DLG Enterprises, Inc.
  • Home
  • Products
  • FAQ
  • Contact Us
  • Privacy and Security
  • Terms of Use
  • More
    • Home
    • Products
    • FAQ
    • Contact Us
    • Privacy and Security
    • Terms of Use
DLG Enterprises, Inc.
  • Home
  • Products
  • FAQ
  • Contact Us
  • Privacy and Security
  • Terms of Use

Privacy And Security

DLG Enterprises, Inc. Privacy Policy
Effective Date: August 20, 2024


Introduction

DLG provides a wide range of online software platforms for Career and Technical Student Organizations, including National and State Membership, Conference Registration, Competitive Events Management, Testing and Judging/Scoring. DLG specializes in providing online software platforms designed to help Career and Technical Student Organizations educators streamline operations, achieve their strategic goals and provide online platforms that allow CTSO educators to register students for conferences, competitive events, scoring and testing.


DLG does NOT and will NEVER place any ads in its services or use student Personal Identifable Informatoin (PII) that the CTSO educators collect for any purposes other than the intended use of our online software platforms. We do not sell, rent or lease any information about students, teachers, schools or anyone else.


DLG online software platforms are NEVER used in conjunction with any social media platforms whatsoever.
 

DLG is an Educational Service Provider that supports primarily Career and Technical Student Organizations which includes national level educators, state and regional level educators, teachers, students, and parents to manage student data, carry out school operations, support instruction and learning, and develop and improve products/services intended for educational/school use only. In so doing, it is critical that Educators and Educational Service Providers build trust by effectively protecting the privacy of student information and communicating with parents about how student information is used and safeguarded. Student PII is provided by students, their parents, and their schools; it should be used to serve and support students’ best interests.


Data Stewardship:


DLG believes that data stewardship is essential, and we are committed to the following practices:


We DO NOT collect, maintain, use or share Student PII beyond that needed for authorized educational/school purposes, or as authorized by the parent/student.


We NEVER sell student private information.


We NEVER use or disclose student information collected through an educational/school service (whether personal information or otherwise) for behavioral targeting of advertisements to students.


We will NEVER build a personal profile of a student other than for supporting authorized educational/school purposes or as authorized by the parent/student.


We will NOT make material changes to Service Provider education privacy policies without first providing prominent notice to the users and/or account holder(s) (i.e., the institution/agency, or the parent/student when the information is collected directly from the student with student/parent consent) and allowing them choices before data is used in any manner inconsistent with terms they were initially provided; and not make material changes to other policies or practices governing Student PII.


We will NOT knowingly retain Student PII information beyond the time period required to support the authorized educational/school purposes, or as authorized by the parent/student.


We will collect, use, share, and retain Student PII ONLY for purposes for which we were authorized by the educational institution/agency, teacher or the parent/student.

We will support access to and correction of Student PII by the student or their authorized parent, either by assisting the educational institution in meeting its requirements or directly when the information is collected directly from the student with student/parent consent.


We will maintain a comprehensive security program that is reasonably designed to protect the security, confidentiality, and integrity of Student PII against risks – such as unauthorized access or use, or unintended or inappropriate disclosure – through the use of administrative, technological, and physical safeguards appropriate to the sensitivity of the information.


We will provide resources to support educational institutions/agencies, teachers, or parents/students to protect the security and privacy of Student PII while using the educational service.


We will ask that vendors, with whom Student PII is shared with at the direction of the CTSO/Primary Account Holder, in order to deliver the educational service, if any, are obligated to follow these same commitments for the given Student PII.


We will incorporate privacy and security when developing or improving our educational products, tools, and services and comply with applicable laws.


As with any technology used in the classroom, protections must be in place to safeguard student information. We have established this Privacy Policy (the “Privacy Policy”) to explain the personal information that we collect and how we protect, use, and share it. Use of the Services is also governed by our User Agreement (the “User Agreement”).

This privacy policy applies to ALL DLG Online Software Platforms. The privacy policy applies to all users of our online software platform.


This privacy policy also describes how student information is collected and how it is handled once it enters one of our online software platforms.

