Last updated: June 04, 2020 - 5:59:16PM UTC
A Partner Organization is an organization (e.g. your school, employer, credit union, benefits provider, or another entity or person) that entered into an agreement with iGrad to provide (and configure) that organization’s instance of the Services to you, as well as affiliated organizations, such as resellers and/or the sponsor of your instance of the Services.
Usage Data is data that is collected automatically and generated by the use of the Services or from the Services infrastructure itself (for example, the duration of a page visit).
Any third-party websites, software, or applications that may integrate with our Services or perform services for us or on our behalf and require access to your information and/or Usage Data in order to serve their required function.
While using our Services, we may ask you to provide us with certain personally identifiable (directly or indirectly) information that can be used to contact or identify you. This information may also be securely provided to us by your Partner Organization(s), for example, through a Single Sign On (“SSO”) endpoint.
The following is the current list of categories of information, with examples of each, we may collect that you may choose to share with us or your Partner Organization may choose to share with us (please see the section below on How We Use Information for details on how information about you is used):
When you use our Services, we may also collect information regarding how the Services are accessed and used, such as Usage Data (defined above). The information we collect may include information such as your IP address, browser type, browser version, search queries you submit (such as content, scholarships and jobs searches, etc.), the pages of our Services that you visit, the objects you clicked, the content that you viewed, the time and date of your visit, the time spent on those pages, and other diagnostic data. The information we collect may also include geographical data, such as language, country, state, and city.
We also collect content and other information you create or provide while interacting with our Services, such as content that you add to your favorites (e.g., content, courses, scholarships, etc.); content that you found helpful or unhelpful; your course scores and progress; action plan and Money Personality assessments; recommendations delivered via the Financial Wellness Checkup; progress and personalized outputs of interactive exercises and calculators; and questions, answers, and comments you submit in the Community and comment areas of our Services.
We use the collected data for various, legitimate business purposes, such as to provide you with and maintain our Services, to fulfill the agreement entered into with your Partner Organization(s), and/or in adherence with legal obligations. More specifically, we use the information we collect and receive:
Under certain circumstances, we may be required to disclose your information if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
We may disclose your information in the good faith belief that such action is necessary:
We may share your information with Third-Party Services (defined above). Examples may include: using a calculator, email delivery, searching for a job, providing a resume critique, or running analytics on Usage Data. These third parties have access to your information only to perform tasks, such as these, on our behalf and are obligated not to disclose or use it for any other purpose.
When you share your information, such as adding a question or answer to a discussion group, or otherwise interact with community areas of our Services, your information may be viewed by all users, such as your account photo, first name, and/or comments.
We may share your information for other purposes only when you offer your explicit consent.
The security of your data is of the utmost importance to us. iGrad has implemented reasonable organizational, technical, and administrative measures to protect against the loss, misuse, and alteration of personal information about users. As an example of technical measures we have implemented, we use encryption in the transmission of your personal information between your system and ours, and we use firewalls to help prevent unauthorized persons from gaining access to your personal information. However, please remember that no method of transmission over the Internet or method of electronic storage is 100% secure, and the safety and security of your information also depends on you. If you have a password for access to certain parts of our Services, you are responsible for keeping your password confidential. We ask you not to share your password with anyone.
Your information, including personal data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.
If you are a resident of the European Economic Area (“EEA”), you have certain data protection rights under the General Data Protection Regulation (“GDPR”). Subject to any exemptions provided by law, we aim to take reasonable steps to allow you to correct, amend, or delete your personal data. You can usually do this using your Account Settings and/or other features within the Services. You can also contact us at email@example.com to be informed what personal data we hold about you, and/or if you would like us to correct, amend, or delete your personal data.
In certain circumstances, your rights under the GDPR include the following:
Please note that we may ask you to verify your identity before responding to such requests. Please also note that our fulfillment of certain requests, such as requests to delete your information or restrict the processing of your information, may result in us being unable to provide you certain products or services.
You have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement if you think we are processing your personal data not in accordance with the GDPR. For more information, please contact your local data protection authority in the EEA.
