Privacy and Data Security Policy
Effective Date: January 1, 2017
Protecting Your Private Information
Alpine makes all attempts to protect your private information. On the Subscription Website, Alpine makes your account information and user settings available to Alpine staff members and designated subcontractors specifically to assist you with the services to which you have subscribed.
Alpine, or people who post on Alpine, may provide links or interfaces with third party websites, which may have different privacy practices. Alpine is not responsible for, and does not have any control over, the privacy policies of those third party websites, and encourages all users to read the privacy policies of each website visited.
Alpine does not sell user or student data to third parties under any circumstance, including but not limited to advertising, data farming, and external research. Alpine considers the practice of selling private student and user data to be unethical.
Data Alpine Collects About Its Users
Alpine collects the following data:
Your name, email address, and your phone number; information based on your activities on Alpine website; correspondence through Alpine's website, and correspondence sent to Alpine; additional information Alpine may ask you to submit including, but not limited to, information to authenticate yourself, information to prove that you are able to enter into a legally binding contract, or information if Alpine believes you are violating its policies; and, other supplemental information from third parties.
Alpine sometimes collects your email address for purposes such as sending confirmation emails, authenticating your accounts, and sending information about Alpine and its websites. By submitting your email to Alpine's website, you consent to emails from Alpine.
Alpine sometimes collects your phone number for the purpose of contacting you regarding your account and the services with Alpine. By submitting your phone number to Alpine, you consent to phone calls from Alpine, even if such number is registered through a state or federal "Do Not Call" list.
Alpine may collect personal information if you provide it in feedback or comments or if you contact Alpine directly.
Any information posted on the public areas of Alpine website is not confidential. Please do not post anything on the public areas of Alpine website that you would like to keep private.
Alpine's web logs collect standard web log entries for each page served, including your IP address, page URL, and timestamp. Web logs help Alpine diagnose technical problems, administer the Alpine website, and otherwise provide Alpine's service to you.
Alpine does not do any geotracking directly through the Alpine system, although Alpine does use IP-to-approximate-geolocation information. By using the Alpine system, you consent to such information being obtained by Alpine.
Data Alpine Collects About Students (applies to Subscription Website only)
Alpine Achievement Systems provides educational organizations with data consolidation, analysis, and visual representation services. An important part of the service Alpine provides is to bring data together from multiple sources so our clients can identify patterns and trends and monitor progress at the student and aggregate levels, resulting in more informed decision-making. To match imported data records to the correct students, Alpine utilizes the following fields as matching indicators: student name, birthdate, state and local ID numbers, grade level, and school. Other than for the narrow purpose of connecting records to the correct student, all additional data are incorporated into Alpine for the educational purposes solely determined by the client. Inquiries regarding the educational purpose for any data beyond that of matching records to students as described above, should be directed to the client and/or to the vendor who developed each assessment, and these differ for each client. Alpine is not privy to the intent for which each client selects the measures they include in Alpine, nor does Alpine know the purpose for which each source vendor includes specific fields within their assessments.
Protecting Student Records (applies to Subscription Website only)
Alpine collects data about students through files supplied by clients, from third party companies who provide assessment services to clients, and through manual input by educators. Alpine and the Alpine system were designed with security in mind. The Subscription Website is served over secure HTTPS and requires a username/password to access all sensitive or proprietary data, including all student data. Alpine requires strong passwords for direct login to the system. For clients who use Single Sign On, password characteristics are managed solely by the client.
Although the Subscription Website uses a shared platform (which allows all clients to immediately get the benefits of new developments), each client has its own database, to ensure that no client will inadvertently see another client's data.
The Subscription Website has a rich and time-tested permission system, which allows clients to indicate which students, data, and features each user in their client account is allowed to access. This includes settings that can limit user access to only certain students and/or certain time periods, hide certain sensitive data fields such as Free/Reduced Lunch, and control minimum group sizes to help ensure protection of student identities in summary reports. Clients are able and strongly encouraged to set session inactivity logouts, causing user accounts to be automatically bumped out after a set period of inactivity. As a secure alternative to email, Alpine provides a file exchange utility for secure communication between users within a client account and between clients and Alpine support staff.
- I certify that I am the user associated with this account and my contact information is accurate.
- I will only access the data of students for whom I have a legitimate educational interest and will follow all privacy guidelines per federal and state law (e.g., FERPA). I am responsible for verifying that student identities are protected by direct and indirect means prior to sharing any summary results in a public forum.
- I understand that my account may allow me to view information about a student that is considered "secure." I am responsible for ensuring that secure information remains private.
Clients can enhance these terms by including local terms as a part of this semi-annual review.
