Internet Privacy & Security
Information Collection & Disclosure
You authorize PTC to collect and store data on its computer, server or other system and to compile such data for purposes of analysis and marketing. PTC collects and analyzes data on how the service is used in the aggregate (how groups of people use PTC) for the purpose of improving and enhancing its service. PTC does not analyze information on how particular individuals use the service as part of general reporting procedures or in the usual course of business. However, information on individual usage of the system, including but not limited to individual IP addresses, may be analyzed on a case-specific basis to resolve a technical difficulty or to assist in resolving or investigating any misuse of the service; also, such individual usage information may be furnished to your school if your school requests such information to assist in the investigation of fraudulent, abusive, or criminal activity or any other use of PTC that violates your school's rules or policies.
PTC does require that all users create a screen name and password, which is stored on the site, and may collect other basic information such as name, address, email, etc. depending on the needs of your school or the service. This information is not given or sold to any third parties, unless required by your school as part of their information management efforts. For example, if your school uses a certain third party company to manage their classroom scheduling and attendance system, necessary information may be shared with that company to assist in those administrative tasks.
PTC Wizard’s use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
GDPR - Data held by PTC
We act as data processors for any data held
on our system by you, your school, or end-users of your school (such as parents
or teachers). Personal data includes, but is not limited to:
student data, teacher data, and parent data. It is your obligation as the data
controller to ensure there is lawful basis for processing. We do not share this
data with third-parties, though we may access this data as part of making
improvements to our service and providing support to schools when requested.
We also act as data controllers when we create aggregated statistical data which may be derived from personal data, but is not considered personal data in law as it cannot be used directly or indirectly to identify a person.
What personal data we hold
Student Data: first name, last name, database
id, teacher associations
Contact Data: title, first name, last name, relationship to student, email address, phone number, database id
Teacher Data: title, first name, last name, email address, phone number, database id
Where data is held
All data held on the PTC System is within the
We host data using Amazon Web Services cloud infrastructure. We maintain daily backups which are encrypted using AES-256.
Please click here for a list of sub-processors.
How data is kept secure
We employ appropriate technical and organisational security measures for the types of data we store.
We apply the latest patches to our servers keeping your data safe and secure with multiple levels of password protection - the servers themselves and the database each are password protected. Additionally the servers are behind firewalls.
Subject access requests from end-users
As data processors, we are obliged to pass on
to the school any subject access request by an end-user and not respond
directly to the end-user. An end-user could be a parent, student, teacher or administrator of the system. We will assist the
school in responding to any subject access request. What happens if you stop
using the system This section takes effect as of 25th May 2018 While it's rare
for a school to stop using PTC Wizard, we only retain personal data for as long
as necessary. You can retrieve a copy of all personal data using the export
features within the administration panel while the system remains active during
your trial period or paid licence period.
We delete personal data within 1 year following termination of your licence or after 1 year of inactivity if you have a trial system. We terminate the licence 60 days after the renewal date if no payment has been received for the renewal.
Features to help comply with GDPR
Syncing data with your school management
Whenever you choose to sync data from your school information system (SIS), we add new data, update existing records with the latest information from your SIS, and delete records which are no longer relevant or no longer appear in your SIS. Most SIS suppliers are implementing controls to restrict sharing personal data via their API's where you, as the data controller, do not wish it to be shared with third parties. Please contact your SIS supplier directly with any questions.
Exports for data portability
It's possible to export data added to the PTC System to satisfy data portability. You can export all bookings for a particular parents' evening or event from the Appointments or Bookings pages retrospectively. This process can be repeated for each parents' evening & event for which you wish to export data for. It's also possible to export a list of parent details, including links to students.
Data held about Schools
We act as data controllers for any data we collect about customers in order to provide the Parents Evening System service and support to your school. Customer personal data includes, but is not limited to: technical contact details, finance contact details, phone call details, and the content & attachments of any emails sent to us.
Data Retention Policy
How long we retain your personal Data depends on the type of data and the purpose for which we process the data.