 

Data Ownership and Authorized Access


Student Data Property of CTSO: All Student Data or any other Student Records transmitted to DLG from CTSO/Primary Account Holder is and will continue to be the property of and under the control of the CTSO, or the party who provided such Student Data or Student Records (such as the student or parent). The CTSO/Primary Account Holder and/or any other User of the Account agree that as between them, the Student Data or any other Student Records entered into our online software platform shall remain the exclusive property of the CTSO/Primary Account Holder or the party who provided such Student Data or Student Records (such as the student or parent). For the purposes of FERPA, to the extent PII from Education Records are transmitted to our online software platform, DLG shall be considered to be under the control and direction of the CTSO/Primary Account Holder as it pertains to the use of Educational Student Records.


Parent Access:  As set forth in applicable law, the CTSO/Primary Account Holder or User shall establish reasonable procedures by which a parent, legal guardian, or eligible student may review PII contained in the related student’s records and correct erroneous information, consistent with the functionality of Services.DLG shall respond in a reasonably timely manner to the CTSO/Primary Account Holders request for PII contained in a student’s records held by DLG to view or correct as necessary. In the event that a parent/legal guardian of a student or other individual contacts DLG to review any of the students records or student data accessed pursuant to the Services, DLG shall refer the parent or individual to the CTSO/Primary Account Holder and User of the system. In such event, CTSO/Primary Account Holder shall follow the necessary and proper procedures regarding the requested information.


Third Party Request: Should a Third Party, excluding a Service Provider, including law enforcement and government entities, contact DLG with a request held by DLG pursuant to Services, DLG shall redirect the Third Party to request the Student Date directly from the CTSO/Primary Account Holder and User. DLG shall notify the CTSO/Primary Account Holder and User in advance of a compelled disclosure to a third party unless legally prohibited.


No Unauthorized Use. DLG shall not use PII from Student data for any purpose other than explicitly for educational purposes and at the direction of the CTSO/Primary Account Holder.


Service Providers. DLG shall enter into written agreements with all Service Providers performing functions pursuant to Agreement, whereby the Service Providers agree to protect Student Data in a manner consistent with the terms of this Agreement.

  

Duties of CTSO/Primary Account Holder:


Provide Data in compliance with FERPA. CTSO/Primary Account Holders shall provide student data in compliance with any applicable state or federal laws and regulations (including FERPA) pertaining to data privacy and security applicable to CTSO/Primary Account Holder User. If CTSO/Primary Account Holder User provides education records to DLG, CTSO/Primary Account Holder User represents, warrants and covenants to DLG, as applicable, that CTSO has:


1. Complied with all applicable provisions of FERPA relating to disclosures to school officials with a legitimate educational interest, including, without limitation, informing parents in their annual notification of FERPA rights that the Partner School defines “school official” to include service providers and defines “legitimate educational interest” to include services such as the type provided by DLG; or 


2. obtained all necessary parental or eligible student written consent to share the Student Data with DLG, in each case, solely to enable DLG operation of the Services.


3. CTSO/Primary Account Holder, warrants, and covenants to DLG that it shall not provide information to DLG from any student or parent/legal guardian that has opted out of any student information that is being provided. DLG depends on CTSO/Primary User to ensure that the CTSO/primary user is complying with the FERPA provisions regarding the disclosure of any student information that will be shared with DLG.


4. Reasonable Precautions. CTSO/Primary Account Holder shall take reasonable precautions to secure usernames, passwords, and any other means of gaining access to the Services and hosted data in accordance with the Agreement and applicable law.


5. Unauthorized Access Notification. CTSO/Primary Account Holder shall notify DLG immediately of any known or suspected unauthorized access of the online software platform or student data. CTSO/Primary Account Holder will assist DLG in any efforts by DLG to investigate and respond to any unauthorized use or access.


6. The CTSO/Primary Account Holder principal contact shall serve as the representative of the CTSO/Primary Account Holder for the coordination and fulfillment of the duties of this Data Privacy Agreement.

  

Duties of DLG Enterprises, Inc.


