Effective Date: Jan 1, 2020.
To download a copy of this policy, click here.
A previous version of this policy, dated June 18, 2018, can be downloaded here.
I. Introduction and Overview
II. Information Collection
A. Information You Provide to Us
We collect information you provide directly to us via the Service. For example, we collect information when you register an account, provide your enrollment goals, update your college profile information, place an order with us, contact customer support, or otherwise communicate or transact with us through the Service.
The information we collect may include Personal Information. “Personal Information” is information that can be used to identify you and/or any other individuals (whether alone or in combination), such as your first and last name, email address, phone number, billing address, shipping address, payment card information, and any other information you choose to provide. You may choose to voluntarily submit certain other information to us through the Service, including Personal Information, but you are solely responsible for your own Personal Information in instances where we have not requested that you submit such information to us.
In addition, Personal Information, including without limitation, Personal Profile Information, once “de-identified” (i.e., the removal, obscuring or modification of personal identifiers to make data no longer personally identifiable, including through anonymization, pseudonymization or hashing) is also non-Personal Information and may be used and shared without obligation to you, except as prohibited by applicable law. We make no assurances that the de-identified data is no capable of re-identification.
B. Information We Collect Automatically.
The methods that may be used on the Service to collect Usage Information include:
- Log Information: Log information is data about your use of the Service, such as IP address, browser type, Internet service provider, referring/exiting pages, operating system, date/time stamps, and related data, which may be stored in log files or otherwise.
- Information Collected by Cookies and Other Tracking Technologies: Cookies, web beacons (also known as “tracking pixels”), embedded scripts, location-identifying technologies, fingerprinting, device recognition technologies, in-app tracking methods and other tracking technologies now and hereafter developed (“Tracking Technologies”) may be used to collect information about interactions with the Service or emails, including information about your browsing and activity behavior.
- Cookies: A cookie is a small text file that is stored on a user’s device which may be session ID cookies or tracking cookies. Session cookies make it easier for you to navigate the Service and expire when you close your browser. Tracking cookies remain longer and help in understanding how you use the Service, and enhance your user experience. Cookies may remain on your hard drive for an extended period of time. If you use your browser’s method of blocking or removing cookies, some, but not all types of cookies may be deleted and/or blocked and as a result, some features and functionalities of the Service may not work. A Flash cookie (or locally shared object) is a data file that may be placed on a device via the Adobe Flash plug-in that may be built-in to or downloaded by you to your device. HTML5 cookies can be programmed through HTML5 local storage. Flash cookies and HTML5 cookies are locally stored on your device other than in the browser, and browser settings won’t control them. To identify certain types of locally shared objects on your computer, visit your settings and make adjustments. The Service may associate some or all of these types of cookies with your devices.
- Web Beacons (“Tracking Pixels”): Web beacons are small graphic images, also known as “Internet tags” or “clear gifs,” embedded in web pages and email messages. Web beacons may be used, without limitation, to count the number of visitors to our Service, to monitor how users navigate the Service, and to count how many particular articles or links were actually viewed.
- Embedded Scripts: An embedded script is programming code designed to collect information about your interactions with the Service. It is temporarily downloaded onto your computer from our web server, or from a third party with which we work, and is active only while you are connected to the Service, and deleted or deactivated thereafter.
- Location-identifying Technologies: GPS (global positioning systems) software, geo-filtering and other location-aware technologies locate (sometimes precisely) you for purposes such as verifying your location and delivering or restricting content based on your location.
- Fingerprinting: Collection and analysis of information from your device, such as, without limitation, your operating system, plug-ins, system fonts and other data, are for purposes of identification and/or tracking.
- Device Recognition Technologies: Technologies, including application of statistical probability to data sets, as well as linking a common unique identifier to different device use (e.g., Facebook ID), attempt to recognize or make assumptions about users and devices (e.g., that a user of multiple devices is the same user or household).
- In-app Tracking Methods: There are a variety of Tracking Technologies that may be included in mobile applications, and these are not browser-based like cookies and cannot be controlled by browser settings. Some use device identifiers, or other identifiers such as “Ad IDs” to associate app user activity to a particular app.
We are giving you notice of the Tracking Technologies and your choices regarding them explained in the “Analytics Services, Advertising, and Online Tracking” and “Your Choices” sections below, so that your consent to encountering them is meaningfully informed and to track user activity across apps.
C. Information from Other Sources
III. Use of Information
- Register and service your account;
- Fulfill, confirm, and communicate with you regarding your transactions and data delivery;
- Respond to your comments, questions, and requests, and provide customer service;
- Send you technical notices, updates, security alerts, information regarding changes to our policies, and support and administrative messages;
- Prevent and address fraud, breach of policies or terms, and threats or harm;
- Monitor and analyze trends, usage, and activities;
- Conduct research, including focus groups and surveys;
- Improve our Service or other NRCCUA websites, applications, marketing efforts, products and services; and
- Send you advertisements and communicate with you regarding our and third-party products, services, offers, promotions, rewards and events we think you may be interested in (for information about how to manage these communications, see “Your Choices” below).
