Effective Date: June 18, 2018
StudentBridge, Inc. and its affiliates are committed to protecting the privacy of all individuals who visit the StudentBridge Website located at www.studentbridge.com, which includes all subdomains, present and future (the “Website”); and use the StudentBridge Services, as described at www.studentbridge.com. In this policy, the StudentBridge Website and the StudentBridge Services are collectively referred to as the “Services.”
Personal Information StudentBridge May Collect and Use
When Client first registers for a StudentBridge Account, StudentBridge collects some personal information about Client, its Authorized Users, and its Authorized Visitors such as: Client’s full business name, username, and email address; a unique StudentBridge user ID (an alphanumeric string) which is assigned to Client upon registration; Client’s password, in connection with Client’s StudentBridge Account and Client’s log-in facility; full names, usernames, and email addresses of Authorized Users of Client; the geographic area where Client’s computer and mobile devices and the mobile devices of Client’s Authorized Visitors are used; other optional information as part of Client’s StudentBridge Account profile.
Client may offer links to a third-party from its online applications generated by its StudentBridge Account so that an Authorized Visitor may connect to other third-party services or software, and StudentBridge may access other information related to Authorized Visitors’ social profiles. When that occurs as a first instance, a prompt will inform Client, its Authorized User, or Authorized Visitor of the details that will be accessible by StudentBridge.
When creating a StudentBridge account for Paid Services, StudentBridge collects Client’s credit card or ACH information, billing address, and such other information as is required to complete a commercial transaction on the StudentBridge site.
As a registered Client of StudentBridge, StudentBridge may also collect the following information about Client, its Authorized Users, or Authorized Visitors: full names, social media names, email addresses, general profile information, and academic information of Authorized Visitors; information posted by Client, its Authorized Users, or Authorized Visitors in the form of messages, conversations, or contributions to discussions; documents, images or other files that may be transmitted or published by Client, its Authorized Users, or Authorized Visitors via Services; information StudentBridge may receive relating to communications sent by Client, its Authorized Users, or Authorized Visitors, such as queries or comments concerning the StudentBridge Services; information relating to the real time location of a relevant computer or mobile device, but only where such relevant computer or mobile has been enabled to send StudentBridge location information
StudentBridge uses the collected information for the following general purposes:
- to identify Client or its Authorized Users logged in to Client’s StudentBridge Account
- to enable StudentBridge to provide the Services to Client, its Authorized Users and Authorized Visitors
- to verify transactions Client makes and for billing, security, and authentication
- to analyze the Website, Services and StudentBridge users, including research into StudentBridge user demographics and user behavior in order to improve the StudentBridge content and Services
- to contact Client about its account and provide support
- to share aggregate (non-identifiable) statistics about users of the StudentBridge Services to prospective advertisers and partners
- to keep Client informed of information about the StudentBridge Services that Client may find useful or which Client has requested from StudentBridge, provided Client has indicated it would like to be contacted for these purposes
By submitting information to StudentBridge when registering, Client consents to the use of the information for these purposes.
StudentBridge may gather Personal Information about users via various methods (phone, email, online forms, in-person meetings) but only if such Personal Information is submitted voluntarily. StudentBridge may use such Personal Information for sales, marketing, and support of the StudentBridge Services. This Personal Information is never shared with third parties.
System and Device Information
StudentBridge automatically collects and receives certain information from the computer or mobile device of Client, Authorized Users, and Authorized Visitors, including the activities performed on the StudentBridge Website, the type of hardware and software being used (for example, the operating system or browser), and information obtained from cookies (see “Cookies and Related Technologies” below). For example, each time Client, an Authorized User, or an Authorized Visitor visits the Website or otherwise uses the Services, StudentBridge automatically collects the IP address, browser and device type, access times, the web page from which the user came, the regions from which the user navigated the web page, and the web page(s) the user accessed (as applicable) (collectively referred to as “traffic data”). StudentBridge may link this traffic data to Client’s unique StudentBridge user ID to better understand Client’s needs and the needs of Users in the aggregate, diagnose problems, analyze trends, provide services, improve the features and usability of the Services, and better understand and market to StudentBridge customers and website users.
StudentBridge also makes use of non-identifiable information gathered for statistical purposes to keep track of the number of visits to the Services and Website pages with a view to introducing improvements and improve usability of the Services. StudentBridge may share this type of statistical data so that its partners also understand how often people use the Services, so that they, too, may provide Client with an optimal experience. Client’s IP address and other relevant non-identifiable information may be used in order to trace any fraudulent or criminal activity or any activity in violation of the Terms.