1. Privacy Compliance. DLG shall comply with all applicable state laws of the jurisdiction in which the CTSO/Primary Account Holder is located and federal laws and regulations pertaining to data privacy and security, applicable to DLG in providing Services to CTSO/Primary Account Holder.


2. Authorized Users. The student data shared pursuant to this agreement, including persistent unique identifiers, shall be used for no purpose other than for educational services and only used set forth in this agreement and/or as otherwise legally permissible. The foregoing does not apply to any De-Identified Data.
 

3. Employee Obligation. DLG shall require all employees and agents who have access to student data to comply with all applicable laws with respect to the student data. DLG agrees to require and maintain an appropriate confidentiality agreement from each employee with access to student data.


4. No Disclosure. DLG shall not disclose any student data obtained in a manner that directly identifies an individual student to any other entity except as authorized by this Agreement. DLG will not sell student data. Additionally, DLG will not trade or transfer student data to any third parties except with the prior written consent of the CTSO/Primary Account Holder. The prohibition on disclosing, trading, or transferring student data does not apply to the access to or disclosure of student data to (a) CTSO/Primary Account Holder (b) to authorized users, including parents or legal guardians, (c) as permitted by law or (d) to service providers, in connection with operating or improving our services.


5. De-Identified Data. De-Identified Data may be used for any lawful purpose including, but not limited to, operating and improving services. 


6. Disposition of Student Data. DLG Shall, at CTSO/Primary Account Holder request, dispose of or delete all PII contained in Student Data within a reasonable time period following a written request. If a written request is received from a CTSO/Primary Account Holder, DLG shall transfer said PII contained in the Student Data to the CTSO/Primary Account Holder or CTSO/Primary Account Holder designee within Sixty (60) days of date of such written request by CTSO/Primary Account Holder, as required by law, and according to a schedule and procedure as DLG and the CTSO/Primary Account Holder may reasonably agree. If no written request is received, DLG shall dispose of or delete all PII contained in student data at the earlies of (a) when it no longer needed for the purpose for which it was obtained or (b) as required by applicable law. Disposition shall include (1) the shredding of any hard copies of any PII contained in Student Data; (2) erasing any PII contained in Student Data; or (3) otherwise modifying the PII contained in Student Data to make it unreadable or indecipherable or de-identified. DLG shall provide written notification to the CTSO/Primary Account Holder when the PII contained in the Student Data has been disposed. The duty to dispose of Student Data shall not extend to De-Identified Data.


7. Advertising Prohibition. DLG shall not use PII contained in Student Data to (a) serve behaviorally Targeted advertising to students or families/guardians; or (b) develop a profile of a student for any commercial purpose other than providing the services to the CTSO/Primary Account Holder. DLG shall not use or disclose PII contained in Student Data for Third Party Advertising.


8. Data Security. DLG agrees to employ administrative, physical, and technical safeguards designed to protect Student Data from unauthorized access, disclosure, and use or acquisition by an unauthorized person, including when transmitting and storing such information. The general security duties of DLG are set forth below. 


9. Passwords and Employee Access. DLG shall use commercially reasonable precautions to secure usernames, passwords, and any other means of gaining access to the Services or to Student Data. DLG shall only provide access to Student Data to employees, contractors or Service Providers that are performing the Services. DLG shall conduct criminal background checks of employees prior to providing access to Student Data and prohibit access to Student Data by any person with criminal or other relevant unsatisfactory information that presents an unreasonable risk to the CTSO/Primary Account Holder or its Users.


10. Security Protocols. Both DLG and the CTSO/Primary Account Holder agree to maintain security protocols that meet industry best practices in the transfer or transmission of any Student Data, including ensuring that Student Data may only be viewed or accessed by individuals or entities legally allowed to do so. The foregoing does not limit the ability of DLG to allow any necessary Service Providers to view or access data as set forth in this agreement. DLG shall maintain all Student Data obtained or generated pursuant to this agreement in a secure computing environment and shall not copy, reproduce, or transmit data obtained pursuant to this agreement, except as necessary to fulfill the purpose of data requests by the CTSO/Primary Account Holder or as otherwise set forth in this Agreement.


11. Employee Training. DLG shall provide periodic training to those of its employees who operate or have access to the Online Software Platforms.


