InterMountain ESD Logo

Privacy Policy

Last updated: November 11, 2025

This Privacy Policy describes how InterMountain Education Service District ("InterMountain ESD", "we", "us", or "our") collects, uses, shares, and protects personal information when you use our online and mobile services.

This Privacy Policy applies to all websites, applications, and other online services operated by InterMountain ESD that link to or display this Privacy Policy (collectively, the "Services").

By using the Services, you agree to the collection and use of information in accordance with this Privacy Policy.

Interpretation and Definitions

Interpretation

Words with the initial letter capitalized have meanings defined below. The following definitions have the same meaning whether they appear in singular or plural.

Definitions

For the purposes of this Privacy Policy:

  • You means the individual accessing or using the Services, or the school district, organization, or other legal entity on behalf of which such individual is accessing or using the Services, as applicable.

    Under GDPR (General Data Protection Regulation), You can be referred to as the Data Subject or as the User as you are the individual using the Service.

  • Company (referred to as either "the Company", "we", "us" or "our") refers to InterMountain Education Service District, 2001 SW Nye Avenue, Pendleton, OR 97801.

  • Account means a unique account created for you or your organization to access the Services or parts of the Services.

  • Applications means any software applications we provide for use on a device in connection with the Services.

  • Device means any device that can access the Services such as a computer, cellphone, tablet, or other internet-connected device.

  • Websites means the public and authenticated websites that make up the Services and are operated by InterMountain ESD.

  • Services refers collectively to the Websites, Applications, and any other online or mobile services operated by InterMountain ESD that link to or display this Privacy Policy.

  • Country refers to the State of Oregon, United States.

  • Service Provider means any natural or legal person who processes data on behalf of the Company, such as hosting providers, email delivery services, and other vendors that help us provide and support the Services.

  • Personal Data means any information that relates to an identified or identifiable individual.

  • Usage Data means data collected automatically, either generated by the use of the Services or from the Service infrastructure itself (for example, the duration of a page visit or log data).

  • Cookies are small files placed on your Device by a website, containing details of your browsing history or other information the site needs to store.

  • Do Not Track (DNT) is a concept promoted by U.S. regulatory authorities for allowing internet users to control the tracking of their online activities across websites.

Note on roles: In many cases, InterMountain ESD provides the Services as a service provider or school official to school districts and other organizations. Those organizations generally determine what information is collected and how it is used, and we process that information under our agreements with them and in accordance with applicable law (such as FERPA, where applicable).

Collecting and Using Your Personal Data

Types of Data Collected

  1. Account and Contact Information

    2. When you create an Account or otherwise interact with the Services, we may ask you to provide certain personally identifiable information that can be used to contact or identify you, such as:

    • First and last name
    • Email address
    • Phone number
    • Mailing address (address, city, state, ZIP/postal code)
    • Organization or school district affiliation
    • Role or job title (if applicable)

    The specific information collected depends on the particular Service and how your school district or organization uses it.

  2. Form, Registration, Order, and Submission Data

    3. Many of our Services are used by school districts and other organizations to collect information through online forms, registration processes, orders, or similar workflows. When you or your organization submit information through these processes, we collect the information entered, which may include:

    • Information about students, parents/guardians, staff, and other individuals
    • Identifiers such as student ID numbers or other internal identifiers
    • Contact information, demographic information, and other details requested on a particular form
    • Information about registrations, requests, purchases, or print jobs, depending on the Service

    The specific data collected is determined by the organization that created the form or process and may vary by district, program, or Service.

  3. Uploaded Documents and Attachments

    4. Some Services allow you to upload files (such as PDFs, images, or other documents). We collect and store those uploaded files as part of providing the Services.

  4. Usage Data

    5. Usage Data is collected automatically when using the Services. Usage Data may include:

    • Internet Protocol (IP) address of your Device
    • Browser type and version
    • Pages of the Services you visit
    • Time and date of your visit
    • Time spent on pages
    • Unique device identifiers
    • Other diagnostic or log data

    When you access the Services via a mobile device, we may collect similar information, such as the type of mobile device, mobile operating system, mobile browser type, and device identifiers.

  5. Information Collected by Applications (Location and Camera)

    6. For Applications that support features using location or camera access, and only with your Device's permission, we may collect:

    • Location information - to support features that depend on knowing approximate or precise location (if used by the Service).
    • Camera and photos - such as pictures or images you choose to capture or upload through an Application, for example to attach images to requests or orders.

