Last updated 12/16/2019
Intersect Privacy Policy
This Privacy Policy is intended to inform visitors to Intersect by Hobsons (“Intersect”), owned and operated by Hobsons, Inc., about how Hobsons, Inc. may collect, use, and disclose your personal information. By accessing or using Intersect, you acknowledge that you have read and understood this Privacy Policy.
Intersect is a web and mobile-based college admissions platform that is sold to higher education institution customers. It is designed to help our customers provide information to, and receive information provided by, high school staff and students who are using the Naviance platform. Intersect also includes access to a “Counselor Community”, which allows high school and higher education staff to create individual profiles, search and connect with other staff, post and reply to content, and participate in group discussions.
Contents
· Personal Information Collection and Processing Overview
o Information Customers Provide
o Information Users Provide
o Intersect Usage Information and Cookies
· How We Use and Disclose Personal Information
· Links
· Security
· Contact
“Administrative Users” means Users who are associated with a Customer account and have responsibility for managing information about the Customer institution within Intersect.
“Customers” means higher education institutions who have a contractual agreement in place with, and subscribe to, Intersect by Hobsons.
“Naviance” means the college and career readiness platform also provided by Hobsons, owner of Naviance, Inc., the details of which can be found here.
“Personal Information” means any information relating to an identified or identifiable natural person.
“Users” and “your/you” means Administrative Users, higher education and high school staff members from Intersect Customers, high school staff members from Naviance customer institutions who access Intersect, higher education institution employees who have created a free account within the Intersect platform to access limited features and/or who participate in the Counselor Community.
Personal Information Collection and Processing Overview
When we provide services to you as a Customer or a User accessing Intersect through a Customer account, under the European Union General Data Protection Regulation (GDPR), we function in the capacity of a “data processor.” In those circumstances, our processing of your personal information is governed by this Privacy Policy as well as the contractual agreement with the Customer.
When you access limited Intersect features through a free account, we function as a “data controller” under the GDPR. We also function as a data controller when we process certain Personal Information in the event that we send marketing materials or communications to existing Users.
As a User, you may provide Personal Information to us when you visit and engage with Intersect. In some cases, we will ask for your consent so that we may process your Personal Information. In other circumstances, we may rely on a different lawful basis, as explained in the section, “How We Use and Disclose Personal Information.”
We may collect and process all or some of the following Personal Information about you which you may provide directly or which may be provided by Customers.
Information Customers Provide
When Higher Education Customers decide to use Intersect, they provide the following information to generate User accounts.
· The Customer’s primary account representative submits information including their first and last name, email address and institution name. This information is used to create their administrative User account.
· Authorized administrative Users (“Administrative Users”) may generate additional User accounts by entering the first and last name and email address for other staff at the Customer institution.
Customers may also provide the following non-personal information if they have chosen to purchase the listed services:
· Intersect Awareness: Customers may provide content about their institution (for example, photos, videos, links, and testimonials) to be published to their institution’s profile in Naviance and the Counselor Community.
· Intersect Advanced Awareness: Customers may define recruiting profiles for student audiences (for example, location, academic profile, or demographics). Customers may provide information related to general student interests (for example, majors and programs of interest or colleges of interest) to be accessible by students who meet the Customer’s recruiting profiles.
· Intersect Presence: Customers may provide event details (for example, event name, location, and recommended audiences) to be published within Naviance for students.
· Intersect Connection: Customers may define recruiting profiles for student audiences (e.g. location, academic profile, or demographics).
o Customers purchasing Intersect Connection may receive inquiries from interested students that include the following student information: name, email, phone, address, gender, birthday, GPA, ethnicity, programs of interest, school attended.
Information Users Provide:
Users create their profile by submitting this minimally required information:
o Institution of Employment
o Email Address
o Phone Number
o Job Title
o User Name
o Password
Additional information Users would like to include in their profile is at their discretion and may include, but is not limited to:
o Personal Email
o Office Phone
o Mobile Phone
o General Description of Population Served (Territory)
o Profile Picture of User
o Alma Mater
o Biography
Users can control whether or not their profile is made visible to other Users and may choose which information they want to share with either all Users, or just with Users they have chosen to connect with. At a minimum, Users must provide first name, last name and institution for a profile that is visible to other Users.
