TCSES ONLINE PRIVACY POLICY
This privacy policy has been compiled to better serve those who are concerned with how their ‘Personally Identifiable Information’ (PII) is being used online. PII, as described in US privacy law and information security, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Please read our privacy policy carefully to get a clear understanding of how we collect, use, protect or otherwise handle your Personally Identifiable Information in accordance with our website.
What personal information do we collect from the people that visit our blog, website or app?
When donating or registering on our site, as appropriate, you may be asked to enter your name, email address, mailing address, phone number, payment card information or other details when you provide such information while using our online services and where we believe it is reasonably required for ordinary business purposes.
When do we collect information?
We collect information from you when you enter information on our site.
How do we use your information?
We may use the information we collect in the following ways:
• To process your transaction or donation;
• Responding to your requests or communicating with you;
• Complying with or enforcing legal requirements.
How do we protect your information?
• Our website is scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to our site as safe as possible.
• We use regular Malware Scanning.
• Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.
We implement a variety of security measures when a user places an order to maintain the safety of your personal information.
All transactions are processed through a gateway provider and are not stored or processed on our servers.
Please note that information you send to us electronically may not be secure when it is transmitted to us. We recommend that you do not use unsecure channels to communicate sensitive or confidential information (such as your Social Security number) to us.
Do we use ‘cookies’? We do not use cookies for tracking purposes.
You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser settings. Since browser is a little different, look at your browser’s Help Menu to learn the correct way to modify your cookies.
Third-party disclosure
We do not sell, trade, or otherwise transfer to outside parties your Personally Identifiable Information.
Third-party links
We do not include or offer third-party products or services on our website.
Google
Google’s advertising requirements can be summed up by Google’s Advertising Principles. They are put in place to provide a positive experience for users. https://support.google.com/adwordspolicy/answer/1316548?hl=en
We have not enabled Google AdSense on our site but we may do so in the future.
California Online Privacy Protection Act
CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law’s reach stretches well beyond California to require any person or company in the United States (and conceivably the world) that operates websites collecting Personally Identifiable Information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals or companies with whom it is being shared. – See more at: http://consumercal.org/california-online-privacy-protection-actcaloppa/#sthash.0FdRbT51.dpuf
According to CalOPPA, we agree to the following:
Users can visit our site anonymously.
Once this privacy policy is created, we will add a link to it on our home page or as a minimum, on the first significant page after entering our website.
Our Privacy Policy link includes the word ‘Privacy’ and can be easily be found on the page specified above.
You will be notified of any Privacy Policy changes:
• On our Privacy Policy Page
Can change your personal information:
• By emailing us
How does our site handle Do Not Track signals?
We honor Do Not Track signals and Do Not Track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.
Does our site allow third-party behavioral tracking?
It’s also important to note that we do not allow third-party behavioral tracking
COPPA (Children Online Privacy Protection Act)
When it comes to the collection of personal information from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online. We do not specifically market to children under the age of 13 years old.
Fair Information Practices
The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.
In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:
We will notify you via email within 7 business days.
We also agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.
CAN SPAM Act
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
We collect your email address in order to:
• To process your transaction or donation;
• Responding to your requests or communicating with you;
• Complying with or enforcing legal requirements.
To be in accordance with CANSPAM, we agree to the following:
• Not use false or misleading subjects or email addresses.
• Identify the message as an advertisement in some reasonable way.
• Include the physical address of our business or site headquarters.
• Monitor third-party email marketing services for compliance, if one is used.
• Honor opt-out/unsubscribe requests quickly.
• Allow users to unsubscribe by using the link at the bottom of each email.
If at any time you would like to unsubscribe from receiving future emails:
Follow the instructions at the bottom of each email and we will promptly remove you from ALL correspondence.
Contacting Us
If there are any questions regarding this privacy policy, please contact the Help Desk at 800-747-8367.
GDPR Privacy Notice
The European Union (“EU”) General Data Protection Regulation 2016/679 (the “GDPR”) regulates the protection of certain people with regard to the processing of their personal data and the free movement of such data. Before TCS Education System (“TCS”) collects any personal data from you, we are required to provide certain information which is contained in this GDPR Privacy Notice (“Notice”).
I. Applicability and Definitions
This Notice applies to persons located in the EU, a European Economic Area (“EEA”) member state, Switzerland, or any country which formally adopts the GDPR (“GDPR Countries”). GDPR went into effect on May 25, 2018, and applies to the processing of personal data from and after that date.
For the purpose of this Notice, the following definitions apply:
“Personal data” means any information that can be used to directly or indirectly identify you, such as your name, date of birth, addresses (including email addresses), identification numbers, location data, online identifiers, or factors specific to your physical, physiological, genetic, mental, economic, cultural, or social identity.
