Privacy Policy
Effective date: July 17, 2018
This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use MyBib and the choices you have associated with that data.
Information Collection And Use
We collect several different types of information for various purposes to provide and improve MyBib for you.
Types of Data Collected
Personal Data
While using MyBib, we may ask you to provide us with an email address (but only if you create an account to log in with later). No other personal data is collected.
Usage Data
We may also collect information how MyBib is accessed and used ("Usage Data"). This Usage Data may include information such as your browser type, browser version, the pages of MyBib that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
Tracking & Cookies Data
We use cookies and similar tracking technologies to track the activity on MyBib and hold certain information.
Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device.
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of MyBib.
Examples of Cookies we use:
- Session Cookies. We use Session Cookies to operate MyBib and to remember the citations you've created.
- Preference Cookies. We use Preference Cookies to remember your preferences and various settings.
- Security Cookies. We use Security Cookies for security purposes.
Use of Data
MyBib uses the collected data for various purposes:
- To provide and maintain MyBib
- To allow you to participate in interactive features of MyBib when you choose to do so
- To provide support
- To provide analysis or valuable information so that we can improve MyBib
- To monitor the usage of MyBib
- To detect, prevent and address technical issues
Transfer Of Data
Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.
If you are located outside the United States and choose to provide information to us, please note that we transfer the data, including Personal Data, to the United States and process it there.
Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.
MyBib will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.
Disclosure Of Data
Legal Requirements
MyBib may disclose your Personal Data in the good faith belief that such action is necessary to:
- To comply with a legal obligation
- To protect and defend the rights or property of MyBib
- To prevent or investigate possible wrongdoing in connection with MyBib (like if you try to break into someone else's MyBib account)
- To protect the personal safety of users of MyBib or the public
- To protect against legal liability
Security Of Data
The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
Breach Response Plan
In the event that Student Data is accessed or obtained by an unauthorized individual, MyBib (“Provider”) shall provide notification to the school or district (“Subscriber”) within forty-eight (48) hours. Provider shall email a Notice of Data Breach (“Notice”) to account contacts on record that details what happened, what Student Data was involved, and what is being done to resolve the issue. Subscriber will be given Provider email and phone contact information to obtain more information.
The Notice will specifically include:
- A description of the breach in plain language.
- Specific Student Data that MyBib believes to have been compromised.
- Estimated date or date range the breach occurred.
- A description of what MyBib has done to protect against further data breach.
- Advice to individuals whose information has been breached.
- MyBib contact information to obtain further details.
Provider agrees to adhere to all requirements in applicable State and federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
Provider maintains and keeps updated a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information.
Removal Of Data
You may request the complete deletion of your data at any time by emailing support@mybib.com from the email address you used to register on MyBib. Your parents may also review and request deletion of any of your data on your behalf by emailing support@mybib.com.
Analytics
We may use third-party Service Providers to monitor and analyze the use of our Service.
-
Google Analytics
Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of MyBib. This data is shared with other Google services.
You can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity.
For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy?hl=en
Links To Other Sites
MyBib may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit.
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
FERPA compliance
We know that certain information about your students will be contained in records maintained by MyBib and that this information may be considered confidential by reason of the Family and Educational Rights and Privacy Act of 1974 (20 U.S. C. 1232g) (FERPA) unless valid consent is obtained from your students or their legal guardians. Accordingly, MyBib uses all commercially reasonable administrative, physical and technical standards to ensure that no unauthorized person gains access to any student information that may be considered confidential under FERPA. We also use all commercially reasonable efforts to ensure that we do not inadvertently disclose any student information that may be considered confidential under FERPA to anyone other than personnel within your institution or other individuals that have been authorized by your institution to access such information through the use of our system, persons or organizations providing the student with financial aid, authorized representatives of federal or state governments for the audit and evaluation of federal and state supported programs or other persons as required by law.
GDPR compliance
MyBib is committed to processing data in accordance with its responsibilities under the GDPR.