    This information is used only to provide Application features you choose to use, and may be stored on your Device, uploaded to our servers, and/or processed by our Service Providers as necessary. You can enable or disable access to these features at any time through your Device settings.

  6. Cookies and Tracking Technologies

    7. We use Cookies and similar tracking technologies (such as tags and scripts) to:

    • Operate and secure the Services
    • Remember your preferences (such as login state)
    • Analyze usage and improve the Services

    You can set your browser to refuse all Cookies or to indicate when a Cookie is being sent. If you disable Cookies, some features of the Services may not function properly.

    We generally use:

    • Necessary / Essential Cookies (session): Required to provide the Services and authenticate users.
    • Functionality Cookies (persistent): Remember choices you make (such as login details or preferences) to provide a more personal experience.

    If we use additional analytics or similar tools, those will be used in a manner consistent with this Policy and our role as a service provider to districts and organizations.

Use of Your Personal Data

We may use Personal Data for the following purposes:

  • To provide and maintain the Services

    • Including operating forms, registrations, requests, purchasing, printing, or other workflows; processing submissions and orders; and monitoring usage for reliability, performance, and security.

  • To manage Accounts

    • To create and manage user or organization Accounts and provide access to the appropriate features of the Services.

  • For the performance of agreements

    • To perform our agreements with school districts and other organizations that use the Services, and to fulfill related requests.

  • To contact you

    • To contact you by email, phone, or other means regarding Service-related information, such as updates, notices, or support communications.

  • To support and improve the Services

    • To respond to your requests, provide technical support, troubleshoot issues, and improve functionality, security, usability, and performance.

  • To comply with law and our agreements

    • To meet legal, regulatory, and contractual obligations, including obligations related to education records and student data, where applicable.

We do not use student education records for targeted advertising or for other independent commercial purposes.

How We Share Personal Data

We may share Personal Data as described below. We do not sell or share Personal Data as "sale" or "sharing" of personal information are defined under applicable California privacy law (currently CCPA and CPRA).

We may share Personal Data:

  1. With your school district or organization
    • For Services used by school districts and other educational agencies, we process information on their behalf.
    • For Services that support homeschool registration or similar programs, we may share your Personal Data with your resident school district and relevant state education agency (for example, the Oregon Department of Education) as required for enrollment, reporting, or other program needs.
    • For other workflows (such as secure forms, purchasing, or printing), information is made available to appropriate staff within your district or organization consistent with their use of the Service.
  2. With Service Providers
    • We use trusted Service Providers (such as hosting providers, infrastructure vendors, and communication tools) to help operate and secure the Services.
    • These Service Providers are permitted to use Personal Data only to provide services to us and are not allowed to use it for their own marketing or other independent purposes.
  3. For business continuity or organizational changes
    • If InterMountain ESD is involved in a merger, reorganization, or similar event affecting the Services, Personal Data may be transferred as part of that event, subject to this Policy or a successor policy that offers at least comparable protections.
  4. For legal and safety reasons

    5. We may disclose Personal Data in good faith when we believe such action is necessary to:

    • Comply with a legal obligation, court order, or lawful request by public authorities;
    • Protect and defend the rights or property of InterMountain ESD;
    • Prevent or investigate possible wrongdoing in connection with the Services;
    • Protect the personal safety of users of the Services or the public; or
    • Protect against legal liability.

We do not sell personal information and do not permit Service Providers to use personal information from the Services for targeted advertising or other unrelated commercial purposes.

Retention of Your Personal Data

We retain Personal Data for as long as necessary to:

  • Provide the Services and support the purposes described in this Policy;
  • Comply with legal and regulatory requirements (for example, records retention rules or reporting obligations);
  • Resolve disputes; and
  • Enforce our agreements.

Usage Data is generally retained for a shorter period of time unless it is used to improve security or functionality, or we are legally obligated to retain it longer.

Where we process Personal Data on behalf of a school district or other organization, we retain and delete information in accordance with our agreements with that organization and their instructions.

Location of Processing

Personal Data collected through the Services is generally processed and stored in the United States. We use reasonable safeguards to protect your information and only transfer it to Service Providers that provide appropriate protections for your data.

Security of Your Personal Data

We use commercially reasonable physical, technical, and administrative measures to protect Personal Data against loss, misuse, and unauthorized access, disclosure, alteration, and destruction. These measures may include encryption in transit, access controls, logging, and other safeguards appropriate to the nature of the data.

However, no method of transmission over the Internet or method of electronic storage is 100% secure, and we cannot guarantee absolute security.

Student and Education Records

When the Services are used by school districts or educational agencies, some of the information we process may be considered education records or otherwise protected student information. In these cases:

  • We handle student information as a school official or service provider, subject to the direct control of the educational agency and consistent with applicable laws such as the Family Educational Rights and Privacy Act (FERPA), where applicable.
  • We do not use student education records for targeted advertising or to create student profiles for our own purposes.
  • We do not sell student Personal Data.

Districts or agencies remain responsible for providing access, correction, or other rights related to student education records under FERPA and similar laws.

Your Privacy Rights

Depending on your relationship to InterMountain ESD and the laws that apply to you, you may have certain rights regarding your Personal Data, such as the rights to:

  • Request access to Personal Data we maintain about you;
  • Request correction of inaccurate or incomplete Personal Data;
  • Request deletion of Personal Data, subject to legal and contractual obligations;
  • Object to or restrict certain processing, where allowed by law;
  • Receive a copy of certain information in a portable format; and
  • Withdraw consent where processing is based on consent (without affecting processing that occurred before withdrawal).

For requests related to student education records, we may need to coordinate with your school district or educational agency.

To exercise any of these rights, contact us using the information in the Contact Us section below. We may need to verify your identity before responding.

Additional Information for California Residents

If you are a California resident, you may have additional rights under California privacy laws (currently including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA)), such as:

  • The right to know the categories of Personal Data we collect, the categories of sources, the purposes for which we use it, and the categories of third parties with whom we share it;
  • The right to access specific pieces of Personal Data we have collected about you;
  • The right to request deletion of certain Personal Data, subject to legal and contractual exceptions;
  • The right to correct inaccurate Personal Data; and
  • The right not to receive discriminatory treatment for exercising your privacy rights.

As noted above, InterMountain ESD does not sell or share personal information as "sale" or "sharing" are defined under California law.

To exercise these rights, you can contact us using the details in the Contact Us section. We will respond to verifiable requests within the timeframes required by law.

Additional Information for Individuals in the EEA/UK (GDPR)

Although our Services are primarily directed to users in the United States, individuals in the European Economic Area (EEA) or United Kingdom may have certain rights under the General Data Protection Regulation (GDPR) or similar laws, including rights to:

  • Access, correct, or delete Personal Data;
  • Restrict or object to certain processing;
  • Data portability; and
  • Lodge a complaint with a supervisory authority.

Where GDPR applies and we act as a data controller, we may process Personal Data on the following legal bases:

  • Your consent;
  • Performance of a contract or pre-contractual steps;
  • Compliance with legal obligations;
  • Protection of vital interests;
  • Performance of a task carried out in the public interest; or
  • Our legitimate interests, provided they are not overridden by your rights and interests.

To exercise these rights, contact us using the information in the Contact Us section.

"Do Not Track" Signals

Our Services do not respond to "Do Not Track" signals from web browsers.

Some third-party websites or services may track your browsing activities. You can usually configure your browser settings to send a "Do Not Track" signal or otherwise limit tracking; please refer to your browser's help documentation for more information.

Links to Other Websites

The Services may contain links to websites or services that are not operated by us. If you click on a third-party link, you will be directed to that third party's site.

We are not responsible for the content, privacy policies, or practices of any third-party sites or services. We encourage you to review the privacy policy of every site you visit.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do so, we will:

  • Post the updated Privacy Policy on this page, and
  • Update the "Last updated" date at the top of this Privacy Policy.

In some cases, we may provide additional notice (such as a banner or email) if changes are material or required by law.

Changes to this Privacy Policy are effective when posted, unless otherwise specified.

Contact Us

If you have any questions about this Privacy Policy or our privacy practices, you can contact us:

By email:
Privacy@imesd.k12.or.us

By phone:
(541) 966-3100

By mail:
InterMountain Education Service District
Attn: Data Privacy
2001 SW Nye Avenue
Pendleton, OR 97801