Cookies and Related Technologies
1) Session Cookies - The Services use “session cookies,” which improve the user experience by storing certain information from a user’s current visit on the user’s device, such as login information. These enable StudentBridge to remember a user’s login session so the user can move easily within the Website or the Services. Without these cookies, StudentBridge would not be able to provide the Services to Client, its Authorized Users, and Authorized Visitors. These session cookies have limited functionalities and expirations, and Client and its Authorized Users will be required to re-enter its StudentBridge login information after a certain period of time has elapsed to protect Client against others accidentally accessing its account contents and related Personal Information.
2) Performance and Remarketing Cookies - Partners who help us serve advertising on and off the Website and analytics companies may also put cookies on a user’s device. StudentBridge may from time to time use third-party vendors to help deliver ads for relevant StudentBridge products and services to a user when a user visits certain pages on the StudentBridge Website and then visit certain third-party sites.
i) Google Analytics - StudentBridge uses a specific cookie in order to facilitate the use of Google Universal Analytics for Clients logged-in to their Account (“Logged-In User). For a Logged-In User, StudentBridge may use the StudentBridge user ID in combination with Google Universal Analytics and Google Analytics to track and analyze the pages of the Services visited. StudentBridge does this only to better understand how Client uses the Services and the Website, with a view to offering improvements for all StudentBridge Users; and to tailor StudentBridge’s business and marketing activities accordingly, both generally and specifically to StudentBridge customers. Google Analytics cookies do not provide StudentBridge with any Personal Information. Users may opt-out of this feature by installing the Google Analytics Opt-out Browser Add-on.
ii) Google Display Advertising - Additionally, StudentBridge uses Google Analytics code that allows for certain forms of display advertising and other advanced features. Subject to change, the Google Display Advertising features StudentBridge currently uses are Remarketing, Google Display Network Impression Reporting, the DoubleClick Campaign Manager Integration, and Google Analytics Demographics and Interest Reporting. These features are used to advertise online; to allow third-party vendors, including Google, to show advertising across the Internet; to allow StudentBridge and third-party vendors, including Google, to use first-party cookies (such as the Google Analytics cookie) and third-party cookies together to inform, optimize, and serve ads based on a user’s past visits to the Website and to report how ad impressions, uses of ad services, and interactions with these ad impressions and ad services are related to visits to the Website. Data from Google's interest-based advertising or third-party audience data (such as age, gender, and interests) is also combined with Google Analytics to better understand the needs of StudentBridge users and to improve the Services. A user may opt out of such display advertising at any time by visiting the user’s Google Ads Settings page or by installing and running the Google Analytics Opt-out Browser Add-on.
StudentBridge uses other third-party performance and remarketing cookies, and further information on those third-party cookies can be obtained by contacting StudentBridge at the email address below. StudentBridge may also use related technologies including web beacons, bugs, pixels, and software tokens in order to facilitate a user’s use of the Services. Most notably, the Services use software tokens (stored securely on StudentBridge-controlled servers) in order to facilitate the logging in to and the functioning of the Services. Most computer and some mobile web browsers automatically accept cookies; a user can change its browser to prevent automatic acceptance or to notify the user each time a cookie is set. The Network Advertising Initiative has also developed a tool that may help users understand which third parties have currently enabled cookies for their browsers and opt-out of those cookies. More information can be found at http://www.networkadvertising.org/managing/opt_out.asp. Please note however that, by blocking or deleting cookies, a user may not be able to take full advantage of the Website and/or Services. If a user does not want to receive tracking pixels, the user will need to disable HTML images in its email client, and that may affect the user’s ability to view images in other emails that it receives.
GDPR Data Privacy Rights
If you are an EU resident and StudentBridge is processing, and/or transmitting your personal data, then you - as an “EU data subject” – benefit from the following rights and privileges under the General Data Protection Regulation (GDPR):
- Right of Access: You have the right to obtain from us, as controllers, confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the following personal data and information:
- The purposes of the processing;
- The categories of personal data concerned;
- The recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
- Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- The existence of the right to request from us rectification or erasure of personal data or restriction of processing of personal data concerning you or to object to such processing; (f) the right to lodge a complaint with a supervisory authority;
- Where the personal data are not collected from you, any available information as to their source; and
- The existence of automated decision-making, including profiling, along the lines indicated by Article 22(1) and (4) GDPR, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
- Right to Rectification: You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
- Right to Erasure (“Right to be Forgotten): You have the right to obtain from us the erasure of your personal data without undue delay, and we have the obligation to erase personal data without undue delay when: a) your data are no longer necessary for the purposes for which they were collected; b) you had consented to the processing; c) you have objected to the processing, as per below; d) you persona data had been unlawfully collected; e) your personal data need to be erased as a matter of compliance with a legal obligation.