Article 5 of the GDPR requires that personal data shall be:
- processed lawfully, fairly and in a transparent manner in relation to individuals;
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
State laws
If you reside in one of the following states, MyBib makes additional commitments that apply to you based on your residence:
California
MyBib agrees that, as per Cal. Edu. Code § 49073.1, commonly known as AB 1584:
- Pupil records continue to be the property of and under the control of the local educational agency;
- MyBib will not use personally identifiable information in individual pupil records for commercial or advertising purposes;
- MyBib will not use any information in the pupil record for any purpose other than for the requirements of the contract;
- Parents, legal guardians or eligible pupils may review the pupil’s records or correct erroneous information in those records by accessing the MyBib account of the pupil;
- MyBib undertakes extensive security training of all employees, including training on security at hire and at least annually thereafter, and a partial, but not exhaustive description of our data security practices can be found by reviewing: https://www.mybib.com/privacy
- MyBib will comply with the requirements of California law, as set forth at Cal. Civ. Code § 1792.82 et seq., for informing affected parties in the event of an unauthorized disclosure of pupil records;
- Pupil records will neither be retained nor will MyBib maintain those records in a manner that makes them available: (a) upon completion of the terms of the contract; (b) after request for deletion by the contracting party; and, (c) within a commercially reasonable period for deletion; and,
- at all times during the pendency of any contract between MyBib and a local educational agency (LEA), MyBib acts solely as a “school official” as that term is defined in the Family Educational Rights and Privacy Act, 20 U.S.C. § 1232g (FERPA), and will, therefore, facilitate the LEA’s compliance with FERPA as directed by the LEA.
Colorado
MyBib complies with all applicable requirements of Colorado’s Student Data Transparency and Security Act, C.R.S. 22-16-101, et seq.
Connecticut
As an operator, as defined by Connecticut Public Act 16-189, MyBib will:
- Implement and maintain security procedures and practices that meet or exceed industry standards and that are designed to protect student information, student records and student-generated content from unauthorized access, destruction, use, modification or disclosure;
- Delete any student information, student records or student-generated content within a reasonable amount of time if a student, parent or legal guardian of a student or local or regional board of education who has the right to control such student information requests the deletion of such student information, student records or student-generated content;
- Facilitate access to, and provide a means of correction of erroneous information within, a student’s record, student’s information or student-generated content by the student, parent or legal guardian; and
- At all times during the pendency of any contract between it and a local or regional board of education, act solely as a “school official” as that term is defined in the Family Educational Rights and Privacy Act, 20 U.S.C. § 1232g (FERPA), and will, therefore, facilitate the local or regional board of education’s compliance with FERPA as directed by the local or regional board of education.
MyBib agrees that:
- Student information, student records and student-generated content are not the property of or under the control of MyBib;
- The laws of the State of Connecticut will govern this contract and the rights and duties of MyBib and a local or regional board of education;
- If any provision of this agreement is ruled invalid, the invalidity of that provision does not affect other provisions or applications of this contract
MyBib will not knowingly:
- Engage in (A) targeted advertising on MyBib's Internet web site, online service or mobile application, or (B) targeted advertising on any other Internet web site, online service or mobile application if such advertising is based on any student information, student records, student- generated content or persistent unique identifiers that MyBib has acquired because of the use of MyBib's Internet web site, online service or mobile application for school purposes;
- Collect, store and use student information, student records, student generated content or persistent unique identifiers for purposes other than the furtherance of school purposes;
- Sell, rent or trade student information, student records or student-generated content unless the sale is part of the purchase, merger or acquisition of an operator by a successor operator and the operator and successor operator continue to be subject to the provisions of this section regarding student information;
- Disclose student information, student records or student-generated content unless the disclosure is made (A) in furtherance of school purposes of the Internet web site, online service or mobile application, provided the recipient of the student information uses such student information to improve the operability and functionality of the Internet web site, online service or mobile application and complies with subsection (a) of this section; (B) to ensure compliance with federal or state law or regulations or pursuant to a court order; (C) in response to a judicial order; (D) to protect the safety or integrity of users or others, or the security of the Internet web site, online service or mobile application; (E) to an entity hired by the operator to provide services for the operator's Internet web site, online service or mobile application, provided the operator contractually (i) prohibits the entity from using student information, student records or student-generated content for any purpose other than providing the contracted service to, or on behalf of, the operator, (ii) prohibits the entity from disclosing student information, student records or student-generated content provided by the operator to subsequent third parties, and (iii) requires the entity to comply with subsection (a) of this section; or (F) for a school purpose or other educational or employment purpose requested by a student or the parent or legal guardian of a student, provided such student information is not used or disclosed for any other purpose; or
- retain or make available student information, student records or student-generated content beyond the expiration of the contract period unless a student, their parent or legal guardian chooses to maintain a contract with MyBib.