Users may choose to provide additional information and content when participating in the Counselor Community feature and discussions with other Users.
Administrative Users may also share or publish information on behalf of and about their institution to be displayed in the Counselor Community and in Naviance. This information is separate from any User profile and may not be made private.
o For high schools, this may include aggregated, deidentified information about their general student population, such as the college-going rate, number of students in each grade level and general student population demographics.
o For higher education institutions, this may include admission policies, student demographics, or institution contact information.
This information is provided to Intersect in a deidentified state. Intersect does not allow Users to share identifiable student information on the platform.
Intersect Usage Information and Cookies:
When using Intersect, our servers automatically collect the Internet Protocol (“IP”) address associated with the User’s computer. We may also collect additional information such as login timestamp, the browser type and version, and the operating system of the computer. This information is logged to help us to diagnose technical problems and to administer Intersect.
To collect information about the use of Intersect, we use cookies. Cookies are small data files sent by a website or application and stored on the computer or device at the request of that site or app. Cookies store information related to the browser to enable us to recognize the browser on return visits to Intersect and to remember your preferences.
We use cookies to:
· Remember that a User has already given a user name and password, so that they do not need to input every time they move from one web page to another within Intersect.
· Keep track of preferences Users specify while they are using Intersect
· Estimate and report our total audience size and traffic.
· Gather information on how Intersect is used to help us improve the way Intersect works and our service to Users.
Most browsers have settings that allow you to delete some cookies, to stop accepting cookies or to prompt you before accepting a cookie. To learn more about browser cookies, including how to manage or delete them, look in the Tools, Help or similar section of your web browser.
Third Party Cookies on Intersect
We use a variety of third parties to collect, track and analyze usage and statistical information from users, such as the user's browser type, operating system, browsing behavior and demographic information.
A list of companies that use cookies on Intersect is included in
our Cookie Policy. The list includes a description of what services third parties
perform on our site, the types of data they collect, and a link to applicable
privacy documents from those parties. To learn more about browser cookies,
including how to manage or delete them, look in the “Tools”, “Help”,
“Settings”, “Internet Options” or similar section of your web browser.
How We Use and Disclose Personal Information:
WE DO NOT SELL OR RENT DATA. We do not disclose, distribute, access or reference Customer or User personal information except as noted at the time that we request the information, when Users choose to connect with other Users, make their profiles visible and share their information, when Users post in public forums, or in the following circumstances:
· To generate and manage log-in credentials: to create the Customer account, provide log in credentials, authenticate Users, maintain and administer Intersect and the Customer and User accounts.
Legal basis: legitimate interests (to enable us to perform our obligations and provide access to Intersect and our services to you);
· To provide and ensure the quality and security of Intersect: to maintain and administer Intersect and the Customer and User accounts, to ensure service quality, and to ensure the security of Intersect and our associated services, including provision of support, services and security by our third party providers.
Legal basis: legitimate interests (to enable us to perform our obligations and provide access to Intersect and our services to you);
· To communicate effectively with Customers and Users: including to respond to queries, resolve a problem or support issue, notify about changes to the services, and to otherwise communicate and solicit feedback on your product experience.
Legal basis: legitimate interests (to enable us to perform our obligations and provide access to Intersect and our services to you);
· In relation to a known or suspected violation of our terms of use, fraud prevention or other unlawful use: including to share Personal Information with entities assisting us in investigation and as may be required by applicable law.
Legal bases: legal obligations, legitimate interests (to allow us to ensure the legality of Intersect and our services).
· With your consent, to provide you with marketing materials: to provide you with updates and offers about our products and services, where you have chosen to receive these. At anytime you may unsubscribe or opt-out of further communication on any electronic marketing communication by using the link labeled “unsubscribe” available in each email communication or by contacting us at [email alias].
Legal basis: consent.
