performance of a contract between the Owner and the User shall be retained until such contract has been fully performed.
  • Personal Data collected for the purposes of the Owner’s legitimate interests shall be retained as long as needed to fulfill such purposes. Users may find specific information regarding the legitimate interests pursued by the Owner within the relevant sections of this document or by contacting the Owner.

NOTE: The Owner may be obliged to retain Personal Data for a longer period whenever required upon order of an authority.

Once the retention period expires, Personal Data shall be deleted according to our data storage and retention policy. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.

 

The purposes of processing

The Data concerning the User is collected to allow the Owner to provide its Service, comply with its legal obligations, respond to enforcement requests, protect its rights and interests (or those of its Users or third parties), detect any malicious or fraudulent activity, as well as the following: Access to third-party accounts and Analytics.

For specific information about the Personal Data used for each purpose, the User may refer to the section “Detailed information on the processing of Personal Data”.

 

Third-Party Subprocessors

It's important to us that we keep your information safe and secure. In order to help us provide, maintain, protect and improve our products and services, Campus Suite shares information with other partners, vendors and trusted organizations to process it on our behalf in accordance with our instructions, Privacy Policy, and any other appropriate confidentiality, security or other requirements we deem appropriate.  These companies will only have access to the information they need to provide the Campus Suite service.

You can find information on these partners and subprocessors we work with below, including what data we share with them or they provide to us, the service they provide for Campus Suite and links to their respective privacy policies. We’ll make changes to this list as necessary.

Amazon Web Services powers the Campus Suite platform and provides a secure, scalable and always accessible environment.
Information collected: 

  • network and connection information, such as the Internet protocol (IP) address used to connect your computer or other device to the Internet and information about your Internet service provider; 
  • computer and device information, such as device, application, or browser type and version, browser plug-in type and version, operating system, or time zone setting; 
  • the location of your device or computer;

Amazon Privacy Policy: https://aws.amazon.com/privacy/

Appnitro Software MachForm used to create web customized forms that are embedded in your website pages. 

Information shared: Form Data. Stores form data (questions and responses) created by customers for the purpose of retrieval later.
MachForm Privacy Policy: https://www.machform.com/privacy-policy/

Hubspot tracks product users to understand how they are using Campus Suite and allows us to provide relevant help tools, tips, etc.
Information collected: IP address, browser type, domain names, internet service provider (ISP), the files viewed on our site (e.g., HTML pages, graphics, etc.) If you subscribe to our blog, sign up for a webinar, or request customer support, we also collect personal information such as your name, e-mail address, company name, address, phone number.
Hubspot Privacy Policy: https://legal.hubspot.com/privacy-policy

Chameleon is used to to help show more targeted and relevant content, and to assess which users engaged with in-product tours.

Information collected: Chameleon does not collect any personal data of end users by default. When the Chameleon code snippet is loaded on a customer's software page, the only data Chameleon obtains by default is ‘user agent’  and ‘URL’. 

Chameleon Privacy Policy: https://www.trychameleon.com/privacy

Google Analytics and Forms help our school customers understand how visitors interact with their website hosted with us. This snippet is obtained from the customer and installed on their behalf.

Information collected: Customers who create a Google account provide them with personal information that includes name, email and password. The tracking snippet customers provide us collects browser type and settings, device type and settings, operating system, mobile network information including carrier name and phone number, application version number, apps, browsers, and devices, including IP address, crash reports, system activity, and the date, time, and referrer URL of each request.

Google Privacy Policy: https://policies.google.com/privacy

 

Facebook and Twitter permissions asked for by this Application

When a “User” (typically the IT person at a school, but sometimes a principal or superintendent) chooses to connect the Social Media Manager to the schools Facebook page or Twitter profile, this Application asks for some permissions allowing it to perform actions on the User's behalf. For example, posting something to the school’s Facebook page or Twitter wall. When making this connection, certain information is shared with us enabling the Campus Suite website to post and share information to the chosen social networks. 

The Social Media Manager is not available to all website users, and only a school-approved administrator(s) who already has access to post to the school social networks. It is only this user authorizing the connection whose data is being shared.

The permissions asked are the following:

Basic information

By default, this includes the User’s Data such as id, name, email address, picture and locale. If the User has made more of their Data public within the privacy settings of their social network, more information may be available.

Access Page CTA

Provides the access to manage call to actions on User-managed Pages.