If MyBib discovers a breach of security that results in the unauthorized release, disclosure or acquisition of student information, student records or student-generated content, MyBib will notify the students, parents or guardians of any affected student within the statutorily mandated time period.
Idaho
MyBib will, as per the Student Data Accessibility, Transparency and Accountability Act of 2014, codified at Idaho Code 33-133:
- only use aggregated data or student’s data for secondary uses after receiving written permission from the student’s parent or guardian; and
- notify customers and seek express, written parental consent if MyBib materially changes MyBib’s use of student data for sales, marketing or advertising.
Illinois
MyBib complies with all applicable requirements of the Illinois Student Online Personal Information Privacy Act (IL SOPIPA), codified at 105 ILCS 85/5, and agrees that:
- this document constitutes the written agreement mandated by that Act, and that this document, which incorporates MyBib's Privacy Policy available at https://www.mybib.com/privacy, states the:
- Categories or type of information to be provided to MyBib, the operator; and
- Service being offered to the contracting party.
- Pursuant to the federal Family Educational Rights and Privacy Act of 1974, MyBib is acting as a school official with a legitimate educational interest and is performing an institutional service or function for which the contracting party would otherwise use employees, under the direct supervision of the school, with respect to the use and maintenance of covered information, and is using the covered information only for an authorized purpose and may not redisclose it to third parties or affiliates, unless otherwise permitted by the IL SOPIPA, without permission from the contracting party or pursuant to court order;
- MyBib will be liable for costs associated with the investigating and remediating a breach for which it is the sole and proximate cause;
- MyBib will either delete or return, within a commercially reasonable period of time but not to exceed 60 days, all covered information upon the expiration of any agreement when requested to do so by notification from the contracting party;
- MyBib will require the contracting party to publish notice of this agreement on any relevant website, if any, maintained by the contracting party;
- In the case of a breach, MyBib will notify the contracting party, within the most expedient time possible and without unreasonable delay, but no later than 30 days after the breach has occurred of any breach of the students' covered information;
Louisiana
MyBib will, as per Louisiana’s Student Privacy Law, codified at R.S. 17:3914:
- limit access to student information solely to authorized MyBib employees and subcontractors who agreed to abide by equally stringent privacy practices pursuant to a data security plan;
- employ privacy practices that meet or exceed industry standards regarding student data including, but not limited to: (a) privacy compliance requirements; (b) regular privacy and security audits; (c) written breach planning, notification and remediation action guides; (d) implementing policies limiting data collection and storage coupled with clear policies limiting data retention and establishing set timeframes for post-contract disposition and data disposal; and,
- return all student data not deleted as per agreement to the relevant city, parish or local school board upon written request.