“Sensitive data” means personal data related to your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetics, biometrics, health, sex life or sexual orientation.
“Processing” and “Process” is any operation performed on your personal data, including collecting, storing, altering, transferring, sharing, disclosing, erasing, or destroying your data.
“Controller” means an entity that determines the purposes and means of processing personal data. The TCS is a Controller within the meaning of the GDPR.
Terms in this Notice are intended to be used consistent with their definitions in the GDPR. The full text of the GDPR, is available at https://gdpr-info.eu/.
II. The Type of Data Collected and the TCS’ Purposes and Legal Bases to Process the Data
The TCS processes your personal data for the purpose of furthering its charitable, educational, and scientific missions and in connection with your relationship with the TCS as a prospective, current, or former student (or such student’s parent or guardian), a faculty or staff member, or an employee, contractor, donor, supporter, research subject, visitor to the TCS or its website, or attendee at a TCS event.
The categories of personal data we process about you may include the following:
Identity data – includes name, aliases, date of birth, title, gender, and identification numbers Contact data – includes mailing and email addresses, phone and fax numbers, and emergency contact information
Background data– includes historical information related to past employment, education, references, and other records
Financial data – includes information related to personal and family finances
Technical data – includes technical information related to your use and access of TCS websites, online applications and tools, such as internet protocol (IP) address, login data, and browser and operating system type and version
Profile data – includes usernames and passwords, profile pictures, interests, application preferences, and feedback
Marketing and Communication data – includes your preference in receiving marketing from the TCS and your communication preferences
Sensitive data – includes data defined as “sensitive data” in Section I of this Notice, including data related to racial or ethnic origin, health, sex life and sexual orientation
The TCS processes your personal data only when we have a legal basis to do so. Most commonly, it is necessary for the TCS to process your personal data for the following legal bases recognized by the GDPR:
To take steps to enter a contract with you, or to perform a contract to which you are a party.
Where the TCS or a third party has a legitimate interest, and your interests and fundamental rights do not override those interests.
To protect the vital interests of health and safety of you or a third party. To comply with a legal or regulatory obligation.
When the TCS cannot rely on any of these legal bases, or if it is necessary for the TCS to process your sensitive personal data, it will seek your prior consent. The purposes for which the TCS collects your personal data, and the legal bases for processing such personal data, are summarized in the below chart. Where the TCS relies on a legitimate interest, it identifies the legitimate interests. The TCS may have more than one legal basis to process your personal data depending on the specific purpose for which your personal data is used.
| Data Processing Purpose & Uses | Category of Data Collected | Lawful Basis(es) for Processing |
| Recruiting and Marketing. Data is processed to identify you; track inquiries and website activity; identify and recruit prospective students, faculty, and staff; and market the TCS’ courses, programs, and services. | Identity Contact Technical Profile Marketing and
Communication |
Necessary to enter a contract Necessary to pursue the TCS’s legitimate interest in recruiting qualified students, faculty and staff to the TCS.
Prior consent |
| Application by candidate located in the EU for TCS or program admission. Data is processed to identify you, administratively process your application for admission to the TCS or to a particular program (such as study abroad, certificate, or degree programs), verify information provided, evaluate your qualification for admission, and communicate the outcome to you. The data is also used to manage student accounts (including invoicing, processing payments and refunds, pursuing collection efforts if necessary); administer financial aid, grant and scholarship programs; manage student affairs and provide
student support services (such as services for disability accommodations, advising, safety, and wellness); provide clinical, internship or job placement services; manage academic affairs and provide academic support services; and provide IT and technology services (such as TCS email accounts, learning management systems and applications, network and communication gateways, intranet sites, and data warehousing). The data may also be used to prevent or detect fraud, for disciplinary or academic integrity proceedings, to meet legal or regulatory reporting and compliance requirements, to evaluate the TCS’s diversity and equal opportunity performance, and for research and statistical purposes. |
Identity Contact Background Financial Technical Profile Marketing and
Communication Sensitive |
Necessary to enter and/or perform a contract
Necessary to pursue the TCS’s legitimate interest in furthering its charitable, educational, and scientific missions, and providing excellent and competitive educational services Necessary to comply with legal or regulatory obligations Necessary to protect the vital interest of you or another Prior consent where sensitive data is collected |
| Register, Enroll and Participate in Programs and Courses while in the EU. Data is processed to identify you;