We may also use enrollment data provided by you as set out in our Enrollment Agreement.
IV. Sharing of Information
Our agents, vendors, consultants, and other service providers (collectively “Service Providers”) may receive, or be given access to your information, without limitation, Personal Information and Usage Information, in connection with their work on our behalf. We may also share information about you as follows:
- To comply with the law, law enforcement or other legal process, and except as prohibited by applicable law, in response to a government request;
- To protect the rights, property, life, health, security and safety of us, the Service or any third party;
- In connection with, or during negotiations of, any proposed or actual merger, purchase, sale or any other type of acquisition or business combination of all or any portion of our assets, or transfer of all or a portion of our business to another company;
- With our affiliates for internal business purposes, such as updating your institution’s profile on affiliate online services and delivering college matches to users of our affiliate online services;
- With our affiliates, business partners, and other third parties for their own business purposes, including direct marketing purposes (California residents have certain rights set forth in “Your California Privacy Rights” below);
- With your consent or at your direction.
Without limiting the foregoing, in our sole discretion, we may share aggregated information which does not identify you or de-identified information about you with third parties or affiliates for any purpose as permitted by applicable law. Without limiting the generality of the foregoing, we and third parties may convert your Personal Information to non-Personal Information, including without limitation through hashing it or substituting a unique identifier for the Personal Information and we and third parties may use and share that data as permitted by applicable law, including to match data attributes from other sources and to send targeted advertisements. For your options regarding targeted advertising, see Section IX.C. For such practices by third parties, consult their privacy policies.
V. Sweepstakes, Contests, Promotions
We may offer sweepstakes, contests, surveys, and other promotions (each, a “Promotion”) jointly sponsored or offered by third parties that may require submitting Personal Information. If you voluntarily choose to enter a Promotion, your Personal Information may be disclosed to third parties for administrative purposes and as required by law (e.g., on a winners list). By entering, you agree to the official rules that govern that Promotion, and may, except where prohibited by applicable law, allow the sponsor and/or other parties to use your name, voice and/or likeness in advertising or marketing materials.
VI. Information You Disclose Publicly or to Others
The Service may permit you to submit ideas, photographs, user profiles, writings, music, video, audio recordings, computer graphics, pictures, data, questions, comments, suggestions or other content, including Personal Information for public availability (collectively, “User Content”), such as on message boards, and in association with your account. We or others may store, display, reproduce, publish, distribute or otherwise use User Content online or offline in any media or format (currently existing or hereafter developed) and may or may not attribute it to you. Please keep in mind that if you share User Content, others have the ability to access and share it with third parties. NRCCUA is not responsible for the privacy, security, accuracy, use, or misuse of any User Content that you disclose or receive from third parties via our Service. See also the section on Third-Party Services and Social Features below.
VII. Third-Party Services and Social Features
Our Service includes hyperlinks to, or may include on or in connection with our Service, websites, locations, platforms, or services operated by third parties (“Third-Party Service(s)“). These Third-Party Services may use their own cookies, web beacons, embedded scripts, location-identifying technologies, in-app tracking methods, and other Tracking Technologies to independently collect information about you and may solicit Personal Information from you.
VIII. Analytics Services, Advertising, and Online Tracking
Some information about your use of the Service and certain third-party services may be collected using Tracking Technologies across time and services and used by NRCCUA and third parties for purposes such as to associate different devices you use, and deliver relevant and retargeted ads (“Interest-based Ads”) and/or other content to you on the Service and certain third-party services.
Your browser settings may allow you to automatically transmit a “Do Not Track” signal to online services you visit. Note there is not yet an industry consensus as to what site and app operators should do with regard to these signals. Accordingly, we do not monitor or take action with respect to “Do Not Track” signals or other mechanisms. For more information on “Do Not Track,” visit http://www.allaboutdnt.com.
You may have certain choices regarding Tracking Technologies as explained in the next section.
IX. Your Choices
A. Accessing and Changing Information
You may access, review, correct, and update certain account information you have submitted to us by contacting us here. We will make a good faith effort to make the changes in NRCCUA then-active databases as soon as practicable, but it may not be possible to completely change your information. We reserve the right to retain data as required by applicable law; and for so long as reasonably necessary to fulfill the purposes for which the data is retained as permitted by applicable law (e.g., business records).