- Right to Restriction of Processing: You have the right to obtain from us the restriction of processing if you: a) contest the accuracy of the personal data, until this is verified; b) the processing is unlawful but you don’t want erasure; c) we no longer need the persona data, but you require them to establish, exercise fo defend a legal claim; d) you have objected to processing but there is a need to verify whether our legitimate grounds override your rights to object.
- Right to Data Portability: Where your personal data have been provided on the basis of your consent or for the performance of a contract, and their processing occurs in an automated way, you have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format and have the right to transmit those data– or have directly transmitted - to another controller.
- Right to Object: You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data based on a legitimate ground point (e) or (f) of Article 6(1), including profiling based on those provisions. In this case, we can no longer process your personal data unless we show that there is a compelling legitimate ground for the processing which override your interests, rights and freedoms or for our establishment, exercise or defense of legal claims.
When StudentBridge May Share Personal Information
StudentBridge uses industry best practices to keep any information collected and/or transmitted by the Services secure. This includes the use of HTTPS with TLS (Transport Layer Security), which encrypts all transmitted data, and OAuth 2.0 protocols for authentication and data transfer. Certain Personal Information, such as StudentBridge login details, is encrypted during transmission using TLS. Once validated within the StudentBridge system, passwords are deleted from the system. In addition, StudentBridge uses third-party vendors and hosting partners to provide the necessary hardware, software, networking, storage, and related technology required to run the Services. These vendors have been selected for their high standards of both physical and technological security, including ISO and SSAE16 certifications. When payments are processed via credit card, StudentBridge uses third-party vendors that are PCI-DSS Compliant. Submission of information over the Internet is never entirely secure. StudentBridge cannot guarantee the security of information submitted via the Services while it is in transit over the Internet and any such submission is at Client’s own risk, and this risk is specifically disclaimed in our Terms of Service. It is advisable that Client logs out of its Account at the end of every session and not leave a logged-in account unattended for any period of time, particularly if using a shared computer or device.
All information accessed through StudentBridge.com is in compliance with the required information security mandates of Article 32 of the GDPR. Specifically, Article 32 mandates the following:
Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate -
- The pseudonymization and encryption of personal data
- The ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services.
- The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.
- A process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.
Please note that refusal to provide Personal Information may result in our inability to provide the Services to you, to manage our relationship with you, or to improve the Services.
Information Storage and International Transfers
StudentBridge aligns itself with the Safe Harbor privacy principles as set forth by the U.S. Department of Commerce regarding the collection, storage, use, transfer and other processing of Personal Data transferred from the European Economic Area (“EEA”) or Switzerland to the United States. While StudentBridge itself is not certified by the US Department of Commerce, the information that a Client submits via the StudentBridge Services is hosted on secure servers located in the United States that are certified under the Safe Harbor Scheme for transfers of Personal Information outside the European Economic Area. Safe Harbor is a European Union (EU) directive on data privacy that introduces high standards of data privacy to ensure the free flow of data throughout the European Union member states, and gives the individual the right to review the personal data, correct it, and limit its use. Safe Harbor provides a way for US businesses to demonstrate that they provide adequate protection for personal information transferred to it according to EU data protection standards. Further information on Safe Harbor is available from the US Department of Commerce's website. If you are in the EEA, in transferring your Personal Information to countries outside of the EEA, we will take appropriate steps to make sure that such recipients act in accordance with applicable law. To the extent that we transfer the personal data to recipients who are located outside the European Union or the European Economic Area, we will provide an adequate level of protection of your personal data, including appropriate technical and organizational security measures and through the implementation of appropriate contractual measures to secure such transfer, in compliance with applicable law, and will inform you accordingly.
StudentBridge uses email as a primary mode of communication with its Clients. A Client can manage its email preferences, such as opting-out or unsubscribing from emails sent by StudentBridge, by adjusting its preferences in its account settings. A Client may also opt out or unsubscribe from any future email communications from within a link provided in each email correspondence that StudentBridge sends.
Users can contact StudentBridge to obtain a copy of the Personal Information held about a user by StudentBridge. This may be subject to a fee not exceeding any prescribed fee permitted by applicable law. A user can also ask StudentBridge to correct and, where relevant, erase that information. Please note that certain Personal Information may need to be retained by StudentBridge for a period of time following termination of a Client’s Account where this is necessary for legitimate business purposes or required by applicable law.
2965 Flowers Rd S, Suite 210
Atlanta, GA 30341