facilitate your participation in programs and courses; track attendance, course and program progress and completion; assign coursework; evaluate academic performance; administer tests; facilitate instruction; prepare educational records (such as transcripts and diplomas); and provide related services while you are in the EU such as transportation, lodging, health and safety, and insurance. The data is also used to manage student accounts (including invoicing, processing payments and refunds, pursuing collection efforts if necessary); administer financial aid, grant and scholarship programs; manage student affairs and provide student support services (such as services for disability accommodations, advising, safety, and wellness); provide clinical, internship or job placement services; manage academic affairs and provide academic support services; and provide IT and technology services (such as TCS email accounts, learning management systems and applications, network and communication gateways, intranet sites, and data warehousing). The data may also be used to prevent or detect fraud, for disciplinary or academic integrity proceedings, to meet legal or regulatory reporting and compliance requirements, to evaluate the TCS’s diversity and equal opportunity performance, and for research and statistical purposes. |
Identity Contact Background Financial Technical Profile Marketing and
Communication Sensitive |
Necessary to enter and/or perform a contract
Necessary to pursue the TCS’s legitimate interest in furthering its charitable, educational, and scientific missions, and providing excellent and competitive educational services Necessary to comply with legal or regulatory obligations Necessary to protect the vital interest of you or another Prior consent where sensitive data is collected |
| Applications for employment in the EU. Data is processed to identify you,
administratively process your application, verify information provided, evaluate your employment qualifications, conduct background checks, and communicate the outcome to you. The data is also used to maintain personnel files, prepare and process performance evaluations, manage payroll, provide and administer employment benefits, manage employee relations; provide IT and technology services (such as TCS email accounts, network and communication gateways, intranet sites, and data warehousing); manage complaint, grievance, and disciplinary proceedings; to prevent or detect fraud; to meet legal or regulatory reporting and compliance requirements; to evaluate the TCS’s diversity and equal opportunity performance, and for research and statistical purposes. |
Identity Contact Background Financial Technical Profile Marketing and
Communication Sensitive |
Necessary to enter and/or perform a contract
Necessary to comply with legal or regulatory obligations Necessary to protect the vital interest of you or another Prior consent where sensitive data is collected |
| Complaint, Grievance, and Disciplinary Procedures for incidents arising in the EU. Data is processed to identify you; administratively process complaints or grievances, or engage in disciplinary procedures; verify information provided;
evaluate and investigate incidents; protect health and safety; communicate with you; communicate the outcome to appropriate parties; and provide information required by third parties to meet legal or regulatory reporting and compliance requirements. |
Identity Contact Background Profile Sensitive | Necessary to perform a contract Necessary to comply with legal or regulatory obligations
Necessary to protect the vital interest of you or another Prior consent where sensitive data is collected |
| Offering Access to TCS Information and Technology Services to Persons in
EU. Data is processed to identify you; provide a TCS email account; allow students, faculty, staff, and alumni, and other authorized persons the right to access and use TCS licensed software, tools and applications; and storing data. |
Identity Contact Financial Technical Profile Marketing and
Communication |
Necessary to enter and/or perform a contract
Necessary to comply with legal or regulatory obligations |
| Research Involving Personal Data of Persons in the EU. Data may be processed to conduct educational, scientific, and other research and related statistical analysis Terms and conditions of research projects are negotiated before acceptance to ensure ability to comply with applicable research grants, agreements, laws, rules regulations and policies. | Varies depending on research. | Necessary to enter and/or perform a contract
Necessary to pursue the TCS’s legitimate interest in carrying out research activities to advance knowledge and create applications that benefit society Prior consent where sensitive data is collected |
| Alumni and donors in the EU. Data is processed to identify you; communicate with and provide services to alumni and donors; and to seek and accept gifts and donations. The data may also be used for research and statistical purposes. | Identity Contact Background Financial Technical Profile Marketing and
Communication Sensitive |
Necessary to enter and/or perform a contract
Necessary to pursue the TCS’s legitimate interest furthering its charitable, educational, and scientific missions, and providing excellent and competitive educational services Prior consent where sensitive data is collected |
| Comply with Legal and Regulatory Obligations. Data is processed to comply with applicable laws and regulations, including, without limitation, the Internal Revenue Code, Title IV and Title IX, U.S. Department of Education laws and regulations, the Immigration and Naturalization Service, the Department of Homeland Security, and regional and national accreditation requirements and standards. | Identity Contact Background Financial Sensitive | Necessary to enter and/or perform a contract
Necessary to pursue the TCS’s legitimate interest furthering its charitable, educational, and scientific missions, and providing excellent and competitive educational services Necessary to comply with legal or regulatory obligations Necessary to protect the vital interest of you or another |
If you have additional questions regarding the type of personal data collected about you, or the TCS’s purpose or legal basis for processing your personal data, please contact the TCS at the contact provided below.
III. Other Recipients of Your Personal Data
We may share your personal data with other recipients in connection with the purposes and lawful bases stated in Section II of this Notice. Categories of recipients who may receive your personal data may include the following:
TCS faculty and staff responsible for or involved in the activities described in the above chart. Public safety authorities, such as local, state, federal or international law enforcement.