B. Tracking Technologies Generally
Regular cookies may generally be disabled or removed by tools available as part of most commercial browsers, and in some instances blocked in the future by selecting certain settings. Browsers offer different functionalities and options so you may need to set them separately. Also, tools from commercial browsers may not be effective with regard to Flash cookies (also known as locally shared objects), HTML5 cookies or other Tracking Technologies. For information on disabling Flash cookies, go to Adobe’s website http://helpx.adobe.com/flash-player/kb/disable-third-party-local-shared.html. Please be aware that if you disable or remove these technologies, some parts of the Service may not work and that when you revisit the Service, your ability to limit browser-based Tracking Technologies is subject to your browser settings and limitations. With respect to our mobile applications, you can stop all collection of information via the app by uninstalling the app. Also, you may be able to exercise specific privacy choices, such as enabling or disabling certain location-based services, by adjusting the permissions in your mobile device.
C. Analytics Services and Interest-based Ads
Certain companies may participate in the Digital Advertising Alliance (“DAA“) AdChoices Program and may display an Advertising Option Icon for Interest-based Ads that links to an opt-out tool which allows you to exercise certain choices regarding targeting. You can learn more about the DAA AdChoices Program at http://www.youradchoices.com/ and its opt-out program for mobile apps at http://www.aboutads.info/appchoices. In addition, certain advertising networks and exchanges may participate in the Network Advertising Initiative (“NAI”). NAI has developed a tool that allows consumers to opt out of certain Interest-based Ads delivered by NAI members’ ad networks. To learn more about opting out of such targeted advertising or to use the NAI tool, see http://www.networkadvertising.org/choices/. Please be aware that such opt-outs do not affect non-targeted ads. We are not responsible for the effectiveness of, or compliance with, any third-parties’ opt-out options or programs or the accuracy of their statements regarding their programs. However, we support the ad industry’s 2009 Self-regulatory Principles for Online Behavioral Advertising available at http://www.iab.net/media/file/ven-principles-07-01-09.pdf and expect that ad networks NRCCUA directly engages to serve you Interest-based Ads will do so as well, though we cannot guaranty their compliance.
You can opt out of receiving certain promotional communications (e.g., emails, push notifications) from us at any time by (i) for promotional emails, following the instructions as provided in emails to click on the unsubscribe link or by sending an email to us here with the word UNSUBSCRIBE in the subject field of the email; and (ii) for push notifications or in-app messages, adjusting the permissions in your mobile device. Please note that your opt-out is limited to the email address or device used and will not affect subsequent subscriptions or non-promotional communications, such as such as administrative and service announcements.
X. Your California Privacy Rights
California’s “Shine the Light” law permits customers in California to request certain details about how certain types of their information are shared with third parties and, in some cases, affiliates, for those third parties’ and affiliates’ own direct marketing purposes. Under the law, a business should either provide California customers certain information upon request or permit California customers to opt in to, or opt out of, this type of sharing.
NRCCUA provides California residents with the option to opt-out of sharing “personal information” as defined by California’s “Shine the Light” law with third parties for such third parties own direct marketing purposes. California residents may exercise that opt-out, and/or request information about NRCCUA compliance with the “Shine the Light” law, by contacting NRCCUA here, or by sending a letter to NRCCUA, 3651 NE Ralph Powell Road, Lee’s Summit, MO 64064 (Attention: Privacy Coordinator / Legal Compliance). Requests must include “California Privacy Rights Request” in the first line of the description and include your name, street address, city, state, and ZIP code. Please note that NRCCUA is not required to respond to requests made by means other than through the provided email address or mailing address.
Any California residents under the age of eighteen (18) who have registered to use the Service, and who have posted content or information on the Service, can request removal by contacting us here, or by sending a letter to NRCCUA, 3651 NE Ralph Powell Road, Lee’s Summit, MO 64064 (Attention: Privacy Coordinator / Legal Compliance), detailing where the content or information is posted and attesting that you posted it. We will then make reasonable good faith efforts to remove the post from prospective public view or anonymize it so the minor cannot be individually identified to the extent required by applicable law. This removal process cannot ensure complete or comprehensive removal. For instance, third-parties may have republished or archived content by search engines and others that we do not control.
As of January 1, 2020 California state residents have additional protections under the California Consumer Privacy Act (CCPA). Learn more about these rights here.
XI. Children’s Privacy
Our Service is not intended for nor targeted toward children under the age of thirteen (13). We do not knowingly collect personal information as defined by the U.S. Children’s Online Privacy Protection Act (“COPPA”) from children under the age of thirteen (13), and if we learn that we have collected such information, we will delete the information in accordance with COPPA. If you are a child under the age of thirteen (13), you are not permitted to use the Service and should not send any information about yourself to us through the Service. If you are a parent or guardian and believe we have collected information in a manner not permitted by COPPA, please contact us here. California minors should see Section X above regarding potential removal of certain UGC they have posted on the Service.
XII. Data Security
We take reasonable measures to help protect information about you from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. Nevertheless, transmissions via the Internet are not completely secure and we cannot guarantee the security of your information collected through our Service.
XV. Contact Us