GAT Labs Student Data Privacy Policy
What information we collect and what we use it for
GAT Labs is a cloud-based solution that offers services for auditing, management, and security of all areas of Google Workspace by providing comprehensive alerting and reporting systems in one place.
GAT Labs uses student data solely to provide services to Customers under the Terms of Service.
GAT Labs typically collects and processes student personally identifiable information (PII) data (such as name, email address, phone number, IP addresses) only at the level necessary to provide services to educational domains.
There are two sources of information, collected directly from Google Workspace via API (e.g. students’ first and last names, email addresses, phone numbers (only if applicable), student Google IDs, geolocation data, UDID, grades) and gathered via a Chrome extension directly from students’ devices to monitor their browsing behaviour and online activities (e.g. geolocation data, browser type, browsing access time, time spent on site, page views, referring URLs).
We do not allow any of the above data to be publicly available.
How we gather, store and protect your information
Data is kept confidential and is stored exclusively on Google Cloud Platform. This data is directly retrieved from Google Workspace for Education via HTTPS (the same encryption standard you use to access Google Workspace For Education).
For the security and integrity of the information we process, data of different clients is safe and separated from each other using a multi-tenant approach.
At GAT Labs, we utilize various countermeasures and safeguards including but not limited to encryption, firewalls, and password protection, MFA when data is stored or transferred.
We use a combination of technical and administrative controls to ensure the highest standards of safety. All the controls, policies, and procedures can be reviewed on the GAT Labs Trust Report after prior authorization by our DPO team.
Our employees and contractors must enter into a confidentiality agreement with us, and complete privacy and data security training within the first 30 days of employment. Their access to information must be authorized and is controlled regularly. Their access rights are limited based on the “principle of least privilege” related to the position for which they were employed.
We conduct regular security audits, internal vulnerability assessments, and external and internal penetration tests to ensure the highest possible level of security of processed information.
As a European company, we are GDPR compliant, and SOC 2 Type 2 certified organization that adheres to these standards. Further, because we provide K-12 school services, our information collection, use, retention, and disclosure practices and procedures comply with the Family Educational Rights and Privacy Act (FERPA) and the Children’s Online Privacy Protection Act (COPPA).
How we assist with protecting your students’ data and help to embrace healthy digital behavior
GAT Labs is committed to protecting student information and ensuring it is kept as secure as possible and provides schools with available tools that can be used to promote healthy digital behaviours. We enable schools and districts to use the protective features of GAT Labs products to shield students so they can be safe and remain responsible in the digital environment.
With GAT Shield Alert Rules and Site Access Control features, we enable schools to monitor and control students’ online activity, helping them comply with many regulations including but not limited to the Children’s Internet and Privacy Act (CIPA).
Your rights to control your data collection
You own and have rights to control student data. GAT Labs does not interfere with schools’ control over their data and only supports them in auditing, managing, and securing the cloud environment by providing relevant tools and support needed
- Schools
By default, GAT Labs end users are Google Workspace super administrators who have consented to process student metadata based on Terms of Service that have been electronically accepted.
Schools and districts own and control student data and may request a copy of the data at any time to review, correct, delete them, or withhold consent to further collection.
The domain super administrator can obtain a copy of or correct auditing data at any time using the export/import functionality available in our products.
Any other requests for viewing, correcting, or deleting student data that do not result from the contract or its timely termination may be sent via email to: support@generalaudittool.com
- Parents
Our Services may be directed to children under the age of 13, thus we ensure that our practices regarding the collection, use, retention, and disclosure of children’s personal information comply with the principles and requirements of the Children’s Online Privacy Protection Act (COPPA), and Parents Bill of Rights Act.
At GAT Labs, we obtain consent for all of the above activities regarding the data of students/children from schools with which we have entered into an agreement on behalf of students’ parents/guardians.
Parents of Students under 13 of age must remain in control of their Children’s data, have the right to access and review their children’s educational records, and may request that the data be deleted or that data be stopped being collected.
Parents might request it by sending an email to their school’s/district’s domain administrator and adding support@generalaudittool.com.
The consequences of any party’s refusal to collect data may result in GAT Labs’ inability to provide services in accordance with the provisions of the contract.
Data retention and termination
GAT Labs retains student information only for as long as necessary for the purpose for which it was collected. GAT Labs deletes all data after 31 days from the date of expiry of the contract.
Data breach response plan
GAT Labs has a data breach response plan and procedures in place and will take appropriate steps to notify the affected Customers accordingly.
How we disclose information:
We adhere to the highest standards of privacy and security policy, and we do not sell, trade, or rent information about your students or any other data we collect to provide services to our Customers. These are the unquestionable and uncompromising standards and work ethics of the GAT Labs organization.
- Third-party service providers:
GAT Labs will not disclose student information to any third party, except GAT Labs contractors who work on behalf of GAT Labs to provide the services to the Customers, who are committed to maintaining the highest security standards as are GAT Labs employees and have signed a Non-Disclosure Agreement. GAT Labs contractors, as are GAT Labs employees, are authorized to access student information only as necessary to perform the work required by their role. GAT Labs operates on the principle of least privilege and access control reviews are performed regularly to eliminate unnecessary access. All employees and contractors must complete annual safety awareness training. There are procedures in place to revoke a contractor’s access upon termination of cooperation.
- Business transfers:
In the event of a merger, dissolution, or similar corporate event, or sale of all or substantially all of our assets, we expect that the information we collect will be transferred to the surviving entity or acquiring entity. All such transfers will be subject to our obligations regarding the privacy and confidentiality of such personal information as set out in this privacy policy.
Student information must be kept confidential during these processes, without compromise.
- Disclosure to public authorities:
We may disclose student information to comply with the law, court order, or other legal process to which we may be required.
Privacy Policy changes
Because the demand for security is very high and may change over time, we must always adapt accordingly to ensure the highest possible security standards. Therefore, this Privacy Policy may change from time to time. GAT Labs will not make alterations to this policy without notifying Customers. Any changes applied to this Policy will be announced on this website and will be communicated in advance directly to the Customer via the contact email address provided to us during the purchasing process.
Contact information:
If you have any privacy or complaint concerns, please contact the GAT DPO Team at dpo@generalaudittool.com
For urgent matters, call us on +353 1 678 9070
GAT Labs headquarter is located at:
12 Hume Street, Dublin 2, D02 XN44, Ireland
You can also submit a formal complaint to the iKeepSafe Safe Harbor consumer complaint email address at COPPAPrivacy@ikeepsafe.org