(Last updated March 1, 2020)
ScheduleGalaxy, a product of Oak Tree Ventures, LLC, is a web-based platform for school sports scheduling, coach certification tracking, and student injury tracking. Oak Tree Ventures takes the security of its ScheduleGalaxy subscribers’ data seriously, and implements a number of safeguards to protect this data.
Confidentiality of Protected Data:
Schools may provide to Oak Tree Ventures personally identifiable information about students, or teachers and principals that is protected by Section 2-d of the New York State Education Law (“Protected Data”). The exclusive purpose for which Oak Tree Ventures is provided access to Protected Data is to provide schools with the functionality of ScheduleGalaxy. Oak Tree Ventures acknowledges that the Protected Data belongs to and is owned by the school from which it originates. Oak Tree Ventures will maintain the confidentiality of Protected Data it receives in accordance with federal and state law, specifically, but not limited to, New York State Education Law Section 2-d and policies of subscribing schools, BOCES, and Regional Information Centers with which it has a contractual relationship, to include their Parents Bill of Rights for Data Privacy and Security.
Exclusive Purpose for which Protected Data will be Used:
The exclusive purpose for which Oak Tree Ventures is being provided access to Protected Data is to provide schools with the functionality of its product ScheduleGalaxy, as referenced above. Protected Data received by Oak Tree Ventures, or any of Oak Tree Ventures subcontractor, assignee, or other authorized agent, will not be sold, or released or used for any commercial or marketing purposes.
Oversight of Subcontractors:
To implement state, federal, and local data security and privacy requirements Oak Tree Ventures will continually review the aforementioned requirements and relevant updates, and will ensure its development associates commit to the aforementioned requirements as well as relevant updates as required by New York State Education Law Section 2-d and respective BOCES and Regional Information Centers.
Protected Data Upon Expiration:
Upon expiration of a ScheduleGalaxy subscription without renewal Oak Tree Ventures will securely delete or otherwise destroy any and all Protected Data remaining in its possession of or the possession of its assignees or subcontractors. Oak Tree Ventures agrees that neither it nor its subcontractors, assignees, or other authorized agents will retain any copy, summary or extract of the Protected Data, or any de-identified Protected Data, on any storage medium whatsoever.If requested by a school, Oak Tree Ventures will assist the school in exporting for its own use all Protected Data previously received, prior to deletion from ScheduleGalaxy. At a school’s request, Oak Tree Ventures will cooperate with the school as necessary to transit Protected Data to any successor of Oak Tree Ventures, prior to deletion from ScheduleGalaxy.
Challenging Accuracy of Protected Data:
Parents or eligible students can challenge the accuracy of any Protected Data provided by a school to Oak Tree Ventures, by contacting the student's district of residence regarding procedures for requesting amendment of education records under the Family Educational Rights and Privacy Act. Teachers or principals may be able to challenge the accuracy of APPR data provided to Oak Tree Ventures by following the appeal process in their employing school district’s applicable APPR Plan.
Data Storage and Security Protections:
Any Protected Data Oak Tree Ventures receives will be stored on systems maintained by Oak Tree Ventures, or by a subcontractor or assignee under the direct control of Oak Tree Ventures, in a secure data center facility located within the United States. The measures that Oak Tree Ventures will take to protect Protected Data include adoption of technologies, safeguards and practices that align with the NIST Cybersecurity Framework and industry best practices including, but not necessarily limited to, disk and file encryption (while in motion or at rest), firewalls, and password protection.
Should such an incident be reported that implies a data security breach, Oak Tree Ventures will provide prompt notification to the respective school, BOCES, and Regional Information Center. Such reported breach shall be investigated by Oak Tree Ventures, its developer, respective BOCES and/or Regional Information Center staff. As the investigation proceeds subscribing schools shall be kept informed as to the status of the investigation. All policies and procedures of the respective school, BOCES and/or Regional Information Center as they relate to this type of incident will be applied.