Personal Information We Have Collected
Through your interaction with our Services, we collect information that is defined as “personal information” under the CCPA, which is information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device. Personal information does not include publicly available information from government records, deidentified or aggregated consumer information or information excluded from the CCPA’s scope. In particular, we have collected the following categories of personal information about consumers (i.e., California residents) within the last 12 months:
||Examples of Personal Information in the Category:
||Collected (“Yes” or “No”):
|A. Identifiers.||A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.||Yes, we have collected personal information included in this category.|
|B. Personal information categories described in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).||A name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
Please note that some personal information included in this category may overlap with other categories.
|Yes, we have collected personal information included in this category.|
|C. Protected classification characteristics under California or federal law.||Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).||Yes, we have collected personal information included in this category.|
|D. Commercial information.||Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||Yes, we have collected personal information included in this category.|
|E. Biometric information.||Genetic (e.g., DNA), physiological, behavioral, or biological characteristics, imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which an identifier template, such as a faceprint, a minutiae template, or a voiceprint, can be extracted, and keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data.||No, we have not collected personal information included in this category.|
|F. Internet or other similar network activity.||Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.||Yes, we have collected personal information included in this category.|
|G. Geolocation data.||Physical location or movements.||No, we have not collected personal information included in this category.|
|H. Sensory data.||Audio, electronic, visual, thermal, olfactory, or similar information.||No, we have not collected personal information included in this category.|
|I. Professional or employment-related information.||Current or past job history or performance evaluations.||Yes, we have collected personal information included in this category.|
|J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).||Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.||Yes, we have collected personal information included in this category.|
|K. Inferences drawn from other personal information.||Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.||Yes, we have collected personal information included in this category.|
Our Use and Disclosure of Personal Information
Our use and disclosure of personal information is discussed above in the “How We Use Information” and “How We Share and Disclose Information” sections. To summarize, we may use or disclose the personal information we collect for one or more of the following purposes:
We will not collect additional categories of personal information or use or disclose the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
Our Sharing of Personal Information
We may share your personal information with a third party for a business purpose. When we share personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract. We share your personal information with the categories of third parties described above in the “How We Share and Disclose Information” section.
Sharing of Personal Information for a Business Purpose:
In the preceding twelve (12) months, we have shared the following categories of personal information (referenced above) for a business purpose:
Category A: Identifiers.
Category B: California Customer Records personal information categories.
Category C: Protected classification characteristics under California or federal law.
Category D: Commercial information.
Category F: Internet or other similar network activity.
Category I: Professional or employment-related information.
Category J: Non-public education information.
Category K: Inferences drawn from other personal information.
We have shared personal information for a business purpose with each of the above-listed categories of third parties, namely: Partner Organizations; Third Party Services; career services companies; and web analytics companies.
No Sales of Personal Information:
In the preceding twelve (12) months, we have not sold personal information.
Your Rights Under the CCPA
The CCPA provides consumers (California residents) with specific rights regarding their personal information, as we describe further below.
Information Access and Portability Rights:
As a California resident, you have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. If we receive and confirm a verifiable consumer request from you (see “Exercising Access, Portability, and Deletion Rights” below), we will disclose the following to you consistent with the CCPA:
Deletion Requests Rights:
As a California resident, you have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. If we receive and confirm a verifiable consumer request from you (see “Exercising Access, Portability, and Deletion Rights” below), we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. We may deny your deletion request if maintaining the information is necessary for us or our service provider(s) to:
Exercising Access, Portability, and Deletion Rights:
If you have an account with us, you may be able to exercise the personal information access, portability, and deletion rights described above within your Account Settings. Otherwise, to exercise these rights, please submit a verifiable consumer request to us by email at: firstname.lastname@example.org.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must (a) provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, and (b) describe your request with sufficient detail to allow us to properly understand, evaluate, and respond to it. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
Making a verifiable consumer request does not require you to create an account with us. However, we do consider requests made through your password protected account (within the Account Settings, as described above) sufficiently verified when the request relates to personal information associated with that specific account.
We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
Our Responses to Access, Portability and Deletion Requests:
We endeavor to respond to a verifiable consumer request within forty-five (45) days of receipt. If we require more time, we will inform you of the reason and extension period in writing.
If you have an account with us, we may deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding our receipt of the verifiable consumer request. If we cannot comply with a request, the response will explain the reasons we cannot comply. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to easily transmit the information from one entity to another entity.
We do not charge a fee to process or respond to a verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that a request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not do any of the following:
Notice at Collection of Personal Information
The purpose of this “Notice at Collection of Personal Information” section is to provide you, as a California resident, with timely notice (at or before the point of collection) about the categories of personal information we collect from you and the purposes for which the personal information will be used.
The categories of personal information about you that we may collect are the following:
Other California Privacy Rights
If you are a resident of California, you have the right to request information from us pursuant to California Civil Code Section 1798.83 (California’s “Shine the Light” law) regarding the manner in which we share certain categories of personal information with third parties for their direct marketing purposes. You can email us at email@example.com if you would like to request this information.
2163 Newcastle Avenue, Suite 100
Cardiff-By-The-Sea, CA 92007