· In the event of a reorganization, merger, sale, assignment, bankruptcy, or similar business change: we may need to transfer your Personal Information to that re-organized entity or new owner after the sale or reorganization for them to use in accordance with this policy.
Legal basis: legitimate interests (in order to allow us to change our business);
· In connection with legal or regulatory obligations: We may use and disclose your Personal Information as necessary to protect our rights or the rights and safety of our Customers and Users, or as necessary in the event of a court order, regulatory inquiry or other lawful request. Provided, however, that unless legally prohibited, we will direct any such request to you or notify you before responding unless to do so would prejudice the prevention or detection of a crime.
Legal bases: legal obligations, legitimate interests (to cooperate with law enforcement and regulatory authorities).
We may create de-identified data from Customer and User information by removing data components that make the information personally identifiable to you and your institution, and through deletion, obfuscation or other means. We may use this data for a variety of purposes subject to applicable law, including, but not limited to developing and improving our products and services and demonstrating the effectiveness of our products, including in our marketing of those products.
We may work with third party service providers to facilitate delivery of certain Intersect features on our behalf. These providers may require a limited amount of information, including Personal Information, in order to deliver the services. We do not disclose more Personal Information than is necessary for a third party to provide a feature on our behalf, and all third parties agree to handle information they may receive in compliance with this Privacy Policy. Third parties may only use Personal Information for the sole purpose of providing their services to us.
Intersect allows Customers and Users to post links to their institution websites. We do not control, and therefore are not responsible for, the content or privacy practices of those websites. Those websites are governed by their own privacy policies, and we encourage Customers and Users to read them.
We are committed to protecting the security, integrity and confidentiality of the data through the use of physical, technical and administrative safeguards. Intersect uses Transport Layer Security (TLS) encryption and server authentication technology to protect data when Intersect is accessed using a supported web browser.
We host the data in secure cloud-based environments that use a firewall and other industry-standard technology in an effort to prevent interference or access from outside intruders. We also require unique account identifiers, user names, and passwords that must be entered each time Customers or Users sign on to Intersect. The Internet, however, is not perfectly secure and we are not responsible for security breaches not reasonably within our control.
We require that Customers and Users maintain the confidentiality of their user names and passwords. If Customers or Users become aware of any unauthorized use of an account, loss of their account credentials or suspect a security incident, they should notify us immediately at infosec@hobsons.com.
We retain User’s Personal Information held in Customer accounts for as long as the Customers have active agreements for Intersect. After termination of an agreement, we will retain Customer data for 18 months for the convenience of Customers, so that they may retain continuity of their experience should they choose to reengage with Intersect. At the end of the data retention period, we securely delete and destroy the Personal Information associated with a Customer account in Intersect. We may retain certain Customer information for lawfully required business record keeping purposes, however this does not include User information.
At any time upon termination of an agreement or otherwise at their discretion, Customers may submit a written request to support@intersect.hobsons.com to have the Personal Information provided to Intersect deleted. We will endeavor to respond to such written requests within (30) days.
In all other circumstances, we retain Personal Information for as long as is necessary for the processing purpose(s) for which the information was collected, and any other permissible, related purpose.
If a User has posted information about their institution, that information will be retained. If a Customer would like information removed from their institution page, they may do so directly through Intersect or by sending us a written request to support@intersect.hobsons.com. We will endeavor to respond to such written requests within 30 days.
When the agreement with a Customer terminates, Users may choose to retain their individual accounts by agreeing to the Terms of Use and this Privacy Policy. In addition, individuals may access Intersect through an existing Naviance account, or they may sign up directly with Intersect for an individual account. After eighteen (18) months of inactivity in any such account, we will terminate the account and delete the Personal Information.
Note that deleting Personal Information from our server will not delete information that Users have posted within message boards or in other community areas, and such posts will persist as long as the message board or community area remains active. However, Users may delete their posts directly, or a Customer or User may send us a written request to support@intersect.hobsons.com to have all of their user posts deleted. We will comply with such written requests within 30 days.