12. Security Technology. When the services are accessed using a supported web browser, DLG will ensure that the SSL or equivalent technology that protects information, using both server authentication and data encryption is used to help ensure the student data is transmitted in a safe and secure manner. DLG shall host data using a firewall that is updated according to industry standards.

  

Data Breach – Incident Notification


1. In the event that DLG becomes aware of any actual or reasonably suspected unauthorized disclosure of or access to student data, DLG shall provide notice to the CTSO/Primary Account Holder as required by the applicable state law


2. Unless otherwise required by the applicable law, the security incident notification shall be written in plain language, shall be titled “Notice of Data Breach,” and shall present the information described herein under the following headings: “What Happened, ” What Information Was Involved,” What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.


3. The Security Incident Notification described above shall include such information required by the applicable state law and the following information:


     a. The name and contact information of the CTSO/Primary Account Holder subject to this section.


     b. A list of the types of PII that were or reasonably believed to be subject to the Security Incident.


     c. If the information is known at the time of the Security Incident Notification is provided then either (1) the date of the Security Incident, (2) the estimated date of the Security Incident, or (3) the date range within which the Security Incident Occurred. The Security Incident Notification shall also include the date of the notice.


     d. Whether, to the knowledge of DLG at the time of notice is provided, the notification was delayed as a result of a law enforcement investigation or request.


     e. A general description of the Security Incident, if that information is possible to determine at the time the notice is provided.


     f. At DLG’s discretion, the Security Incident Notification may also include any of the following:


     i. Information about what DLG has done to protect the individuals whose PII has been breached by the Security Incident.


     ii. Advice on steps that the person whose PII has been breached may take to protect himself or herself.


Infrastructure Security:


Firewalls and Intrusion Detection/Prevention Systems (IDS/IPS): Protect against unauthorized access and cyberattacks; Encryption: Ensure data transmission (HTTPS) and storage are secure;  Integrated Certificate Server, SSL with 256-bit Encryption; Database Backup and Recovery: Regularly back up data to prevent loss in the event of hardware failure or cyber incidents; Monitoring and Management: Managed Services that monitor bandwidth usage, server performance, and uptime; Logging and Analytics: Track user activity, performance metrics, and system health; Technical Support: Dedicated team for troubleshooting and resolving issues promptly; Compliance and Reliability: The platform meets compliance requirements. Architecture to minimize downtime through redundant components and failover mechanisms. Disaster Recovery plan procedures to restore operations in the event of catastrophic failure; 

  

a. We work directly with a third-party cyber security company that provides penetration testing and auditing of all our online software applications


b. We work directly with a managed services team that monitors and manages our servers to ensure uptime, security, and timely updates.


c. We work directly with our state-of-the-art data center, which features diverse power entrances, multiple generators, redundant uninterruptible power systems, and modular automatic transfer switches with dual power feeds and two separate substations. The facility provides 24/7 onsite security, secure entrance and exit procedures with multi-factor authentication, and comprehensive access control. It also includes biometric authentication, customizable cabinet locking options, and video surveillance—both interior and exterior—retained for over 90 days. Additionally, the data center is compliant with ISO 27001, SOC 1 Type 2, SOC 2 Type 2, and PCI DSS standards.


d. Risk Assessment and Management:


     i. Conduct risk assessments to identify vulnerabilities and prioritize security measures based on potential impact.


     ii. Enforce least privilege principles to restrict access based on roles and responsibilities.


     iii. Utilize firewalls, intrusion detection and prevention systems (IDS/IPS) to secure network perimeters and monitor traffic for suspicious activities.


     iv. Data Encryption using protocols like HTTPS to prevent unauthorized access.


     v. Implement data loss prevention (DLP) measures 


     vi. Follow secure coding practices and conduct regular security assessments (e.g., code reviews, penetration testing) of the platform and its components.


    vii. Ensure third-party integrations and dependencies are secure and regularly updated.


We Maintain Business Liability, Errors & Omissions (E&O), and Cybersecurity Insurance. 


Copyright © 2001- 2025 DLG Enterprises, Inc. - All Rights Reserved.

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

DeclineAccept