Last Updated: 01/04/2021
TouchNet Information Systems, Inc. (“TouchNet,” “us”, “we” or “our”) respects your rights and preferences regarding data privacy.
In this Privacy Notice (“Notice”), we describe how we collect, use, share and dispose of personal information that we collect from users of our websites, forums and blogs (“Sites”), our mobile applications (“Apps”), and our other products and services including Client Community and U.Commerce Suite (collectively, “Services”) in the course of our business activities.
This Notice applies to the Services provided by TouchNet on its own behalf or in combination with one of its parents, affiliates, or subsidiaries.
In this Notice, we provide information about:
- PERSONAL INFORMATION WE COLLECT AND HOW WE USE IT
- HOW WE SHARE PERSONAL INFORMATION
- TRANSFERRING PERSONAL INFORMATION GLOBALLY
- HOW WE PROTECT AND DISPOSE OF PERSONAL INFORMATION
- COOKIES AND OTHER TRACKING TECHNOLOGIES
- CHILDREN UNDER 16
- YOUR LEGAL RIGHTS
- OTHER INFORMATION
- HOW TO CONTACT US
Please be aware that not all of the information in this Notice will be directly applicable to our handling of your personal information. This Notice provides an overview of the possible circumstances in which we interact with your personal information. If you have any questions about our processing of your personal information, please contact us at firstname.lastname@example.org
PERSONAL INFORMATION WE COLLECT AND HOW WE USE IT
We will only collect, use, and share your personal information where we are satisfied that we have an appropriate legal basis to do so. Subject to your consent if required by law, we may collect the following types of personal information about you as relevant to the Services with which you are engaging:
- Identifiers such as your name or account name
- Contact information including telephone number, email address, or postal address
- Username and password
- Financial account information
- Education information including your status with the school or college with which you are affiliated (i.e. student, employee)
- Your user activity including access and purchase history
- Information about the products and services we provide to you
- Information about your preferences including marketing preferences
- Information collected through your internet-based activity (see “Cookies” for additional information)
- Information you provide in any communication with us including correspondence transcripts and call recordings
- Information you provide when you participate in any blog, community or forum on our Sites
How we use your personal information. We use your personal information to provide the Services. In providing the Services, we may use your personal information to:
- Create, maintain or provide service for your account
- Process or fulfill requests from you
- Respond to customer service requests from you
- Verify your information
- Process payments
- Undertake activities to maintain the quality, safety or integrity of the Services
- Maintain data security including detecting and responding to security incidents and protecting you, and us, from fraud
- Monitor our Sites including gathering usage data and other analytic information that enables us to maintain and improve the Services
- Other uses that are required for us to meet our legal, contractual or regulatory requirements
Sources of personal information. We collect information from various sources that we use to provide our Services to you, to analyze and improve our Services, and to communicate with you (e.g., to send you updates or notices about our organization, or emails about products or services that we believe may be of interest to you). The personal information that we collect and the purpose for our collecting such information is as follows:
- Information that you provide to us: We collect personal information that you provide to us when you set up an account with us, use our Services, or communicate with us. For example, if you register for an online account with us, then we may request your name, contact information and payment information. Providing us with personal information about yourself is voluntary, and you can always choose not to provide certain information, but then you may not be able to take advantage of or participate in some of the Services' features.
- Information collected from third parties: We may collect information about you from third parties in the course of providing our Services to you. For example, we may collect personal information like your name, contact information and enrollment status from your school or university in order to offer the Services to you.
- Information collected through technology: When you visit our Sites or Apps (or when you use any of our Services) we may collect certain information about your location, usage, computer or device through technology such as cookies (see below for more information on cookies). We may collect geolocation in the Apps for the purpose of enabling location-based Services such as, for example, building access at your school or college.
The legal basis for our processing your personal information. Our legal basis for using your personal information includes (1) performance of a contract so you can use the Services, (2) our legitimate interests which include to improve our Sites and Services, better engage with you, prevent fraud, and secure our Sites, (3) to comply with a legal obligation (to keep information we are required to keep such as payment information) and (4) with your consent when required by applicable law, such as, for example, if we are sending you marketing communications.