App Notifications

Send notifications to the social network on the users behalf.

Business Management API

Read and write with Business Management API.

Contact email

Access the User's contact email address.

Create Events

Enables the application to create and modify events on the User's behalf.

 

Detailed information on the processing of Personal Data

Personal Data of the user authorizing the social network connection is collected for the following purposes and using the following services:

Access to third-party accounts

This type of service allows this Application to access Data from your account on a third-party service and perform actions with it. These services are not activated automatically, but require explicit authorization by the User.

Facebook account access (Facebook, Inc.)

This service allows this Application to connect with the User's account on the Facebook social network, provided by Facebook, Inc.

Permissions asked: Access Page CTA; Access private data; Contact email; Create Events; Current City; Events; Manage Notifications; Manage Pages, News Feed and Wall, Publish as Page.

Place of processing: United States – Privacy Policy.

Google Drive account access (Google LLC)

This service allows this Application to connect with the User's account on Google Drive, provided by Google LLC.

Permissions asked: Access to files for sharing to website.

Place of processing: United States – Privacy PolicyOpt Out.

Twitter account access (Twitter, Inc.)

This service allows this Application to connect with the User's account on the Twitter social network, provided by Twitter, Inc.

When you view Twitter content or Twitter products integrated into other websites using Twitter for Websites, Twitter may receive information including the web page you visited, your IP address, browser type, operating system, and cookie information. 

Read more detail about the Twitter API and how we use it by clicking here.

 

Analytics

The services contained in this section enable the Owner to monitor and analyze web traffic and can be used to keep track of User behavior.

Google Analytics (Google Inc.)

Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google utilizes the Data collected to track and examine the use of this Application, to prepare reports on its activities and share them with other Google services.

Data processed: Cookies; Usage Data.

To protect user privacy, Google policies mandate that no data be passed to Google that Google could use or recognize as personally identifiable information (PII). Read more detail about PII and Google Analytics by clicking here.

 

The rights of Users

Users may exercise certain rights regarding their Data processed by the Owner.

In particular, Users have the right to do the following:

  • Withdraw their consent at any time. Users have the right to withdraw consent where they have previously given their consent to the processing of their Personal Data.
  • Object to processing of their Data. Users have the right to object to the processing of their Data if the processing is carried out on a legal basis other than consent. Further details are provided in the dedicated section below.
  • Access their Data. Users have the right to learn if Data is being processed by the Owner, obtain disclosure regarding certain aspects of the processing and obtain a copy of the Data undergoing processing.
  • Verify and seek rectification. Users have the right to verify the accuracy of their Data and ask for it to be updated or corrected.
  • Restrict the processing of their Data. Users have the right, under certain circumstances, to restrict the processing of their Data. In this case, the Owner will not process their Data for any purpose other than storing it.
  • Have their Personal Data deleted or otherwise removed. Users have the right, under certain circumstances, to obtain the erasure of their Data from the Owner.
  • Receive their Data and have it transferred to another controller. Users have the right to receive their Data in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the Data is processed by automated means and that the processing is based on the User's consent, on a contract which the User is part of or on pre-contractual obligations thereof.
  • Lodge a complaint. Users have the right to bring a claim before their competent data protection authority.

How to exercise these rights

Any requests to exercise User rights can be directed to the Owner through the contact details provided at the bottom of this policy. These requests can be exercised free of charge and will be addressed by both the school and the Owner as early as possible and always within one month.

 

Additional information about Data collection and processing

Legal action

The User's Personal Data may be used for legal purposes by the Owner in Court or in the stages leading to possible legal action arising from improper use of this Application or the related Services. The User declares to be aware that the Owner may be required to reveal personal data upon request of public authorities.

 

Additional information about User's Personal Data

In addition to the information contained in this privacy policy, this Application may provide the User with additional and contextual information concerning particular Services.

 

System logs and maintenance

For operation and maintenance purposes, this Application and any third-party services may collect files that record interaction with this Application (System logs) use other Personal Data (such as the IP Address) for this purpose.

 

Information not contained in this policy

More details concerning the collection or processing of Personal Data may be requested from the Owner at any time. Please see the contact information at the beginning of this document.

 

How “Do Not Track” requests are handled

This Application does not support “Do Not Track” requests.

To determine whether any of the third-party services it uses honor the “Do Not Track” requests, please read their privacy policies.