Alpine staff members are trained in exercising and promoting good and consistent data privacy practices every day, both within Alpine's organization and with clients. The system itself provides encrypted file upload and File Exchange methods for sending and receiving student data files. Alpine strongly promotes using this feature in situations where clients might otherwise use (non-secure) email.
Alpine co-locates servers in two professional data facilities, one in Denver, Colorado and the other in Phoenix, Arizona. Each facility is manned 24/7/365 and requires a check-in with staff and both badge and biometric authentication for physical access to the data room, within which Alpine's servers are located in dedicated cabinets with combination lock protected doors.
Alpine also implements numerous protections on the network/hardware/software architecture level, such as minimizing access points, making appropriate use of firewalls, minimizing people authorized and methods available to access the back end of the system and data, ensuring that authentication and connections to everything except deliberately public resources take place using secure protocols, not running superfluous services on secure servers, keeping infrastructure software updated, and using strong data destruction when hardware is decommissioned from time to time.
Data Alpine Stores (applies to Subscription Website only)
Alpine stores account information, including all uploaded information subject to the space limits which may be imposed by Alpine, for all active users. Student data may be stored in archives for up to seven years. Alpine may maintain such archives at its sole discretion for general backup and disaster recovery purposes, but makes no guarantees to clients about doing so or about making any data stored therefrom available to clients, such as for client-requested small-scale data recovery or roll-back purposes.
Clients who have not renewed their subscription by July 1, begin a prescribed shutdown procedure. Alpine's shutdown procedure includes a proactive check-in to determine the client's plans regarding continuation of their services. In the event that a client discontinues services with Alpine, all student data files are destroyed when the client indicates in writing that they have completed exporting any and all data they wish to retain. Once the client indicates that they have completed their file exports, the student data files are deleted in a timely manner. Unless requested sooner, Alpine deletes a client's student data from its production systems one year after termination of services. When the data are destroyed, they are permanently irretrievable in the normal course of business.
Data Privacy, Ownership, and Ethics (applies to Subscription Website only)
Alpine's policy is that each client's student and user data, with the exception of basic account information, belong to that client and that client only. Alpine does not obtain ownership of a client's data after it has been uploaded into the system. Alpine only retains ownership of its proprietary system, including its features, tools, designs, schematics, functionality, patents, trademarks, copyrights, and other intellectual material that is not dependent on any individual client's data.
Authorized Alpine staff members and designated subcontractors access client data as necessary to provide client support, and Alpine provides some specific features where it acts as a facilitator of data transfers on behalf of a client, such as cross-district Electronic Records Transfers and automated data transfers from test vendors, but it does these only with the permission of the client.
Data Breach Notification and Post Breach Mitigation Policy (applies to Subscription Website only)
Alpine's notification and mitigation policy for data compromise events is an extension of Alpine's general best practices for responding to critical errors or bugs. If Alpine detects an event where data have been compromised, Alpine quickly determines the nature and the scope of the event. If the event is discovered to be an active/ongoing event, Alpine quickly designs and implements a plan for short term mitigation, with no or as little as possible service disruption. After determining the nature of the event, Alpine gauges whether the nature of the event warrants a broad-brush advisory notification to all or affected clients (almost always via email to administrators on the official Alpine client notification list) and/or specifically impacted users and do this outreach quickly. If appropriate and possible, determine, prepare, and do a more specific and targeted notification. If longer-term mitigation or prevention steps are necessary, plan and implement these in an appropriate, likely prioritized, time frame, following up with clients on this progress if necessary.
Archiving and Display of Alpine's Website by Search Engines and Other Websites
Search engines and other websites not affiliated with Alpine - including Google.com and Yahoo.com - archive or otherwise make available Alpine's main public-facing corporate pages. Alpine has no control over third party archiving and search engine websites and cannot guarantee the accuracy of any information stored by these websites. Alpine does not allow access to the Subscription Website by any search engine or other website.
Circumstances under Which Alpine may Release Information
Alpine may disclose information about its users if required to do so by law or in the good faith belief that such disclosure is reasonably necessary to respond to subpoenas, court orders, or other legal processes.
Alpine may disclose information, including personal information from your account, to a third party if you request it in writing.
Alpine may disclose your information to third parties for use by Alpine to help provide the services to you if allowed under federal, state and local laws.
Alpine may disclose your information to other business entities, should Alpine plan to merge with or be acquired by that business entity as long as the future company agrees to abide by the terms of this agreement. Student data will only be transferred if a merger or acquisition actually takes place.
International Website Users consent to all the terms of service and this privacy agreement. International users waive any and all remedies that they may have based on the laws of their country.