SUMMIT INDUSTRIES CORPORATION'S
SUMMIT INDUSTRIES CORPORATION, d/b/a School Check IN, is a Florida Corporation, hereinafter known as “SIC”. SIC is committed to protecting the privacy of our customers' data. A customer collectively refers to school districts, individual schools, or students attending schools, or employees, or volunteers, or parent/guardians or vendors or visitors of any district and/or school that use SIC’s School Check IN Software Application.
1. Commitment to Customer Data Privacy
SIC is committed to safeguarding our customers' data by adhering to relevant data privacy laws and regulations and contractual commitments to our customers.
2. This Policy Applies to SIC Customers
This policy applies to the services and products offered by SIC and binds all our employees. This policy refers to data from our Customers or the students, employees, volunteers, parent/guardians, visitors and vendors of our Customers and in this policy, we may refer to this group of individuals as "you", or “Customers”.
3. What Information Is Collected And How Is It Collected?
SIC collects customer data about you when you purchase, use or benefit from SIC’s services or products.
"Data" includes information that will allow someone to identify or contact you, including, for example, your full name, address, telephone number or email address.
Data also includes aggregated data or data that, by itself, does not permit the identification of individual persons, such as statistics on the number of people visiting the SIC website each month.
You provide certain data to SIC when, for example, you: (a) call our technical support; (b) contact us to receive security consultancy and security services; (c) order services and products from SIC websites; (d) submit forms through our web sites; (e) access services through a downloadable electronic application for mobile devices ("App"); or (f) make inquiries, requests or complaints.
Subject to your agreement to the applicable terms and conditions, you may access services through the SIC application, including security information and other services which may be added by SIC from time to time.
The SIC application provides information, including your or your organization's SIC Customer Number as well as the email address of your mobile device. To enable location-specific services, the App also collects and divulges your location. The App also periodically provides information concerning your usage of particular SIC’s application features.
When you choose to pay for SIC services or products by credit card directly from the SIC website, you will be required to provide the name on the credit card, credit card number, expiration date and other security information. When you choose to pay for SIC services or products by other means, we may ask you for your credit card details, contact details and bank account details, if needed.
You also provide information to us when you choose to email data to us or you participate in marketing and sales initiatives. SIC will only gather data that is relevant for the purposes for which it will be used and will not gather excessive or unnecessary data. SIC shall take reasonable steps to ensure that data is reliable, accurate, complete, and current, bearing in mind its intended use. You have a responsibility to keep the data you provide to us updated, and we will take reasonable steps to facilitate this.
For a complete list of Data used in SIC's School Check IN Software Aookication, please contact SIC firstname.lastname@example.org
Data is primarily provided by the district/school in order to use SIC’s School Check IN Software Application. Some data is collected when a) students and/or adults check in or check out at the school; b) log into the School Check IN web site (www.schoolcheckin.net); c) complete the online volunteer application in VolunteerPLUS; or d) purchase products or supplies from SIC or by contacting SIC by phone or email.
4. Data Access And Maintenance
SIC provides data access to only active and paid subscription customers. Customers can only access data for their district and/or school. The customer’s data is available and active through a SSL secure web login process with secret passwords.
ENTERPRISE CUSTOMERS -- On servers hosted by SIC and used by the Customer, SIC has responsibility to maintain the Customer’s data, including data backups. Full backups are done daily. Data “snapshots” are done throughout the day.
Customers are responsible for a) keeping all passwords secret; b) all data management and data security held on the Customer supplied computers used at the schools to check adults and/or students in and out. This includes all Customer data held in SIC’s School Check IN “client” software application installed on the Customer supplied computers. It is Customer’s responsibility for all updates, upgrades, anti-virus security, windows updates/patches and network connections, and Internet access connections. Customer agrees to provide SIC with remote access to the Customer check in/out computers (Client), if needed.
5. Termination Of Services
Should SIC terminate Customer services and/or the Customer terminates services with SIC, then the Customer will no longer be able to log in and create and/or run any reports or view data, delete data or edit data. Customer agrees to discontinue using SIC’s School Check IN “client” software application and to delete and remove SIC’s School Check IN “client” software application installed on any Customer computers.