The business purpose for our processing your personal information. Our primary business purpose for processing your personal information is to provide the Services consistent with the contract terms between us and our customer. We may also use your personal information to enable the following additional business purposes: (1) detecting and managing security incidents or fraudulent activity, (2) providing customer service, fulfilling requests, and other functions directly related to the Services, (3) maintaining our software including debugging and repairing errors, and (4) maintaining the quality of the Services and developing enhancements and improvements to meet our customer needs.
Data anonymization and aggregation. Subject to your consent if required by law, we may anonymize or aggregate your personal information in such a way as to ensure that you are not identified or identifiable from it, in order to use the anonymized or aggregated data. For example, we may use anonymized or aggregated data for statistical analysis including to analyze trends, for product development, and for risk assessments and cost analysis. We may share anonymized or aggregated data with our parents, subsidiaries, affiliates or with other third parties.
This Notice does not restrict TouchNet’s use or sharing of any non-personal, summarized, derived, anonymized or aggregated information.
HOW WE SHARE PERSONAL INFORMATION
For each category of personal information we collect, we may share such information in the manner and for the purposes described below:
- With TouchNet affiliates where such disclosure is necessary to provide you with our Services or to manage our business.
- With third-party service providers. For example, we share personal information with IT service providers who help manage our back office systems or administer our Sites and Apps. These third-party service providers have agreed to confidentiality restrictions and have agreed to use any personal information we share with them, or which they collect on our behalf, solely for the purpose of providing the contracted service to us.
- With our customer with whom you are also engaging when you use the Services. For example, you may be using a TouchNet Site provided to you through a school or college website, to engage in a purchase. TouchNet may share the personal information you provide with the school in order to fulfill your request. You may also receive communications from the school. Each such customer operates independently from TouchNet and their collection and use of your personal information is not subject to this Notice but to their own privacy notices.
- With banks and payment providers to authorize and complete card payments.
TouchNet does not sell personal information.
In addition, subject to applicable legal requirements, we may share personal information in connection with or during negotiation of any merger, financing, acquisition, bankruptcy, dissolution, transaction or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business assets to another company.
TRANSFERRING PERSONAL INFORMATION GLOBALLY
We operate on a global basis. This means that your personal information may be transferred to and stored in the United States or in another country outside of the country in which you reside, which may be subject to different standards of data protection than your country of residence.
We will take appropriate steps to ensure that transfers of personal information are in accordance with applicable law, are carefully managed to protect your privacy rights and interests and limited to countries which are recognized as providing an adequate level of legal protection or where alternative adequate arrangements are in place to protect your privacy rights. To this end:
- we ensure transfers with TouchNet affiliates are covered by an agreement (an intragroup agreement) which contractually requires each such entity to ensure that personal information receives an adequate and consistent level of protection wherever it is transferred;
- where we transfer your personal information outside TouchNet or to third parties who help provide our Services, we obtain contractual commitments from them to protect your personal information; and
- where we receive requests for information from law enforcement or regulators, we carefully validate these requests before any personal information are disclosed.
HOW WE PROTECT AND DISPOSE OF PERSONAL INFORMATION
We take seriously our responsibility to protect the security and privacy of your personal information. We maintain administrative, technical and physical safeguards designed to protect the personal information you provide against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use.
Any suspected attempt to breach our policies and procedures, or to engage in any type of unauthorized action involving our information systems, is regarded as potential criminal activity. Suspected computer mischief may be reported to the appropriate authorities.
Please remember that communications over the internet such as emails are not secure. We seek to keep secure all confidential information and personal information submitted to us in accordance with our obligations under applicable laws and regulations. However, like all website operators, we cannot guarantee the security of any data transmitted through the internet.
When we no longer need your personal information to provide the Services, it will be securely deleted or de-identified in a manner that ensures you cannot be re-identified.
COOKIES AND OTHER TRACKING TECHNOLOGIES
A “cookie” is a text file that is stored to your browser when you visit a website.
