Redrock Wiki:Privacy policy

REDROCK SOFTWARE PRIVACY POLICY

Privacy Policy for Trac System software: TutorTrac, AdvisorTrac, FitnessTrac, TracCloud ,myGym and myBJJ. This document explains our Privacy Policy as it relates to the Trac System software. The Trac Systems software, go redrock.com website and services are owned and operated by Redrock Software Corporation. Redrock Software Corporation ("Redrock", “We”, “Us” or “Our”) is deeply committed to maintaining the privacy and security of confidential and sensitive information we may collect, retain, process, or transfer or which is provided to us directly by our clients. We do not and will not sell or rent personally identifiable data to third parties. Last updated: January 20, 2021.

DEFINITIONS
In this Policy, the following terms shall have the following meanings:
"CLIENT Data" shall mean all data of the Client provided to us by the Client or any service provider thereof (including its administrator immediately prior to the Commencement Date);
"Client Staff Data" shall mean all data of the Client’s employees provided to us by the Client or any service provider thereof (including its administrator immediately prior to the Commencement Date);
"Student Data" shall mean personal identifiers; Protected Health Information (PHI) as that term is defined in the Health Insurance Portability and Accountability Act, 45 CFR Part 106.103; personally identifiable information contained in student education records as that term is defined in the Family Educational Rights and Privacy Act (FERPA), 20 USC 1232g; non-public personal information as that term is defined in the Gramm-Leach-Bliley Financial Modernization Act of 1999, 15 USC 6809.

Personal Information and What We Do With It

Redrock Software Corporation respects privacy and takes protecting it seriously. This Privacy Policy covers the use and disclosure of information we collect. It also describes your choices available regarding our use of personal data. Use of information collected through our services shall be limited to the purpose of providing service for which our clients request. Student data and records are subject to the Family Educational Rights and Privacy Act ("FERPA"), 10 U.S.C. Section 1232g (collectively, the "FERPA Records"). As a result, Redrock holds this data in strict confidence. Redrock protects the FERPA Records according to industry standard administrative, physical, and technical standards.

What we do with personal information provided to us, organized by three role types:

1) Student Data and Client Staff Data

The Trac System allows importing of course registration information. It also allows importing of the student's/staff member’s name, email address, ID card number, photo, and other information as determined by our client. This information is imported into in the Trac System database.

The information as defined above is entered in the Trac System database by our clients. Our client can remove or make changes to the data in the Trac System.

The client might share some of student data with us for the purpose of troubleshooting issues with the Trac System. This data is held in strict confidence and we will only use it to deliver the requested services.

Other than described above, we do not sell, share or use any student contact information the client may share with Redrock Software.

2) Client Data

Our client account information is held in strict confidence. We do not sell or share personal information with any outside parties. We only collect information such as name, email address, mailing address, phone number, and billing information to enable us to provide the services described.

Data you load into the Trac System database is yours. We do not have access to this data when it is hosted on your own network. If you give us access to this data or share some of it with us for the purpose of getting technical support or for troubleshooting, we will hold the data you provide in strict confidence and will only use it to deliver the requested services. If you need to send us student data for some reason, check with us first for instructions on how to securely transmit this data.

Other than described above, we do not sell, share or use any student contact information you might share with us.

3) Client Staff Members without direct relationship to Redrock

The Trac System allows entering staff member name, email address, ID card number, photo, and other information as determined by our client. This information is stored in the Trac System database.

Your information as defined above is entered in the Trac System by our clients, and we have no direct relationship with you. Our client can remove your data from the Trac System and can update it. If you would like to update your information please contact our client directly.

Newsletters

Most of our clients and their staff members can subscribe to our newsletter via our helpdesk found at helpdesk.go-redrock.com. These newsletters offer the latest information on the Trac System and are usually sent monthly. To cancel, simply follow the unsubscribe instructions contained in each of the communications you receive.

Service-Related Emails

On occasion we may email you service or account related announcements when it is necessary to do so. For example, we might send you an email concerning a new maintenance update for the Trac System software. Service-related emails are not promotional and there is no option to opt out of receiving them.

Information Regarding Your Data Protection Rights Under General Data Protection Regulation (GDPR)

For the purpose of this Privacy Policy, we are a Data Controller of your personal information.

If you are from the European Economic Area (EEA), our legal basis for collecting and using your personal information, as described in this Privacy Policy, depends on the information we collect and the specific context in which we collect it. We may process your personal information because:

• We need to perform a contract with you, such as when you create a Policy with us
• You have given us permission to do so
• The processing is in our legitimate interests and it's not overridden by your rights
• For payment processing purposes
• To comply with the law

If you are a resident of the European Economic Area (EEA), you have certain data protection rights. In certain circumstances, you have the following data protection rights:

• The right to access, update or to delete the personal information we have on you
• The right of rectification
• The right to object
• The right of restriction
• The right to data portability
• The right to withdraw consent

Please note that we may ask you to verify your identity before responding to such requests.

You have the right to complain to a Data Protection Authority about our collection and use of your personal information. For more information, please contact your local data protection authority in the European Economic Area (EEA).

Service Providers

We use third parties to bill you for services. When you sign up for our services, we will share your personal information only as necessary for the third party to provide service.

Legal Disclaimer

We reserve the right to disclose your personal information as required by law, such as to comply with a subpoena or similar legal process, and when we believe that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud and/or to comply with a judicial proceeding, court order, or legal process served on our website.

Personal Information Access

If your personal information changes, or if you no longer desire our service, you may update, delete or deactivate it by making the changes in our software or by contacting us. We will respond to your request within normal support hours.

We will retain your information for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Security

The security of your information is important to us. When the Trac System database is hosted on your network, we do not have access to it. It is the client's responsibility to secure their Trac System database as they would with their other student information. Training and documentation is available from Redrock to help clients secure their Trac System database.

If you need to send us sensitive data, we provide a secure file upload service that you can utilize. Uploads are protected in transit with TLS (Transport Layer Security). We do not allow sending sensitive data via email since this is not a secure method for sharing data.

When given us access to your database, we will only access the data to perform maintenance tasks or to troubleshoot and investigate issues.

It is Redrock policy not to keep any data you might send us once the purpose of using said data is resolved.

Cookies and Other Tracking Technologies

We use technologies, such as cookies, beacons, tags, and scripts, to analyze trends, administer our website, tracking users’ movements around the website, and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies on an individual as well as aggregated basis.

We use cookies to remember your settings (e.g., language preference), and for authentication. You can control the use of cookies at the individual browser level. If you reject cookies, you may still use our software, but your ability to use some features or areas of our software may be limited.

Trac System Log Information

As is true of most websites, we gather certain information automatically and store it in log files. This information includes internet protocol (IP) addresses, referring/exit pages, and date/time stamp

These log files are generated at the server level and when the Track system is hosted on your Network Redrock software does not have access to them.

Advertising

We do not use your personal information and we do not sell any data to third parties.

Testimonials

We post customer testimonials on our website, which may contain personal information. We do obtain our Clients’ consent to post their name along with their testimonial via email prior to posting the testimonial on our website. However, if you wish to request the removal of your testimonial, please contact us.

Social Media Features

Our website may include social media features, such as the Facebook “Like” button. These features may collect your IP address and the page you are visiting on our website. It may also set a cookie to enable the features to function properly. Social media features are either hosted by a third party or hosted directly on our website. Your interactions with these features are governed by the privacy policy of the company providing it.

Notification of Privacy Policy Changes

We may update our privacy policy to reflect changes to our information practices. If we make any material changes, we will notify you by email (sent to the email address specified in your account) or by means of a notice on our website prior to the change becoming effective.