Notwithstanding the above, we do retain non-personal information, including aggregated, de-identified data for the purposes described in the section titled, “How We Use and Disclose Information.”
Opt-Out Policy: We send emails to Customers and Users with information about our products and services that we believe may be of interest when they have opted in to receive such emails. Customers and Users may opt out of receiving email messages from Intersect by contacting us at support@intersect.hobsons.com or by clicking on the “unsubscribe” link found at the bottom of every email that we send. If Customers have opted out of receiving communications from us, we may still send essential communications regarding Intersect to Customers’, such as password change messages.
We do not send email messages on behalf of third parties.
|
Notice For California Residents California residents have certain rights with respect to their personal information, as described below. Before we may fulfill your requests, we are required by law to verify your identity in order to prevent unauthorized access to your data. This may require us to verify your identity via the registered email on your account.
We Don’t Sell Your Personal Information.
Right to Know and Access Information: You may access information we maintain about you using the methods provided below . If we grant your request, we will provide you with a copy of the personal information we maintain about you in the ordinary course of business. This may include what personal information we collect, use, or disclose about you. We may not fulfill some or all of your request to access as permitted by applicable law.
Deletion of Information: You may request that we delete your personal information. Depending on the scope of your request, we may refrain from granting your request, as permitted by applicable law. For example, we may be legally required to retain your information in our business records. You may submit a deletion request using the methods provided below.
Authorized Agent: California residents may use an authorized agent on their behalf to exercise a privacy right discussed above. If you are an authorized agent acting on behalf of a California resident to communicate with us or to exercise a privacy right discussed above, you must be able to demonstrate that you have the requisite authorization to act on behalf of the resident and have sufficient access to their laptop, desktop, or mobile device to exercise these rights digitally. If you are an authorized agent trying to exercise rights on behalf of a Camino user, please contact us at the contact information below with supporting verification information, which includes a valid Power of Attorney in the State of California, proof that you have access to the consumer’s interface, and proof of your own identify.
|
If you are using Intersect through a Customer account, please contact the Customer to exercise your rights, and we will work with them to facilitate your request.
Otherwise, you may exercise the rights described above by going here or by contacting us using the information below. Should you have any questions or concerns regarding your California rights or this privacy policy, you may contact us using the contact information below.
Attn: Intersect Support, 400 E Business Way, Ste 400, Cincinnati OH 45241
1.866.782.7035 option #2
Please note that your exercise of the above rights is subject to certain exemptions to safeguard the public interest (e.g., the prevention or detection of crime) and our interests (e.g., the maintenance of legal privilege). We will try to comply with your request as soon as reasonably practicable. Requests to exercise these rights may be granted in whole, in part, or not at all, depending on the scope and nature of the request and applicable law. Where required by applicable law, we will notify you if we reject your request and notify you of any reasons we are unable to honor your request.
Non-discrimination: We shall not discriminate or otherwise penalize anyone for exercising their rights under this Privacy Policy.
|
Categories of Personal Information we collect |
· Identifiers such as a real name, unique personal identifier, online identifier, Internet Protocol address, email address, account name, phone number, photo and bio · Personal Information described in subdivision (e) of California Business and Professions Code Section 1798.80: name, phone number · Internet or other electronic network activity information regarding your interaction with Intersect. |
|
Categories of sources from which the Personal Information is collected |
· We collect the Personal Information directly from you or from your educational institution. |
|
Business or commercial purpose for collecting or selling Personal Information |
We collect your Personal Information to provide the services and for the following business purposes: · Performing services in accordance with our contract with the Customer and the terms of use including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, and processing payments. · Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity. · Debugging to identify and repair errors that impair existing intended functionality. · Sending you marketing communications if you have consented to receive such information. |
|
Categories of third parties with whom we share Personal Information |
We do not share your Personal Information with “third parties” as the term is defined in CCPA. That is, we do not share your Personal Information with individuals or organizations to use for their own commercial purposes.