Unique device identifiers like IP address or UDID recognize a visitor’s computer or other device used to access the internet. Unique device identifiers are used alone and in conjunction with cookies and other tracking technologies for the purpose of “remembering” computers or other devices used to access the Sites and Apps.
We may also use other technologies like pixels or tags that allow us to measure responses to our email communications.
Cookies can be classified by duration and by source:
- Duration. The Sites use both “session” and “persistent” cookies. Session cookies are temporary - they terminate when you close your browser or otherwise end your “active” browsing session. Persistent cookies remember you on subsequent visits. Persistent cookies are not deleted when you close your browser, and they will remain on your computer or other device unless you choose to delete them (see below for “How to Delete or Block Cookies”).
- Source. Cookies can be “first-party” or “third-party” cookies, which means that they are either issued by or on behalf of TouchNet or by a third-party operator of another website. For an example of a third-party cookie, our Sites may contain a Facebook “like” button, which would set a cookie that can be read by Facebook. Our Sites may use both first-party and third-party cookies.
The cookies that we may use on the Sites fall into the following categories:
- Strictly Necessary Cookies. These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions taken by you such as logging in or filling in forms. You can set your browser to block or alert you about these cookies, but blocking them may impede the functionality of the Sites.
- Performance Cookies. These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
- Functionality Cookies. These cookies enable the Sites to provide enhanced functionality and personalisation. They may be set by us or by third-party providers whose services we have added to our pages. If you do not allow these cookies then some of these services may not function properly.
- Targeting Cookies. These cookies may be set through our Sites by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant advertisements on other sites. They are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
How to Delete or Block Cookies
On some Sites, when technically feasible, we will enable tools to help you make choices about cookies. You may also delete or block cookies at any time by changing your browser settings. You can click “Help” in the toolbar of your browser for instruction or review the cookie management guide produced by the Interactive Advertising Bureau available at www.allaboutcookies.org. If you delete or block cookies, some features of the Sites may not function properly.
TouchNet may provide links on our Sites and Apps to other websites that are not under our control. We do not endorse or make any warranty of any type regarding the content contained on such websites or products and services offered on those websites.
We encourage our users to be aware when they leave our Sites and to read the privacy statements of each and every website that collects personal information. This Notice applies solely to personal information collected by us. You should read any other applicable privacy and cookies notices carefully before accessing and using other websites.
CHILDREN UNDER 16
The Services are not intended for use by children. We do not solicit or knowingly accept any personal information from persons under the age of 16. Please do not use the Services if you are under the age of 16. TouchNet does not knowingly collect, use, or disclose the personal information of minors under 16 years of age.
YOUR LEGAL RIGHTS
Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, some users, including European Union residents and residents of the state of California, may have certain rights in relation to their personal information. These rights may include:
EU Resident Rights
What does this mean?
Right to be informed
You have the right to be provided with clear and easy-to-understand information about how we use your personal information. This is why we are providing you this Notice and we may provide other forms of notice, as appropriate or required
by law, in the Services.
Right to access personal information
You have the right to access and receive a copy of personal information we hold about you.
Right to data portability
In some circumstances, you have the right to receive the personal information you request from us in a format that is user-friendly and enables you to transfer it to another provider.
Right to rectification
You have the right to correct or update your personal information if it is outdated, incorrect or incomplete.
Right of erasure (“right to be forgotten”)
In some circumstances, you have the right to have your personal information erased or deleted.
Right to restrict/suspend processing of personal information
You may object to processing of personal information that is based on legitimate interest. You may withdraw consent for processing that is based on consent (this includes the right to opt out of direct marketing).
Right to information about information transfers
You have the right to obtain a copy of documents related to the safeguards under which your personal information is transferred outside the EU.
Right to complain to a supervisory authority
You have the right to contact the data protection authority in your country to complain about our data protection and privacy practices.
CA Resident Rights
What does this mean?
Right to know about personal information collected, disclosed, and sold
You have the right to request that we disclose to you what categories of personal information we have collected, used, disclosed, or sold over the past 12 months. We have provided information about the categories of personal information we have collected, the sources from which we collected it, the purposes for which it was collected, and the third parties with whom we may share it with above.