Health care providers, such as hospitals and clinics.
Security providers, such as private campus safety personnel. Regional and national accreditors and professional licensing bodies.
Third parties who underwrite, administer, or provide services related to the TCS’s programs or to individuals associated with the TCS, such as independent contractors, marketing services, event hosting, international service providers, payment processors, insurance and benefits providers and administrators, lenders and service providers who assist in student loans, scholarship and other financial aid programs.
Third parties to whom personal data is required to be communicated in order for the TCS to comply with legal obligations established by any and all applicable laws and regulations, such as local, state, federal or international legal, governmental and regulatory entities.
Third-party data processors who host and/or process information on behalf of the TCS.
Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets.
We require third parties to respect the security of your personal data and to treat it in accordance with applicable law.
IV. International Data Transfers
Personal data that you provide while in GDPR Countries will be transferred internationally to the TCS, which is located in the United States, and may be transferred to third parties in other countries in connection with the purposes and lawful bases stated in Section II of this Notice. In the
international transfer of your personal data, the TCS will employ suitable safeguards to protect the privacy and security of your personal data so that it is only used in a manner consistent with this Notice.
V. Data Security
The TCS, by design, has put in place appropriate security measures to protect personal data from unauthorized access, alteration, disclosure or destruction. In addition, we limit access to your
personal data to those employees, agents, contractors and other third parties who have a business need to know, and who process your personal data at our direction. Where there is a personal data breach, we will notify you and any applicable regulatory authority where we are legally required to do so.
VI. Data Retention
The TCS retains your personal data for as long as necessary to fulfill the purposes for which we collected it. To determine the appropriate retention period for personal data, we consider the nature of the personal data, the purpose for which personal data is processed and retained, and the applicable legal, accounting, reporting and regulatory requirements applicable to such data. Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by contacting the TCS at the contact provided below. In some circumstances we may anonymize your personal data (so that it can no longer be associated with you), in which case we may use this information indefinitely without further notice to you.
VII. Your Rights Regarding Your Personal Data
Under the GDPR, you have a number of rights regarding your personal data, subject to exceptions stated in the GDPR or its implementing regulations. Specifically, you have the right to:
Request access to your personal data and receive a copy of the personal data that we hold about you.
Request correction of your personal data that we hold which is inaccurate or incomplete.
Request erasure of your personal data from our records. Where it is necessary for the TCS to maintain the data for legal, accounting, reporting, or regulatory reasons, we may not be able to comply with your request and will notify you if that is the case.
Object to processing of your personal data where we are relying on a legitimate interest for processing such data, unless the TCS can demonstrate compelling legitimate grounds for processing that override your interest in prohibiting such processing.
Request restriction of processing your personal data under certain circumstances. Request the transfer (portability) of your personal data to a third party.
Withdraw consent at any time where the TCS relies solely on the legal basis of consent to process your personal data. If you withdraw consent, the withdrawal will not change the fact that your data has been processed legally up to that point. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
File a complaint concerning your personal data with the applicable EU supervisory authority. Supervisory authority contact information is available here.
Nearly all of your rights are qualified in various ways and there are numerous exemptions. For additional information about your rights, the full text of the GDPR is available at https://gdpr-info.eu/.
If you wish to exercise any of these rights, please contact the TCS at the contact provided below. The TCS strives to respond to all legitimate requests within one month. It may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
VIII. Are You Obligated to Provide Personal Data?
Through this Notice, the TCS informs you that it may process your personal data in accordance with this Notice, and as permitted or required by law. If you do not agree with this Notice, please do not provide any personal data to the TCS.
If you choose not to provide personal data that is necessary for the TCS to provide you with specific products or services, the TCS may not be able to provide those products or services to you. For example, if you do not provide personal data needed to perform a contract for educational services with you, such as information necessary to process admissions, financial aid, or employment applications, you will not be admitted to the TCS, awarded financial aid, or employed by the TCS.
IX. Contact Information and Rights Requests
If you would like to contact the TCS in its capacity as a controller, including to ask questions about this Notice, the GDPR, and the personal data being processed by the TCS, or if you wish to exercise any of your rights under the GDPR or lodge a complaint involving a violation of this Notice or the GDPR, please contact:
TCS Education System
203 N. LaSalle St.
Suite 1900 Chicago, IL
[email protected]
Please note that the TCS is not a public authority or body. Also, its core activities do not include the regular and systematic monitoring of data subjects on a large scale, nor processing on a large scale of special categories of data or personal data relating to criminal convictions and offenses. For these reasons, the GDPR does not obligate the TCS to designate a data protection officer within the meaning of the GDPR.
Updated: 9/4/2018