Use of Personal Information
Cadet Portfolio (CP) does not collect any Personally Identifiable Information ("PII") unless you voluntarily provide PII by email, survey participation, online form, or directly within the Cadet Portfolio system. PII you submit will not be transferred to any non‐affiliated third parties unless otherwise stated in this policy or at the time of collection. All third parties that have a need-to-see or need-to-know will be required to enter into a Memorandum of Understanding (MOU), which provides legal protection of any PII data.
We may use or disclose collected PII data for fulfilling the reason you provided the information, responding to inquiries, communicating with you and managing your participation in special events/programs/offers, perform data analyses, maintain integrity of our website, protect against unlawful activity, and comply with relevant legal policies. We also may use the information in other ways for which we provide specific notice at the time of collection.
Privacy and Personally Identifiable Information (PII). Cadet Portfolio anticipates that it will follow the precedent of JROTC Unit Management System ("JUMS") for cadet data collection of PII. It is expected that all data will be generated by the cadet or other related users in their profile. All PII will be maintained in compliance with applicable state and federal laws and regulations governing same, including without limitation, to the extent applicable (i) the Department of Defense Privacy Program (32 CFR, Subtitle A, Chapter I, Subchapter O, Part 310); and (ii) The Privacy Act of 1974 (5 U.S.C., subsection 552a). Cadet Portfolio will perform periodic assessments to ensure that PII is maintained in compliance with existing and future updates to privacy laws.
Where consent for the use and disclosure of personal information is required, the company will release the information pursuant to applicable law. You have a right to request information about the personal data Cadet Portfolio holds about you. You have the right at any time to ask for access to your personal data. Additionally, you can object to our processing of your personal data, and request for the correction, restriction, or deletion of your personal data and data portability.
In order to use this website, a user must first complete the registration form. During registration a user is required to give certain information (e.g., name, email, gender, date of birth, educational, employment, resume, financial, awards, test results / grades, work experience, height, weight, measurements). This information can be used to contact or enable you regarding the government contracted products/services on our site that you have expressed interest.
Like most standard website servers, we use website statistic packages such as Google Analytics to analyze trends in how our website is accessed and utilized. Information monitored includes Internet protocol (IP) addresses, geographic location of visitors (country, city), browser type, Internet service provider (ISP), referring/exit pages, platform type, date/time stamp, time spent on pages, and keywords used to find our site via search engines. We may use it to identify high‐use or low‐use areas of the site, pinpoint problem areas of the site, use for security purposes, analyze broad demographic trends in our visitors, and make decisions about how to make it easier for people to find and navigate our website.
This website uses Google Analytics to help understand how visitors engage with the site. Your web browser automatically sends certain information to Google. This information is anonymous and cannot be directly linked to individual users. This includes, for example, the web address of the page that you are visiting and your IP address. Google may also set cookies on your browser, or read cookies that are already there. If you would like further information on how Google uses data when you use our website, you may visit http://google.com/policies/privacy/partners.
This website takes every precaution to protect our users' personal information. We have implemented appropriate security measures to reduce the risk of accidental destruction or loss or the unauthorized disclosure or access to such information appropriate to the nature of the information concerned. Whenever users submit personal information, registration, or online purchase, upon submission that information is encrypted via TLS (Transport Layer Security), which replaced and superseded SSL (Secure Sockets Layer). Our servers are maintained behind highly protected firewalls certified by the Joint Authorization Board (JAB). Our system software is hosted in the secured Impact Level 4 (IL4) GovCloud servers, using digital certificates, compliant with Federal Government Standards AR 2522. Servers that store personally identifiable information are also encrypted for additional Data at Rest (DAR) protection.
We store your personal information for as long as is reasonably necessary for the purposes of which it was collected. Retention of your PII data lasts for the duration of your relationship with CP and/or its systems. Destruction and disposal of your PII data occurs upon termination of that relationship and/or CP systems utilization. In certain circumstances, we may store your information for longer periods of time in accordance with government contractual, legal, regulatory, or tax requirements. In specific circumstances we may store your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or dealings. Cadet Portfolio will utilize Amazon Web Services ("AWS") GovCloud for Cloud Hosting (https://aws.amazon.com/security). AWS is currently used by many different federal governmental agencies and subdivisions, including the Department of Defense, the National Security Agency and the Central Intelligence Agency. Through AWS, Cadet Portfolio will maintain data security under the AWS shared responsibility model to ensure full compliance with The Family Education Rights and Privacy Act of 1974, as amended ("FERPA") (https://goo.gl/WE6PhF). Cadet Portfolio, through AWS GovCloud, offers a host of features to ensure full FERPA compliance, which features can include cross-service security controls, service-specific security controls, optimized networks, and operating system and applications controls. Cadet Portfolio's use of AWS GovCloud allows for fully customizable services to allow the creation of a FERPA-compliant environment, including use of such tools as necessary or required by FERPA, which includes firewalls, authentication and authorization, private subnets, encrypted data storage, dedicated connection options, perfect forward secrecy, security logs, and other cutting-edge and FERPA-compliant data security services and features. In addition to FERPA compliance, Cadet Portfolio will maintain and secure data in compliance with all applicable federal and Department of Defense contracting requirements, including without limitation, to the extent applicable (i) Defense Federal Acquisition Regulation Supplement (" DFARS") Parts 202, 204, 212, 239 and 252, with specific reference to DFARS regulations 252.204-7010 and 252.204-7012; (ii) security controls based upon National Institute of Standards and Technology ("NIST") Special Publication 800-171; (iii) Federal Risk and Authorization Program ("FedRAMP") processes, including compliance with the Cloud First Policy as applicable; (iv) the Department of Defense Security Requirement Guide; and (v) the Federal Information Security Management Act of 2002 (44 U.S.C. § 3541, et seq.). Additionally, to the extent necessary to comply with existing or future data security requirements, Cadet Portfolio publishes System of Records Notices (SORNs) in the Federal Register, in whole or part, as may be applicable or necessary. Under no circumstances are credit card numbers permanently stored on our website servers.