Last Updated: 01/04/2021
TouchNet Information Systems, Inc. (“TouchNet,” “us”, “we” or “our”) values your privacy, and is committed to protecting your personal information. TouchNet provides commerce and credential solutions to colleges, universities and their affiliates (the “Institution”) that enable Institutions to offer students and other payors (“End Users”) easy ways to engage with and manage their payment and billing relationship with the Institutions.
In this End User Privacy Notice (“Notice”), we describe how we collect, use, and share personal information about End Users. End Users may access the TouchNet software through websites that we host for Institutions, through the Institutions’ websites, in a mobile application, and any other Institution service that relies on the TouchNet software (collectively, “Services”) where this Notice is posted. We may provide additional privacy notices as necessary that apply to your use of certain products. This Notice applies to the Services as provided by TouchNet on its own behalf or in combination with one of its parents, affiliates, or subsidiaries.
In this Notice, we provide information about:
Please be aware that not all of the information in this Notice will be directly applicable to our handling of your personal information. As a TouchNet Institutions, there may be different terms that govern your use of a TouchNet Service that are provided in the agreement between the Institution and TouchNet. This Notice provides an overview of the possible circumstances in which TouchNet interacts with End Users’ personal information. If you have any questions about our processing of your personal information, please contact the Institution you have a relationship with.
When End Users interact with the TouchNet Services, TouchNet collects personal information in order to facilitate the services that the Institution is providing you.
Because TouchNet’s relationship with End Users is based on our relationship with the Institution, TouchNet only handles End User Information in accordance with your Institution’s instructions. If you are an End User who has a relationship with one of our Institutions such as a school or university, and have a question about how your personal information is collected, used, or shared, or would like to exercise any rights you may have with respect to your personal information, please contact your Institution directly.
TouchNet will only collect, use, and share personal information where we are satisfied that we have an appropriate legal basis to do so. Subject to consent if required by law, we may collect the following categories of End User information on behalf of and as directed by your Institution:
How we use your personal information. We use your personal information to provide the Services. In providing the Services, we may use your personal information for the following business purposes:
Sources of personal information. We collect personal information from the following sources:
The legal basis for our processing your personal information. Our legal basis for using your personal information includes (1) performance of a contract so you can use the Services, (2) our legitimate interests which include to improve our Services, better engage with you, prevent fraud, and secure our Services, and (3) to comply with a legal obligation (to keep information we are required to keep such as payment information), or (4) with your consent when required by applicable law.
The business purpose for our processing your personal information. Our primary business purpose for processing your personal information is to provide the Services consistent with the contract terms between us and your Institution. We may also use your personal information to enable the following additional business purposes: (1) detecting and managing security incidents or fraudulent activity, (2) providing customer service, fulfilling requests, and other functions directly related to the Services, (3) maintaining our software including debugging and repairing errors, and (4) maintaining the quality of the Services and developing enhancements and improvements to meet your Institution’s needs.
Data anonymization and aggregation. Subject to your consent if required by law, we may anonymize or aggregate your personal information in such a way as to ensure that you are not identified or identifiable from it, in order to use the anonymized or aggregated data. For example, we may use anonymized or aggregated data for statistical analysis including to analyze trends, for product development, and for risk assessments and cost analysis. We may share anonymized or aggregated data with our parents, subsidiaries, affiliates or with other third parties.
This Notice does not restrict TouchNet’s use or sharing of any non-personal, summarized, derived, anonymized or aggregated information.
For each category of personal information we collect, we may share such information in the manner and for the purposes described below:
TouchNet does not sell your personal information to third parties.
TouchNet may also disclose personal information about you if it believes such disclosure is necessary to comply with laws or respond to lawful requests and legal process or to protect or defend the rights, safety or property of TouchNet, users of the Services or any other person, including to enforce our agreements, policies and terms of use.
In addition, subject to applicable legal requirements, we may share personal information in connection with or during negotiation of any merger, financing, acquisition, bankruptcy, dissolution, transaction or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business assets to another company.
We operate on a global basis. This means that your personal information may be transferred to and stored in the United States or in another country outside of the country in which you reside, which may be subject to different standards of data protection than your country of residence.
We will take appropriate steps to ensure that transfers of personal information are in accordance with applicable law, are carefully managed to protect your privacy rights and interests and limited to countries which are recognized as providing an adequate level of legal protection or where alternative adequate arrangements are in place to protect your privacy rights. To this end:
We take seriously our responsibility to protect the security and privacy of your personal information. We maintain administrative, technical and physical safeguards designed to protect the personal information you provide against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use.
Any suspected attempt to breach our policies and procedures, or to engage in any type of unauthorized action involving our information systems, is regarded as potential criminal activity. Suspected computer mischief may be reported to the appropriate authorities.
Please remember that communications over the internet such as emails are not secure. We seek to keep secure all confidential information and personal information submitted to us in accordance with our obligations under applicable laws and regulations. However, like all website operators, we cannot guarantee the security of any data transmitted through the internet.
When we no longer need your personal information to provide the Services, or to comply with a legal or regulatory obligation, it will be securely deleted or de-identified in a manner that ensures you cannot be re-identified.
A “cookie” is a text file that is stored to your browser when you visit a website. The cookies described below provide information about how TouchNet uses cookies. Any Institution use of cookies is governed by the Institution’s own privacy notice.