Data will be held in the SIC active database for 90 to 180 days after termination of services. Once SIC removes the Customer’s data from the SIC active database, the Customer’s data will be moved to an off-line inactive database and held for two (2) years. After two (2) years, Customer’s data will be archived to a zip password protected storage.
If after termination of services, a Customer has a need to access Customer’s data, then Customer can submit a written request for such access. Customer’s request must provide specific details regarding the data requested. SIC, if possible, will provide results in a standard SIC School Check IN report. Districts and/or Schools will be charged a reasonable expired data access fee. The expired data access fee must be paid prior to release of any data.
6. Access / Sale / Share Of Customer Data
SIC will not:
• Allow access to Customer data by any third party
• Sell and/or trade Customer data to any third party
• Share Customer data with any third party.
7. Acceptance and Links to other Websites
9. How Data Will Be Used
SIC uses the Customer’s data to primarily track when people (adults and students) check in and/or check out at a school. This is done to enhance Customer’s school security.
SIC will use the Customer’s data to provide you with services and products that: (a) you purchase; (b) are purchased by your employer; (c) are purchased by an association or institution (including an educational institution) of which you are an employee or a member.
The data collected from the SIC’s School Check IN software application enables SIC to provide better and more relevant Customer services. Location information collected is used to provide security alerts and other security information. The information is used to help SIC better understand how you make use of SIC’s School Check IN software application in order to make improvements to it.
10. Student Data Privacy
SIC only collects information on students who are students in the district/school and only with the permission of the Customer.
11. How Customers Can Correct Inaccuracies in The Data?
You can review Customer data by logging into www.schoolcheckin.net with your user name and password to access your data. Customers can add, edit and/or delete their data.
12. SIC’s Security Procedures Used To Protect Customer’s Data
SIC takes precautions to protect its Customer’s information. SIC has implemented policies that forbid its employees from using or disclosing Customer data in an inappropriate or unlawful manner. SIC maintains security measures to safeguard Customer data from unauthorized access, misuse, alteration, loss or destruction.
Information Collected By Electronic Means
When Customer provides SIC with data through online forms and other electronic methods, the data is protected using industry-standard encryption.
Security of Premises and Other Physical Security Measures
Physical access to all SIC offices and server hosting offices are security controlled, which include locks that are opened by keys and/or by using security cards and/or security card readers that record the identity of employees and visitors entering or leaving the facilities.
Information systems containing sensitive information and communications equipment are placed in secure areas and protected by additional physical security measures that permit access only to the employees who need access, operational processes, environmental controls and fire detection and suppression systems to safeguard against accidental loss, theft or unauthorized removal, misuse, damage or unauthorized access.
Security Against Unauthorized Electronic Access and Viruses
• All gateways to the Internet are firewall protected, and access to both internal and external networks are restricted and controlled.
• All servers are hardened based on security hardening standards to protect against network threats.
• Endpoint security is constantly being review to protect the network against unauthorized access, data loss or destruction.
• Access to computer services and information is on a 'roles and responsibility' basis and is restricted and controlled based on business requirements to reduce the risks associated with misuse, such as alteration, destruction and unauthorized dissemination of data.
• Access to information services is through a secure login process with a unique identifier.
• User access to our management system and essential network services are controlled using a user rights management system that utilizes employees' roles in assigning user access rights, especially to the case management system.
• All remote access is given on a needs basis and is via a two-factor authentication mechanism.
• Mobile devices have password policy controls, and remote device hardware reset features enabled to protect against lost or stolen devices.
• Before being approved, changes to production systems and network follow a change management process flow to ensure that changes are assessed for risk and operational impacts.
• Critical servers are scanned using network and system vulnerability scanners.
• Web applications are also scanned by automated penetration tools for application level security vulnerabilities that may be susceptible to hacking.
• External vulnerability scanning on our Internet facing sites are performed to ensure that these sites are secure. This is done using in-house vulnerability scanning tools and third party services.
• Penetration tests are also performed on our key Internet applications prior to production or major upgrades.
• SIC engages external consultants to conduct security review of our environment. These reviews help us to understand the security gaps and ensure that our infrastructure and applications are able to meet and mitigate new network and Internet security threats and risks.
13. Changes to this Statement