Right to opt-out of the sale of personal information
You may request that we do not sell your personal information to third parties.
Right to request deletion
In some circumstances, you have the right to have your personal information erased or deleted.
Right to equal service and prices (“non-discrimination”)
Your choice to exercise your privacy rights will not be used as a basis to discriminate against you in Services offered or pricing.
Changes and Updates. We reserve the right, in our sole discretion, to modify, update, add to, discontinue, remove or otherwise change any portion of this Notice, in whole or in part, at any time. When we amend this Notice, we will revise the “last updated” date located at the top of the document. We will also take reasonable steps to ensure you are made aware of any material updates including providing you direct communication about such changes or providing a notification through the Services, as appropriate. If you provide personal information to us or access or use the Services after this Notice has been changed, you will be deemed to have unconditionally consented and agreed to such changes. The most current version of this Notice will be available on the Sites and Apps and will supersede all previous versions of this Notice.
Choice of Law. This Notice, including all revisions and amendments thereto, is governed by the laws of the United States, State of Georgia, without regard to its conflict or choice of law principles which would require application of the laws of another jurisdiction.
Arbitration. By using the Services in any way, you unconditionally consent and agree that: (1) any claim, dispute, or controversy (whether in contract, tort, or otherwise) you may have against TouchNet and/or its parent, subsidiaries, affiliates and each of their respective members, officers, directors and employees (all such individuals and entities collectively referred to herein as the "TouchNet Entities") arising out of, relating to, or connected in any way with the Services or the determination of the scope or applicability of this agreement to arbitrate, will be resolved exclusively by final and binding arbitration administered by JAMS and conducted before a sole arbitrator in accordance with the rules of JAMS; (2) this arbitration agreement is made pursuant to a transaction involving interstate commerce, and shall be governed by the Federal Arbitration Act ("FAA"), 9 U.S.C. §§ 1-16; (3) the arbitration shall be held in Atlanta, Georgia; (4) the arbitrator's decision shall be controlled by the terms and conditions of this Notice and any of the other agreements referenced herein that the applicable user may have entered into in connection with the Services; (5) the arbitrator shall apply Georgia law consistent with the FAA and applicable statutes of limitations, and shall honor claims of privilege recognized at law; (6) there shall be no authority for any claims to be arbitrated on a class or representative basis, arbitration can decide only your and/or the applicable TouchNet Entity's individual claims; the arbitrator may not consolidate or join the claims of other persons or parties who may be similarly situated; (7) the arbitrator shall not have the power to award punitive damages against you or any TouchNet Entity; (8) in the event that the administrative fees and deposits that must be paid to initiate arbitration against any Global Entity exceed $125 USD, and you are unable (or not required under the rules of JAMS) to pay any fees and deposits that exceed this amount, TouchNet agrees to pay them and/or forward them on your behalf, subject to ultimate allocation by the arbitrator. In addition, if you are able to demonstrate that the costs of arbitration will be prohibitive as compared to the costs of litigation, TouchNet will pay as much of your filing and hearing fees in connection with the arbitration as the arbitrator deems necessary to prevent the arbitration from being cost-prohibitive; and (9) with the exception of subpart (6) above, if any part of this arbitration provision is deemed to be invalid, unenforceable or illegal, or otherwise conflicts with the rules of JAMS, then the balance of this arbitration provision shall remain in effect and shall be construed in accordance with its terms as if the invalid, unenforceable, illegal or conflicting provision were not contained herein. If, however, subpart (6) is found to be invalid, unenforceable or illegal, then the entirety of this Arbitration Provision shall be null and void, and neither you nor TouchNet shall be entitled to arbitrate their dispute. For more information on JAMS and/or the rules of JAMS, visit their website at www.jamsadr.com.
If you have questions about this Notice, or if you want to exercise your rights as described in this Notice, you can submit a request by completing this form or may contact TouchNet as follows:
TouchNet Information Systems, Inc.
Attention: Privacy Office
9801 Renner Blvd., Ste. 150
, Kansas 66219 USA
If you designate an authorized agent to make a rights request on your behalf, we request that you notify us of such designation by contacting us using the methods listed above.