 

Changes to this privacy policy

The Owner reserves the right to make changes to this privacy policy at any time by notifying its Users on this page and possibly within this Application and/or - as far as technically and legally feasible - sending a notice to Users via any contact information available to the Owner. 

We won't reduce your rights under this Privacy Policy without your explicit consent. If we make any significant changes, we'll provide prominent notice by posting a notice on the Service or the Campus Suite Website and/or notifying you by email (using the email address you provided), so you can review and make sure you know about them.

We encourage you to review this Privacy Policy from time to time taking note of the revision date listed at the bottom of this page, to stay informed about the collection, use, and disclosure of personal information through the Service and Campus Suite Website. If you don't agree with any changes to the Privacy Policy, you may terminate your account. By continuing to use the Service or the Campus Suite Website after the revised Privacy Policy has become effective, you acknowledge that you accept and agree to the current version of the Privacy Policy.

Should the changes affect processing activities performed on the basis of the User’s consent, the Owner shall collect new consent from the User, where required.

 

Change of Control

Over time, Campus Suite may grow and reorganize. We may share your information, including personal information with affiliates such as a parent company, subsidiaries, joint venture partners or other companies that we control or that are under common control with us, in which case we will require those companies to agree to use your personal information in a way that is consistent with this Privacy Policy.  

In the event of a change to our organizations such that all or a portion of Campus Suite or its assets are acquired by or merged with a third-party, or in any other situation where personal information that we have collected from users would be one of the assets transferred to or acquired by that third-party, this Privacy Policy will continue to apply to your information, and any acquirer would only be able to handle your personal information as per this policy (unless you give consent to a new policy). We will provide you with notice of an acquisition within thirty (30) days following the completion of such a transaction, by posting on our homepage and by email to your email address that you provided to us. If you do not consent to the use of your personal information by such a successor company, subject to applicable law, you may request its deletion from the company.

In the unlikely event that Campus Suite goes out of business, or files for bankruptcy, we will protect your personal information, and will not sell it to any third-party.

 

Definitions and legal references

Personal Data (or Data)

Any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person.

 

Usage Data

Information collected automatically through this Application (or third-party services employed in this Application), which can include: the IP addresses or domain names of the computers utilized by the Users who use this Application, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server's answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User's IT environment.

 

User

The individual using this Application who, unless otherwise specified, coincides with the Data Subject.

 

Data Subject

The natural person to whom the Personal Data refers.

 

Data Processor (or Data Supervisor)

The natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller, as described in this privacy policy.

 

Data Controller (or Owner)

The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of this Application. The Data Controller, unless otherwise specified, is the Owner of this Application.

 

This Application

The means by which the Personal Data of the User is collected and processed.

 

Service

The service provided by this Application as described in the relative terms (if available) and on this site/application.

 

European Union (or EU)

Unless otherwise specified, all references made within this document to the European Union include all current member states to the European Union and the European Economic Area.

 

Cookie

Cookies are Trackers consisting of small sets of data stored in the User's browser.

 

Tracker

Tracker indicates any technology - e.g Cookies, unique identifiers, web beacons, embedded scripts, e-tags and fingerprinting - that enables the tracking of Users, for example by accessing or storing information on the User’s device.

 

Legal information

This Privacy statement has been prepared based on provisions of multiple legislations, including GDPR and FERPA, 20 U.S.C. Section 1232g and relates solely to this Application, if not stated otherwise within this document.

This policy can be printed for reference by using the print command in the settings of any browser. If you have questions or concerns about this Privacy Policy or our collection, use, or disclosure of your personal information, please contact us in one of the following ways:

Owner and Data Controller

Innersync Studio, Ltd.
752 Dunwoodie Dr.
Cincinnati, OH 45230
Owner contact email

 

Relavent Documents

 

This policy was last updated: October 5, 2021

CASE STUDIES

Moving schools forward

See the results, and see for yourself what it's like working with us.

Campus-Suite-Academy

Free resources, training and ideas

Campus Suite Academy – professional development and forum for school communicators

Guides and templates Webinars and videos Website accessibility

Start engaging today.

If you want to talk, get pricing, or see Campus Suite in action, we're ready whenever you are.

Start engaging with Campus Suite
Specialist

Speak to a specialist

Contact us
Pricing

Request pricing

Get a quote
Demo

See a demo

Watch video