Montana
MyBib complies with all applicable requirements of the Montana Pupil Online Personal Information Protection Act, codified at 20-7-13, MCA and MyBib agrees that:
- Pupil records continue to be the property of and under the control of the school district;
- Pupils may retain possession and control of their own content and may transfer pupil-generated content to a personal account by utilizing MyBib's features;
- MyBib prohibits third parties from using any information in pupil records for any purpose other than those required or specifically permitted by contract;
- A parent, legal guardian, or eligible pupil may review personally identifiable information in the pupil's records and correct erroneous information by using tools made available by MyBib;
- MyBib’s commitments to data privacy and data security outlined in its Privacy Policy and, in part, at https://www.mybib.com/privacy are incorporated into this agreement. Further, MyBib will:
- implement and maintain security procedures and practices that meet or exceed industry standards and that are designed to protect student information, student records and student-generated content from unauthorized access, destruction, use, modification or disclosure;
- limit access to student information solely to authorized MyBib employees and subcontractors who agreed to abide by equally stringent privacy practices pursuant to a data security plan;
- employ privacy practices that meet or exceed industry standards regarding student data including, but not limited to: (i) privacy compliance requirements; (ii) regular privacy and security audits; (iii) written breach planning, notification and remediation action guides; (iv) implementing policies limiting data collection and storage coupled with clear policies limiting data retention and establishing set timeframes for post-contract disposition and data disposal;
- If MyBib discovers a breach of security that results in the unauthorized release, disclosure or acquisition of student information, student records or student-generated content, MyBib will notify the students, parents or guardians of any affected student within the statutorily mandated time period;
- At all times during the pendency of any contract between MyBib and a local educational agency (LEA), MyBib acts solely as a “school official” as that term is defined in the Family Educational Rights and Privacy Act, 20 U.S.C. § 1232g (FERPA), and will, therefore, facilitate the LEA’s compliance with FERPA as directed by the LEA; and,
- MyBib will not use information contained in pupil records to engage in targeted advertising.
New York
New York’s Parents Bill of Rights for Data Privacy and Security is incorporated into this agreement and MyBib agrees that:
- MyBib will not sell or release a student’s personally identifiable information for any commercial purpose;
- Parents have the right to inspect and review the complete contents of their child's education record that is shared with or collected by MyBib;
- MyBib complies with all applicable state and federal laws that protect the confidentiality of personally identifiable information, and employs data security safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, both when data is stored at rest or is transferred;
- MyBib maintains a publicly available list in its Privacy Policy of all student data elements collected by MyBib;
- MyBib will promptly address any complaints about possible breaches of student data submitted to support@mybib.com
- MyBib will exclusively utilize the student data, teacher data, or principal data to provide account holders with the MyBib service;
- All subcontractors for MyBib that may access personally identifiable information of students, teachers, principals or other faculty are contractually required by MyBib to employ data privacy and security practices that provide at least a commensurate level of protection for that data as does MyBib;
- MyBib will either delete or return, within a commercially reasonable period of time but not to exceed 60 days, all personally identifiable information upon the expiration of any agreement when requested to do so by notification from the contracting party;
- Any parent, student, eligible student, teacher or principal may correct inaccurate student data or teacher or principal data that is collected; and
- All student data or teacher or principal data will be stored on cloud servers within the United States and protected with industry standard and best practices procedures, including encryption when stored at rest.
Additionally, MyBib complies with all applicable requirements of the Education Law §2-d.
Oklahoma
MyBib agrees, as per the Oklahoma Student Data Accessibility, Transparency and Accountability Act of 2013, codified at 70 OK Stat § 70-3-168 (2014) that:
- MyBib’s commitments to data privacy and data security outlined in its Privacy Policy and, in part, at https://www.mybib.com/privacy are incorporated into this agreement; and,
- MyBib faces potential liability as a penalty for intentional or grossly negligent noncompliance with this contract, including termination of the contract and responsibility to pay monetary damages for any breach of the terms of this contract that cause actual harm to the contracting party.
West Virginia
MyBib agrees, as per the West Virginia Student Data Accessibility, Transparency and Accountability Act, codified at W.V. Code § 18-2-5h that:
- MyBib’s commitments to data privacy and data security outlined in its Privacy Policy and, in part, at https://www.mybib.com/privacy are incorporated into this agreement; and,
- MyBib faces potential liability as a penalty for intentional or grossly negligent noncompliance with this contract, including termination of the contract and responsibility to pay monetary damages for any breach of the terms of this contract that cause actual harm to the contracting party
Changes To This Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.
You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
Contact Us
If you have any questions about this Privacy Policy, please contact us:
- By email: support@mybib.com