We disclose your personal information only to service providers who support us in delivering the services as described above. We have a written contract with all such third parties that prohibit each from (i) selling the Personal Information; (ii) retaining, using, or disclosing the Personal Information for any purpose other than for the specific purpose of performing the services specified in the contract, including retaining, using, or disclosing the Personal Information for a commercial purpose; (iii) retaining, using, or disclosing the information outside of the direct business relationship between you and us; and (iv) includes a certification made by the person receiving the personal information that the person understands the restrictions above and will comply with them. |
|
Specific pieces of Personal Information we have collected |
The Customer’s primary account representative: first and last name, email address and institution name Administrative Users: first and last name and email address for other staff at the Customer institution Users: First Name and Last Name, Institution of Employment, Email Address, Phone Number, Job Title, User Name, Password, IP Address, Device ID Users Optional Information: Personal Email, Office Phone, Mobile Phone, General Description of Population Served (Territory), Profile Picture, Alma Mater, Biography, additional information and content when participating in community forums and discussions with other Users |
Please note that the rules in your country may provide you with additional rights or may limit these rights. In all cases, our provision of the rights will comply with the applicable laws.
If you are based in the EEA, for example, you may have the right to access, update or correct your Personal Information, to request deletion of such Personal Information, and to object to certain processing, including that related to marketing, to receive a machine-readable copy of the Personal Information concerning you that you provided to us or request us to transfer such data to an applicable third party in certain circumstances.
In addition, where you provided your consent in respect of any processing by us of your Personal Information, you may withdraw such consent by contacting us using the details provided in the “Contact” section. You may also restrict how we use your information whilst a complaint is being investigated.
Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege). If you exercise any of these rights, we will check your entitlement and respond in most cases within a month.
If you are using Intersect through a Customer account, please contact the Customer to exercise your rights, and we will work with them to facilitate your request. Otherwise, to exercise these rights with respect to your Personal Information, please contact us at support@intersect.hobsons.com.
Users may update or change their profile information through their profile page in Intersect. Customers may update or change their institution’s information by contacting us, or in some cases, may update their records through the relevant areas of Intersect. We also provide Customers with a dashboard that allows them to access, modify, and delete their institution data. Customers always have access to their prospective student information that they receive through Naviance, and may modify, delete or download that information at any time. We do not access, use, sell, rent or share student information transferred to Customers through Intersect.
Customers and Users should be aware that if they share information with other Users, we are unable to retrieve that information. In addition, Customers and Users should be aware that if they choose to connect with a postsecondary institution in another country, their data will be subject to the laws of that country.
If you are located outside of the United States, please be aware that your information will be transferred to, processed and stored in the United States.
By submitting your Personal Information, you acknowledge that we may transfer, process and store your data in this way. Wherever the data is, it will be treated securely and in accordance with this Privacy Policy and applicable privacy laws the United States. These laws may be different from the privacy laws in your country. However, this does not change our commitments to safeguard your privacy and we will comply with all applicable laws relating to the cross-border data disclosure of your personal information. Where required, we will implement Standard Contractual Clauses with our third parties or rely on such other transfer mechanism or derogation to ensure that the transfer of your Personal Information outside of the EEA is lawful. You may request details of the transfer mechanisms that we rely on to transfer Personal Information outside of the EEA by emailing us at support@intersect.hobsons.com.
Updates to this Privacy Policy
As our product evolves, we may make changes to this Privacy Policy. The “last updated” note at the top of the relevant policy indicates when it was last revised. We will notify our Customers and all Users with details of any material changes to the Privacy Policy, and such changes will be effective when accepted by Customers on behalf of their employees and when accepted by Users of free accounts. Non-material changes will become effective when we post the revised Privacy Policy.
If you have any questions regarding this Privacy Policy, please contact us at:
Hobsons, Inc.
400 E-Business Way, Suite 400
Cincinnati, OH 45241
Attn: Privacy Office
Email: privacypolicy@hobsons.com
If you have concerns or complaints regarding this Privacy Policy or our data handling procedures, you may have a right to lodge a complaint with a supervisory authority.
Our EU Representative may be reached at dataprotection@dmgt.com and our Data Protection Officer may be reached at privacypolicy@hobsons.com.