Effective January 1, 2020
Everything we do is focused on improving student success and educational outcomes. We believe that students have the right to benefit from their data and enhance their likelihood to complete their academic and learning journey. In order to support students and higher education institutions, we collect data critical to improving educational outcomes as requested by our partner institutions.
As FERPA-compliant stewards of institutional information, we prioritize student privacy. We do not sell data to third parties and we work to protect data through industry best practices, including through encryption and de-identification.
By using our Sites and Services you accept that your personal information will be handled as described in this Policy. Your use of our Sites and Services, as well as any related privacy dispute, is subject to this Policy.
For specific security or privacy questions, please email firstname.lastname@example.org.
OUR COMMITMENT TO PRIVACY
INFORMATION WE COLLECT ABOUT YOU
We may collect information about you directly from you, as well as through your use of our Sites or Services. In addition, we may receive your information from educational institutions where you are currently, or were previously, enrolled as a student or worked as an employee. This information helps us to update, improve and analyze our Sites and Services, identify new customers, and provide products and services that may be of interest to you. If you provide us with personal information about others, or if others give us your information, we will only use that information for the specific reason for which it was provided to us or for other purposes set out in this Policy.
Information We Collect Directly From You
The type of information we collect from you depends on your interaction with our Sites and our Services. Most of our Services require users to have a registered account in order to access the application. You may register for a Service directly, or you may be registered by your educational institution. Registration information may include your email address, name, and business title.
If you contact us directly (including through our customer service platform), we may collect your name, email address, phone number, and any information that you choose to provide to us, either through our Sites or Services. You may also register for our events, webinars, or publications. We may collect and use your registration information, including payment information, to complete your registration or to deliver the content you request.
If you are a student user, we may also collect information about your classes, degree, career goals, course plans, and any other information collected through your use of our Sites or Services, such as communications you make through our services to your advisor.
We also collect and process common human resources data from employees and contractors as necessary.
Information that We Collect About You from Your Educational Institution
If you are a student, we may also receive information about you from your educational institution. This may include information from your educational institution’s student information system or learning management systems. These databases typically include personal information such as a student’s name, date of birth, student ID, and home address, as well as educational data, employment data, demographic data, and other data that is collected by your educational institution about you. We may also use the information we collect from your educational institution and our Services to derive additional data about you.
Information We Collect Automatically
We may automatically collect the following types of information about your use of our Sites and Services through cookies and other technologies, including for example, your browser type and operating system; your IP address; information about the device you use to access our Sites and Services; how you use the Sites and Services; login and logout timestamps, and the length of time you use our Sites or Services. We may combine this information with other information that we have collected about you, including, where applicable, your name, and other personal information. Please see the section “Cookies and Other Tracking Mechanisms” below for more information.
CONTROL OF YOUR INFORMATION
Users of our Sites and Services residing in certain countries or areas, such as the EU, are afforded certain rights regarding their personal information. Except where an exception or exemption applies, these rights may include the ability to request access to, correct, and/or deletion of your personal information that we hold, as well as the right to request information about our data collection practices and the right not to be treated any differently for exercising any of the foregoing rights. While these rights are not globally applicable, our users and customers are entitled to access their personal information that we hold.
Civitas has no direct relationship with many of the individuals whose personal information it processes. Therefore, if you seek to access, correct, amend, or delete data associated with this Sites or our Services, you should first direct your request to your educational institution or employer.
If you wish, you may also direct questions or any of the above requests regarding your privacy rights by contacting us at email@example.com. Residents of California may also designate an authorized agent to exercise certain privacy rights on their behalf, and should make any such request by contacting the above email address. We will respond to your request within a reasonable timeframe, unless, for reasons beyond our control, a longer response time is necessary, in which case, you will be advised accordingly. Please note that we may retain certain information as required by law or as necessary for our legitimate business purposes as described below.
THE WAY WE USE INFORMATION
We primarily use the information that we collect or receive about you to respond to your requests and improve our Sites and Services. We also may use your information, including personal information, for the following purposes:
- To respond to your inquiries and for other customer service purposes;
- To keep your personal information secure and protect our Sites and Services (including to verify user identities and prevent fraud and abuse);
- To personalize your experiences while using our Sites and Services;
- To enable us to provide you with our Services, and to improve and promote our Services;
- For research, historical, and analytical purposes;
- For marketing and promotional purposes. For example, we may use your information, such as your email address, to send you news and newsletters or to otherwise contact you about products or information we think may interest you;
- To better understand how users access and use our Sites both on an aggregated and individualized basis; and
- As permitted or required by law.
Cookies: Cookies are small files that are placed onto your device (e.g., computer, smartphone or other electronic device) that store information when you visit a website. Pixel tags (also called web beacons, clear gifs, or tags) are a similar technology that consists of small images or snippets of code that can help the website owners learn how you interact with websites and emails.. Some cookies allow us to make it easier for you to navigate our Sites and Services, to deliver relevant local resources, remember browser preferences, and improve our visitors’ experiences on the sites. There are two types of cookies: session and persistent cookies.
- Session Cookies: Session cookies exist only during an online session. They are typically deleted from your computer when you close your browser or turn off your computer. We use session cookies to allow our systems to uniquely identify you during a session or while you are logged into the Sites or a Service. This allows us to process your online transactions and requests and verify your identity, after you have logged in, as you move through our Sites.
- Persistent Cookies: Persistent cookies remain on your computer after you have closed your browser or turned off your computer. We use persistent cookies to track aggregate and statistical information about user activity.