Unique device identifiers like IP address or UDID recognize a visitor’s computer or other device used to access the internet. Unique device identifiers are used alone and in conjunction with cookies and other tracking technologies for the purpose of “remembering” computers or other devices used to access the Services.
We may also use other technologies like pixels or tags that allow us to measure responses to our email communications.
Cookies can be classified by duration and by source:
The cookies that we may use with the Services fall into the following categories:
How to Delete or Block Cookies
On some Services, when technically feasible, we will enable tools to help you make choices about cookies. You may also delete or block cookies at any time by changing your browser settings. You can click “Help” in the toolbar of your browser for instruction or review the cookie management guide produced by the Interactive Advertising Bureau available at www.allaboutcookies.org. If you delete or block cookies, some features of the Services may not function properly.
External Links
TouchNet may include links to other websites that are not under TouchNet’s control. We do not endorse or make any warranty of any type regarding the content contained on such websites or products and services offered on those websites.
We encourage End Users to be aware when they leave our sites and to read the privacy statements of each and every website that collects personal information. This Notice applies solely to personal information collected by us. You should read any other applicable privacy and cookies notices carefully before accessing and using other websites.
The Services are not intended to be used by children. We do not knowingly solicit business from children under the age of 16. Any Institution use of the Service to collect personal information from persons under the age of 16 is subject to such Institution’s own privacy policy.
If you are an End User who uses TouchNet for the purpose of engaging with your Institution and have questions about legal rights you may have with respect to your personal information collected by your Institution, please consult the Customer with which you have a relationship. For example, if you are a student of a university that uses TouchNet, you should consult your university.
Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, some of our End Users, including European Union residents and residents of the state of California, may have certain rights in relation to their personal information. If you have any questions about or wish to exercise any rights you may have under applicable law, please contact your Institution. These rights may include:
Changes and Updates. We reserve the right, in our sole discretion, to modify, update, add to, discontinue, remove or otherwise change any portion of this Notice, in whole or in part, at any time. When we amend this Notice, we will revise the “last updated” date located at the top of the document. We will also take reasonable steps to ensure you are made aware of any material updates including providing your Institution with communication about such changes, or providing a notification through the Services, as appropriate. If you provide personal information to us, or access or use the Services after this Notice has been changed, you will be deemed to have unconditionally consented and agreed to such changes. The most current version of this Notice will be available on all End User facing Services, and will supersede all previous versions of this Notice.
Choice of Law. This Notice, including all revisions and amendments thereto, is governed by the laws of the United States, State of Georgia, without regard to its conflict or choice of law principles which would require application of the laws of another jurisdiction.
Arbitration. By using the Services in any way, you unconditionally consent and agree that: (1) any claim, dispute, or controversy (whether in contract, tort, or otherwise) you may have against TouchNet and/or its parent, subsidiaries, affiliates and each of their respective members, officers, directors and employees (all such individuals and entities collectively referred to herein as the "TouchNet Entities") arising out of, relating to, or connected in any way with the Services or the determination of the scope or applicability of this agreement to arbitrate, will be resolved exclusively by final and binding arbitration administered by JAMS and conducted before a sole arbitrator in accordance with the rules of JAMS; (2) this arbitration agreement is made pursuant to a transaction involving interstate commerce, and shall be governed by the Federal Arbitration Act ("FAA"), 9 U.S.C. §§ 1-16; (3) the arbitration shall be held in Atlanta, Georgia; (4) the arbitrator's decision shall be controlled by the terms and conditions of this Notice and any of the other agreements referenced herein that the applicable user may have entered into in connection with the Services; (5) the arbitrator shall apply Georgia law consistent with the FAA and applicable statutes of limitations, and shall honor claims of privilege recognized at law; (6) there shall be no authority for any claims to be arbitrated on a class or representative basis, arbitration can decide only your and/or the applicable TouchNet Entity's individual claims; the arbitrator may not consolidate or join the claims of other persons or parties who may be similarly situated; (7) the arbitrator shall not have the power to award punitive damages against you or any TouchNet Entity; (8) in the event that the administrative fees and deposits that must be paid to initiate arbitration against any Global Entity exceed $125 USD, and you are unable (or not required under the rules of JAMS) to pay any fees and deposits that exceed this amount, TouchNet agrees to pay them and/or forward them on your behalf, subject to ultimate allocation by the arbitrator. In addition, if you are able to demonstrate that the costs of arbitration will be prohibitive as compared to the costs of litigation, TouchNet will pay as much of your filing and hearing fees in connection with the arbitration as the arbitrator deems necessary to prevent the arbitration from being cost-prohibitive; and (9) with the exception of subpart (6) above, if any part of this arbitration provision is deemed to be invalid, unenforceable or illegal, or otherwise conflicts with the rules of JAMS, then the balance of this arbitration provision shall remain in effect and shall be construed in accordance with its terms as if the invalid, unenforceable, illegal or conflicting provision were not contained herein. If, however, subpart (6) is found to be invalid, unenforceable or illegal, then the entirety of this Arbitration Provision shall be null and void, and neither you nor TouchNet shall be entitled to arbitrate their dispute. For more information on JAMS and/or the rules of JAMS, visit their website at www.jamsadr.com.
If you are an End User who has a relationship with an Institution that uses the TouchNet Services, and have a question about how your personal information is collected, used, or shared, or would like to exercise any rights you may have with respect to your personal information, please contact your Institution directly.
For other questions about this Notice, or if you are a Customer and want to exercise your rights as described in this Notice, you can submit a request by completing this form or may contact TouchNet as follows: