- FERPA Compliance
- Terms of Service
- Cookies Policy
- InCommon Participation
Last Updated: February 24, 2018
USE OF THE SITE AND THE SERVICES
Authorized Users, Independent Users and Trial Users, shall be referred to collectively as “End Users”.
WHO ARE WE AND HOW CAN YOU REACH US?
We’re Novalsys, Inc. (“Novalsys”) and we operate the Site and provide the Services. If you would like to contact us for any reason, including (i) to obtain more information about how we have received your information from your Organization or how we share your information with your Organization; (ii) how we process your information; or (iii) if you have any questions about the Site or the Services generally, please contact us at:
INFORMATION WE COLLECT AND RECEIVE
Personal data, or personal information, means any information about an individual from which that person can be identified.
We may collect, use, store, transfer and receive different kinds of personal information about you when you access and use the Site or Services, which we have grouped together as follows (collectively “Data”):
- Identity Data includes first name, last name, official first name, middle initial, maiden name, username or similar name, Organization identifiers (student ID, card number, etc.), title, nationality, languages, date of birth and gender.
- Contact Data includes email address(es), preferred email address, personal address, work address, work contact details and phone numbers.
- Transaction Data includes details about transactions which occur on our Site and through the Services, including payments to and from an End User and products and services an End User has purchased from the Groups. We do not store or come in contact with any credit card information.
- Technical Data includes internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices used by the user to access the Site and/or the Services. Include logs of all requests made by the user to the site
- Profile Data includes username and password, memberships in a group which is part of an Organization (a “Group”), membership end date, school program, degree, year of entry, year of graduation, work details (LinkedIn resume, company, work title), interests, preferences, feedback, surveys/forms/poll responses, platform join date, group officer status, validation status, opt-in subscriptions (sub-groups), member tags, posts on feeds.
- User Contributions includes any messages, photos, news, files or other content submitted through the Services by individual End Users.
- Usage Data includes information about how End Users use the Site and/or the Services – includes web analytics relating to usage of the Site and the platform in general and logs of all requests made by users to the Site, as well as usage of specific features of the Services such as events registration and attendance, tickets selected/purchased/cancelled, email engagement, member tags, likes and comments on feeds.
- Marketing and Communications Data includes any preferences in receiving marketing from us, Groups, the Organization, other relevant third parties, plus any communication preferences – e.g. ways in which the user may be contacted.
- Support Data includes any information that users of the Site or the Services provide when they contact or engage platform support regarding the Services.
- Special Categories of Personal Data includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data.
HOW IS YOUR INFORMATION COLLECTED?
We use different methods to collect information from and about you, including through:
You may submit certain Data when you use the Site and the Services. This includes (but is not limited to) personal information you share when you:
- Register or log on in your individual capacity or as an Organization administrator (“Organization Administrator”) or as a leader or an officer of your Group (“Group Officer”);
- Post material (including resumes, biographical information, and photos);
- Request further services, purchase tickets to an event, when you wish to join a Group, or when you report a problem with the Site or the Services. Please note that in some cases, recording your membership of a particular Group may involve the processing of Special Categories of Personal Data;
- Records and copies of your correspondence (including e-mail addresses), if you contact us;
- Respond to surveys that we, your Organization or your Group might ask you to complete for research purposes;
- Contact us with feedback or queries;
- Post User Contributions on public areas of the Site or transmit to other users of the Site or third parties.
Automated technologies or interactions
You are not under a statutory or contractual obligation to provide us with any personal information. However, certain information is collected automatically and if you don’t provide some information, such as account set-up details, we may be unable to provide the Services to you.
PURPOSES FOR WHICH YOUR INFORMATION IS USED
All End Users
We process personal information, as applicable, for our legitimate business interests as follows:
- Contacting Organization Administrators for invoicing, account management or other administrative reasons (not applicable to Trial Users);
- Carrying out data analytics, identifying usage patterns, customizing the Site and the Services to individual preferences, improving and enhancing user experiences, modifying the Site and the Services, developing new products and our business, auditing use and functionality of the Site and the Services, informing our marketing strategy, investigating and preventing service errors, security or technical issues, helping enforce compliance with our Terms of Service, protecting the Site and the Services, protecting our business;
- Asking you to complete a survey or feedback form to collect your views or comments on the services we provide, helping us study how End Users use our products and services to develop and grow our business;
- Responding to your requests, comments or queries relating to your use of the Site and the Services;
- Subject to your marketing preferences, making suggestions and recommendations to you about goods or services that may be of interest to you or your Organization. This may include emails about new product features, promotional communications or other CampusGroups news.
We may also process personal information as necessary to comply with a legal obligation.
Users Other than Trial Users
Where your Organization has requested that we make the Services available to its Authorized Users under the applicable Organization Agreement, or where you access these Services as an Independent User, your personal information may be used for the purpose of providing the Services to you. Some examples of how your information may be used include (but are not limited to):
- Publishing your Data to maintain an open directory of individuals affiliated with your Organization and your Groups (the membership of which may reveal particularly sensitive information, such as religious or philosophical beliefs, political opinions, sexual orientation, or racial or ethnic origin);
- Sharing your Data with affiliates of your Organization or Group;
- Sharing your Contact Data to enable you to receive communications from your Organization, your Groups and other individuals affiliated with your Organization;
- Enabling you to communicate with other individuals associated with your Organization or your Groups;
- Enabling you to register for events.
Trial Users Only
In addition to the uses applicable to all End Users, we process your information as necessary to perform our contract with you (as set out in the Terms of Service https://www.campusgroups.com/terms) to provide trial access to the Services, which includes but is not limited to registering you on the platform, sending you important service updates, responding to any queries or fulfilling your requests and providing features such as:
- Groups and Membership Management;
- Group Page Administration;
- Creating, Promoting and Managing Events;
- Creating and Managing Surveys, Forms & Polls;
- Facilitating Online Payments;
- Platform Analytics;
- Directory services;
- File Sharing;
- Discussion Feeds.
FOR HOW LONG DO WE KEEP YOUR INFORMATION?
Where we process your personal information on behalf of your Organization, we will retain your information in accordance with your Organization’s instructions and in accordance with any legal obligations.
When you connect your account with third party apps & platforms, such as Google Calendar or Zoom, we also store the data required for the integration you selected. When you disconnect the integration, the tokens used to access your data on the third party platform are deleted. Data which was retrieved through the integration prior to it being disabled may still be available on the platform if it is still in use, such as the Zoom meeting link for an event, unless specifically deleted. You may find additional details on how to disconnect an existing integration or how to delete your data on our help center.
HOW IS YOUR INFORMATION SHARED AND DISCLOSED?
This section describes how we may share and disclose your information. Please note that Organizations determine their own policies and practices for the sharing and disclosure of information.
Where we collect or receive personal information from Authorized Users and Independent Users through their use of the Site and the Services, we will only share and disclose information in accordance with the Organization’s instructions, including any applicable terms in the Organization Agreement and in compliance with applicable law.
Please Note: Some of the information you provide on the Site, including Profile Data, User Contributions and Group affiliations might be widely available to the public. You should also be aware that even pages that you mark as “private” in your settings will be accessible to Organization Administrators and Group Officers regardless of your privacy settings. If you do not want these individuals to see your information, please contact us at firstname.lastname@example.org and we will advise you regarding how your personal information can be removed from the Site.
We may disclose aggregated information about our users, and information that does not identify any individual, without restriction.
Organization Administrators, Group Officers, and other Organization representatives and personnel may be able to access, modify or restrict access to your personal information. This may include, for example, your Organization using features of the Services to export activity logs or modifying access to other Service features. Organization Administrators may also have access to your personal information where you create an account to access certain Services as an Independent User. If you have any questions about your Organization’s account settings, please contact us at email@example.com. Where appropriate, we will forward your message to your Organization.
Third Party Service Providers working on our behalf. We may pass your information to our third-party service providers, agents, subcontractors and other associated organizations for the purposes of completing tasks and providing services to you on our behalf or on behalf of your Organization or your Groups.
Purchases on Our Sites
Unless your Organization has made an alternative arrangement, when you purchase products or services on our Site, your transaction is processed by a third-party payment processor, who specializes in the secure online capture and processing of credit/debit card transactions. If you have any questions regarding secure transactions, please contact us at firstname.lastname@example.org.
Sale of Our Business/Legal Requirements
We may transfer your personal information to a third party as part of a sale of some or all of our business and assets or as part of any business restructuring or reorganization, or if we’re under a duty to disclose or share your personal information in order to comply with any legal obligation or to enforce or apply our Terms of Service or to protect the rights, property or safety of our supporters and customers.
Additional Sharing of Your Information
We may also share your information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
Direct Communications from Novalsys
You have a choice about whether or not you wish to receive information from us. If you do not want to receive direct marketing communications from us about the features of our Site and our products and services, you can opt-out by clicking the unsubscribe link in such communications or sending us an email stating your request to email@example.com.
Please Note: opting out of marketing communications from Novalsys does not mean that you will not receive:
- Messaging from other individuals through the Site;
- Messages from your Organization Administrators or Group Officers;
- Messages from us, your Organization or your Group if we need to contact you as a result of a product purchase, event registration, other transaction or other service-related matter.
If you do not want to receive any messages from individuals who are connected with the Site, please contact us at firstname.lastname@example.org and we will advise you regarding how your personal information can be removed from the Site.
INTERNATIONAL DATA TRANSFERS
Novalsys is based in the United States. We may therefore transfer your personal information to countries other than the one in which you live. For EEA data subjects, this may involve transferring your information outside the EEA.
ADDITIONAL INFORMATION FOR END USERS LOCATED IN THE EEA
For users of the Site located in the European Economic Area (“EEA”), data protection laws refer to the concepts of “data controllers” and “data processors”. A data controller decides how and why your information is used. A data processor is responsible for processing your information on behalf of the data controller and does so only in accordance with the controller’s instructions.
As a data processor we may use your Data in accordance with the written instructions of your Organization (as data controller), including any applicable terms in the Organization Agreement, and as required to comply with a legal or regulatory obligation.
As a data controller, we will use your Data:
- Where we have your explicit consent (for example, to collect and store Special Categories of Personal Data).
- Where we need to perform the contract we are about to enter into or have entered into with you.
- Where we need to comply with a legal or regulatory obligation.
We offer EU Model Clauses, also known as Standard Contractual Clauses, to meet the adequacy and security requirements for our Organizations that operate in the European Union or whose Authorized Users are located in the European Union.
Individuals located in the EEA have certain statutory rights in relation to their personal information. Subject to any exemptions provided by law, you may have the right to:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information the data controller holds about you and to check that they are lawfully processing it.
- Request correction of the personal information held about you. This enables you to have any incomplete or inaccurate information the data controller holds about you corrected.
- Request erasure of your personal information. This enables you to ask the data controller to delete or remove personal information where there is no good reason for them continuing to process it. You also have the right to ask the data controller to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where the data controller is relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where they are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask the data controller to suspend the processing of personal information about you, for example if you want them to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party.
How you can access, correct, and delete your information. It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.
You and your Organization (if applicable) may access, correct and delete information that you have uploaded to the Site through your use of the Services by logging into the Site and using the tools within the account profile page. If you are not able to do so using the tools provided, you should contact us at email@example.com and we will forward your request on to your Organization where appropriate. For individual users of the Site who are not Authorized Users, you can email us at firstname.lastname@example.org to request access to, correct or delete (if applicable) any of your personal information.
If you delete your User Contributions from the Site, copies of your User Contributions may remain viewable in cached and archived pages or might have been copied or stored by other Site users. Proper access and use of information provided on the Site, including User Contributions, is governed by our Terms of Service https://www.campusgroups.com/terms.
To access any of the other rights set out above, please contact us at email@example.com. We will forward your request to your Organization where appropriate.
ADDITIONAL RIGHTS OF CALIFORNIA RESIDENTS
Under California Civil Code Section 1798.83 you may request certain data regarding CampusGroups disclosure, if any, of personal information to third parties for the third parties' direct marketing purposes. To make such a request, please send an e-mail message to firstname.lastname@example.org with "Request for California Privacy Information" in the subject line of your email. You may make such a request up to once per calendar year. If applicable, we will provide you, by e-mail, a list of the categories of personal information disclosed to third parties for their direct marketing purposes during the immediately preceding calendar year, along with the third parties & names and addresses. Please note that not all personal information sharing is covered by Section 1798.83&s requirements.
ADDITIONAL INFORMATION FOR STUDENTS OF UNITED STATES SCHOOLS GOVERNED BY THE FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT OF 1974 (“FERPA”)
If your School is subject to FERPA, it may have shared certain Data with us as permitted under FERPA. To get more information about whether your School is governed by FERPA, please visit the homepage of your School. To review a copy of our FERPA Statement, please click here: https://www.campusgroups.com/terms?view=ferpa
We have implemented appropriate security measures designed to prevent your personal information from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know
All data we collect is stored securely on our servers. Firewalls are in place exposing only the necessary services to the Internet as well as between our servers. All information transmitted between your browser and our servers is encrypted using industry standard security protocols such as TLS 1.2
We have put in place procedures to deal with any suspected personal data breach and will notify you or your Organization (if applicable) and any relevant data protection regulator of a breach where we are legally required to do so.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Site and the Services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. We urge you to be careful about giving out information in public areas of the Site. The information you share in public areas may be viewed by any user of the Site.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Site. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Site.
LINKS TO OTHER WEBSITES
Our Site may contain links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Site, we encourage you to read the privacy notice of every website you visit.
16 OR UNDER
Our Site is not intended for children under 16 years of age. If you are under 16, do not use or provide any information on the Site. If we learn we have collected or received personal information from a child under 16 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 16, please contact us at email@example.com.
HOW TO CONTACT US
DATA PROTECTION OFFICER
HOW TO COMPLAIN
We hope that we can resolve any query or concern you raise about our use of your personal information. In addition, for users located in the EEA, you have the right to make a complaint at any time with your local data protection authority, or the relevant data protection authority in the country where any alleged infringement of data protection laws occurred.