Disabling Cookies: Most web browsers automatically accept cookies, but if you prefer, you can edit your browser options to block them in the future. The Help portion of the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. Visitors to our Sites who disable cookies will be able to browse certain areas of the Sites, such as the cart feature, which holds your order, but some features may not function.
Third Party Analytics
Our systems do not recognize browser “do-not-track” requests. You may, however, disable certain tracking as discussed above (e.g., by disabling or declining cookies).
EUROPEAN UNION RESIDENTS
Data protection law in Europe requires a “lawful basis” for collecting and retaining personal information from residents of the European Economic Area. Our lawful bases include, but are not limited to:
- Performing the contract we have with you: In certain circumstances, we need your personal data to comply with our contractual obligation to deliver our services, and assist with any questions you may have.
- Legal compliance: Sometimes the law says we need to collect and use your data.
- When you give your consent: For some processing and data collection, we will seek your consent before collecting and using your information. To the extent we rely on your consent for data processing or collection, you may withdraw your consent at any time by contacting us as described at the bottom of this Policy.
- Legitimate interests: This is a term in data protection law that allows us to process your Personal Information if we have a fair reason to use your data, and only if we do so in ways which do not hurt your interests and rights. We sometimes require your data to pursue our legitimate interests in running our business, including fraud prevention, improving our Sites and Services, quality assurance, and marketing purposes, as long as our use of your data does not materially impact your rights, freedom or interests. This allows us to improve and develop the quality of our Services and the online experience we offer all our customers.
HOW INFORMATION MAY BE SHARED
Civitas does not sell or rent any of your personal information, and we will never share your personal information publicly without your consent. However, we may share your information with certain trusted third-party services to help us provide, improve, promote, or protect our services. For example, we may store your data on a third-party data storage service to support delivery of our services. We may also share your data with third-parties to provide services such as processing your payment transactions, improving our Services, or to provide other services. Whenever we share data with such third-party services, we require that they use your information only for the purposes we’ve authorized, and that they protect your personal information at least to the same standards we do. We also reserve the right to disclose personal information when it is reasonably necessary to conduct our business, to protect our legal rights and property, and to comply with the law or law enforcement. Otherwise, your personal information is never shared with any individual or other organization in a way that is inconsistent with this Policy.
Civitas retains personal information as long as is necessary for the purposes set out above. This is a case by case determination that depends on things like the nature of the data, why it is collected, why it is processed, and relevant legal or operation retention needs. For example, we may retain your data to effectively provide you the Services, as well as to improve our historical and statistical analytics. We may also be legally required to hold some types of information to fulfil our statutory obligations. We review our retention periods for personal information on a regular basis. When no longer required for any of the purposes set out in this Policy, we will destroy, erase, or anonymize your information. Legal requirements may also necessitate our retaining some or all of the personal information we hold for a period of time that is longer than we might otherwise hold it, including to resolve disputes, enforce our agreements, or to protect our legal rights.
SECURITY OF MY PERSONAL INFORMATION
We take security seriously, and the security of your personal data is important to us. We have implemented commercially reasonable and industry standard precautions to protect the information we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Please be aware no data security measures can guarantee 100% security.
Civitas does not knowingly collect any personal information from children under the age of 13, and children under 13 are not permitted to register for or use our services. If we become aware that a child under age 13 has provided us with personally identifiable information, we’ll delete it, unless another exception such as parental consent applies.
In certain situations, Civitas may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
We may also disclose your personal information as required by law, such as to comply with a subpoena or other legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
We store personal information about website visitors and subscribers within the European Economic Area (the “EEA”), the United States and other countries and territories. As a US-based company, to facilitate our operations, we may transfer and access such personal information from the United States, and other countries where our trusted third-party vendors may reside.
If you are visiting our Sites or use our Services from the EEA or other regions with laws governing data collection and use, please note that you are agreeing to the transfer of your personal information to the United States and other jurisdictions in which we operate. By providing your personal information, you consent to any transfer and processing in accordance with this Policy.
EU-U.S. PRIVACY SHIELD
Civitas, including each of Civitas Learning, Inc., Civitas Learning International LTD, Advise Stream, LLC, ClearScholar, Inc., and College Scheduler LLC, participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework. Civitas is committed to subjecting all personal data received from European Union (EU) member countries, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield website.
Civitas is responsible for the processing of personal data that it receives through the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Civitas complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Civitas is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Civitas may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
HOW TO CONTACT US
Attention: Data Protection Officer
100 Congress Ave. Suite 400
Austin, TX 78701
Civitas strives to satisfy our customers’ and visitors’ privacy concerns. We will reply as quickly as possible and inform you of the steps, if any, that have been or will be taken in order to address your concern or implement the suggestion. However, if you have contacted Civitas about your issue and are still unhappy with our response, and if you are also a resident of the European Economic Area, you may contact your local EU Data Protection Authority (DPA) regarding your issue. Civitas commits to cooperate with the panel established by the EU DPAs, and to comply with the advice given by the panel with regard to data transferred from the EU. More information is available here.
Finally, under certain conditions more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
CHANGES TO THIS POLICY
This Policy is current as of the Effective Date set forth above. Privacy laws and practices are constantly developing, and so our policies and procedures are under continual review, and we may change this Policy from time to time, so please be sure to check back periodically. We will post any changes to this Policy on our Sites. If we make any changes to this Policy that materially affect our practices with regard to the personal information that we have previously collected from you, we will endeavor to provide you with notice in advance of such change by highlighting the change on our Sites.